1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan horse Dropper.Generic_c.MMI

Discussion in 'Virus & Other Malware Removal' started by Ieaysu, Aug 4, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Ieaysu

    Ieaysu Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    32
    Hi, I just registered to this forum in hopes of manually getting rid of this virus my computer recently contracted.

    I am dealing with a trojan horse dropper generic_c.MMl

    Hijack log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 3:22:33 PM, on 8/4/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Unable to get Internet Explorer version!
    Boot mode: Normal

    Running processes:
    C:\Program Files\Sony\VAIO Care\VCSpt.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\SysWOW64\RunDll32.exe
    Q:\140062.enu\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Users\Shirley Li\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=10...HP_ss&mntrId=30b2a68d0000000000000026c77ccb53
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (file missing)
    O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
    O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O15 - Trusted Zone: *.clonewarsadventures.com
    O15 - Trusted Zone: *.freerealms.com
    O15 - Trusted Zone: *.soe.com
    O15 - Trusted Zone: *.sony.com
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: Oasis2Service - Digital Delivery Networks, Inc. - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
    O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    O23 - Service: WajamUpdater - Wajam - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: xsherlock - Wellbia.com Co., Ltd. - C:\Windows\system32\xsherlock.xem

    --
    End of file - 14516 bytes


    The DDS log below:

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
    Run by Shirley Li at 15:27:39 on 2012-08-04
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.1287 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    C:\Windows\system32\svchost.exe -k iissvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Sony\VAIO Care\VCSpt.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
    C:\Program Files\Rainmeter\Rainmeter.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    Q:\140062.enu\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
    C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Sony\VAIO Care\VCsystray.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\taskeng.exe
    C:\Users\Shirley Li\Desktop\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.babylon.com/?affID=109935&tt=010812_rbt_3112_6&babsrc=HP_ss&mntrId=30b2a68d0000000000000026c77ccb53
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    BHO: WeCareReminder Class: {d824f0de-3d60-4f57-9eb1-66033ecd8abb} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    StartupFolder: C:\Users\SHIRLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
    StartupFolder: C:\Users\SHIRLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\Users\SHIRLE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
    TCP: Interfaces\{3FC7F61C-530E-4562-BCCF-8DEDCD2FD82F} : DhcpNameServer = 192.168.1.1 71.243.0.12
    TCP: Interfaces\{3FC7F61C-530E-4562-BCCF-8DEDCD2FD82F}\2456C6D6F6E647055726C69636C4962627162797 : DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{3FC7F61C-530E-4562-BCCF-8DEDCD2FD82F}\7385B47503 : DhcpNameServer = 192.168.1.1 71.243.0.12
    TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DhcpNameServer = 10.100.78.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll
    BHO-X64: Wajam IE BHO - No File
    BHO-X64: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
    BHO-X64: WeCareReminder - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
    mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Shirley Li\AppData\Roaming\Mozilla\Firefox\Profiles\ee9fcumt.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109935&tt=010812_rbt_3112_6&babsrc=HP_ss&mntrId=30b2a68d0000000000000026c77ccb53
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Shirley Li\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Shirley Li\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010812_rbt_3112_6
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
    FF - user.js: extensions.BabylonToolbar.id - 30b2a68d0000000000000026c77ccb53
    FF - user.js: extensions.BabylonToolbar.instlDay - 15555
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.120:13:04
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-7-18 913792]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-22 136176]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
    R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
    R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
    R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-9-22 104960]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-22 2320920]
    R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-9-22 575856]
    R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2010-9-22 252416]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-10 250056]
    S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-22 136176]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-24 116720]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-21 108400]
    S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
    S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-21 67952]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
    S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
    S3 WajamUpdater;WajamUpdater;C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [2012-6-14 109064]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 xsherlock;xsherlock;C:\Windows\System32\xsherlock.xem [2012-3-10 674400]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-08-03 00:13:54 -------- d-----w- C:\Users\Shirley Li\AppData\Roaming\FVD Suite
    2012-08-03 00:12:55 -------- d-----w- C:\Program Files (x86)\Shop to Win 36
    2012-08-03 00:12:47 -------- d-----w- C:\ProgramData\Babylon
    2012-08-03 00:12:46 -------- d-----w- C:\Users\Shirley Li\AppData\Roaming\Babylon
    2012-08-03 00:12:46 -------- d-----w- C:\Users\Shirley Li\AppData\Local\Wajam
    2012-08-03 00:12:45 -------- d-----w- C:\Program Files (x86)\FVD Suite
    2012-08-03 00:12:42 -------- d-----w- C:\Program Files (x86)\Wajam
    2012-07-27 19:09:42 -------- d-----w- C:\Users\Shirley Li\.emps_cache
    2012-07-26 13:15:52 -------- d-----w- C:\Users\Shirley Li\AppData\Roaming\WhatPulse
    2012-07-26 13:15:49 -------- d-----w- C:\Program Files (x86)\WhatPulse
    2012-07-24 00:43:14 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-07-24 00:43:14 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-07-24 00:40:55 24448 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
    2012-07-19 22:36:52 -------- d-----w- C:\ProgramData\Nexon
    2012-07-19 22:25:37 -------- d-----w- C:\ProgramData\NexonUS
    2012-07-19 01:16:24 -------- d-----w- C:\Windows\System32\SPReview
    2012-07-19 01:15:24 -------- d-----w- C:\Windows\System32\EventProviders
    2012-07-19 01:14:56 -------- d-----w- C:\Users\Shirley Li\AppData\Roaming\Rainmeter
    2012-07-19 01:12:34 -------- d-----w- C:\Program Files\Rainmeter
    2012-07-18 13:39:24 48976 ----a-w- C:\Windows\System32\netfxperf.dll
    2012-07-18 13:39:23 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2012-07-18 13:39:16 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2012-07-18 13:39:09 59392 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys
    2012-07-18 13:39:09 3715584 ----a-w- C:\Windows\System32\mstscax.dll
    2012-07-18 13:39:09 12288 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
    2012-07-18 13:39:08 1838080 ----a-w- C:\Windows\System32\d3d10warp.dll
    2012-07-18 13:39:08 14967808 ----a-w- C:\Program Files\DVD Maker\OmdBase.dll
    2012-07-18 13:39:04 3215872 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2012-07-18 13:39:00 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2012-07-18 13:39:00 1171456 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2012-07-18 13:37:59 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2012-07-18 13:36:59 726528 ----a-w- C:\Windows\System32\AuxiliaryDisplayCpl.dll
    2012-07-18 13:35:42 25600 ----a-w- C:\Windows\System32\msyuv.dll
    2012-07-18 13:33:50 189952 ----a-w- C:\Windows\SysWow64\sqmapi.dll
    2012-07-18 13:33:46 209920 ----a-w- C:\Windows\SysWow64\PkgMgr.exe
    2012-07-18 13:33:46 189952 ----a-w- C:\Windows\SysWow64\wdscore.dll
    2012-07-18 13:32:55 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
    2012-07-18 13:32:54 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
    2012-07-18 13:32:49 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
    2012-07-18 13:32:49 189952 ----a-w- C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll
    2012-07-18 13:32:48 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
    2012-07-18 13:28:34 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2012-07-18 13:28:34 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2012-07-18 13:28:34 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
    2012-07-18 13:28:34 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
    2012-07-18 13:28:28 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
    2012-07-18 13:28:28 244736 ----a-w- C:\Windows\System32\sqmapi.dll
    2012-07-18 13:28:25 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
    2012-07-18 13:27:58 422912 ----a-w- C:\Windows\System32\drvstore.dll
    2012-07-18 13:27:58 399872 ----a-w- C:\Windows\System32\dpx.dll
    2012-07-18 13:27:54 -------- d-----w- C:\ProgramData\IObit
    2012-07-18 13:27:24 -------- d-----w- C:\Users\Shirley Li\AppData\Roaming\IObit
    2012-07-18 13:27:14 -------- d-----w- C:\Program Files (x86)\IObit
    2012-07-18 13:18:13 -------- d-----w- C:\Users\Shirley Li\jagexcache
    2012-07-18 02:39:18 -------- d-----w- C:\Windows\SysWow64\BestPractices
    2012-07-18 02:39:18 -------- d-----w- C:\Windows\System32\BestPractices
    2012-07-18 02:39:17 -------- d-----w- C:\inetpub
    2012-07-18 02:06:37 -------- d-----w- C:\Users\Shirley Li\Roaming
    2012-07-18 02:06:36 -------- d-----w- C:\ProgramData\Roaming
    2012-07-18 02:04:27 -------- d-----w- C:\Program Files (x86)\Cisco
    2012-07-12 07:08:14 3148800 ----a-w- C:\Windows\System32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2012-08-02 23:25:28 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-02 23:25:28 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-07-19 01:31:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2012-07-19 01:31:49 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-25 20:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
    .
    ============= FINISH: 15:30:01.50 ===============


    Some more information to add on..

    I use AVG for AV detection and I just keep getting these pops saying that I have another one of the same virus, so as of now I have 5 detected Trojan virus Dropper Generic.cMMl

    PlEASE HELP I'M BEGGING YOU!

    Oh..another thing I wasn't exactly sure of what step 4 was (4. Copy and paste the contents of the ark.txt file.)

    So I didn't post that, uhm if you could inform me of what that is, I will do it immediately!

    As for now I think I will shut off my computer so the virus does not multiple

    Thanks!
     

    Attached Files:

  2. Sponsor

  3. Ieaysu

    Ieaysu Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    32
    Bump, please help me I haven't turned on my computer in 3 days to wait for a response.

    PLEASE HELP I'M BEGGING YOU PLEASE!
     
  4. kevinf80

    kevinf80 Kevin Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,961
    Do the following:

    Step 1

    Download Farbar Recovery Scan Toolx64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options I give two methods, use whichever is convenient for you.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select Your Country as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Step 2

    Boot to System Recovery Options and run FRST as you did to get the log.

    Type the following in the edit box after "Search:".

    services.exe

    It then should look like:

    [​IMG]

    Click Search button and post the log (Search.txt) it makes to your reply.

    Post those two logs..

    Kevin
     
  5. Ieaysu

    Ieaysu Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    32
    Hi Kevin!

    Is there anyway of doing this without a flash drive :\? I don't happen to have one at the moment.

    Also I was just curious..would cases dealing with the c.MMI virus be all the same or are they are different from one another to a certain extent?

    Thanks!
     
  6. kevinf80

    kevinf80 Kevin Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,961
    There are different ways to kill of this infection, I prefer using FRST as it is done via the Recovery Environment. If you have no flash drive do the following:

    Close all windows, Select > start icon > all programs > accessories > Right click on "command prompt" > select > Run as administrator > ok any alerts > at the command prompt type or copy and paste sfc /scannow > then tap enter. When finished type exit Tap enter, re-boot your PC.

    ***Note the space between sfc and /scannow.

    Next,

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important
    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  7. Ieaysu

    Ieaysu Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    32
    Hi Kevin!

    I have done exactly as you have said, in disabling all my anti-virus programs, and then running Combofix which has just finished completed scanning!

    Here is my log.txt:

    ComboFix 12-08-07.03 - Shirley Li 08/07/2012 17:36:58.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.2289 [GMT -4:00]
    Running from: c:\users\Shirley Li\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\users\Shirley Li\AppData\Local\assembly\tmp
    c:\windows\SysWow64\URTTemp
    c:\windows\SysWow64\URTTemp\regtlib.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-07 21:46 . 2012-08-07 21:46 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-07 21:46 . 2012-08-07 21:46 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
    2012-08-07 16:21 . 2012-08-07 16:21 -------- d-----w- C:\FRST
    2012-08-03 00:13 . 2012-08-03 00:13 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\FVD Suite
    2012-08-03 00:13 . 2012-08-03 00:13 315 ----a-w- C:\user.js
    2012-08-03 00:12 . 2012-08-04 19:42 -------- d-----w- c:\program files (x86)\Shop to Win 36
    2012-08-03 00:12 . 2012-08-03 00:12 -------- d-----w- c:\programdata\Babylon
    2012-08-03 00:12 . 2012-08-03 00:12 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\Babylon
    2012-08-03 00:12 . 2012-08-03 00:12 -------- d-----w- c:\users\Shirley Li\AppData\Local\Wajam
    2012-08-03 00:12 . 2012-08-04 19:42 -------- d-----w- c:\program files (x86)\FVD Suite
    2012-08-03 00:12 . 2012-08-04 19:42 -------- d-----w- c:\program files (x86)\Wajam
    2012-07-27 19:09 . 2012-07-29 12:27 -------- d-----w- c:\users\Shirley Li\.emps_cache
    2012-07-26 13:15 . 2012-07-26 13:21 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\WhatPulse
    2012-07-26 13:15 . 2012-07-26 13:15 -------- d-----w- c:\program files (x86)\WhatPulse
    2012-07-24 00:43 . 2012-07-24 00:43 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-07-24 00:43 . 2012-07-24 00:43 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-24 00:40 . 2012-05-24 14:47 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
    2012-07-19 22:36 . 2012-07-19 22:36 -------- d-----w- c:\programdata\Nexon
    2012-07-19 01:16 . 2012-08-04 19:40 -------- d-----w- c:\windows\system32\SPReview
    2012-07-19 01:15 . 2012-08-04 19:39 -------- d-----w- c:\windows\system32\EventProviders
    2012-07-19 01:14 . 2012-08-04 19:42 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\Rainmeter
    2012-07-19 01:12 . 2012-08-04 19:42 -------- d-----w- c:\program files\Rainmeter
    2012-07-18 13:39 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
    2012-07-18 13:39 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
    2012-07-18 13:39 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
    2012-07-18 13:39 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2012-07-18 13:39 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
    2012-07-18 13:39 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
    2012-07-18 13:39 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
    2012-07-18 13:39 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-07-18 13:39 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
    2012-07-18 13:39 . 2010-11-20 12:19 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
    2012-07-18 13:39 . 2010-11-20 12:18 1171456 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2012-07-18 13:37 . 2010-11-20 13:27 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-07-18 13:36 . 2010-11-20 13:27 40960 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
    2012-07-18 13:35 . 2010-11-20 13:27 25600 ----a-w- c:\windows\system32\msyuv.dll
    2012-07-18 13:34 . 2010-11-20 13:27 14848 ----a-w- c:\windows\system32\tsbyuv.dll
    2012-07-18 13:33 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
    2012-07-18 13:33 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
    2012-07-18 13:33 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
    2012-07-18 13:32 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
    2012-07-18 13:32 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
    2012-07-18 13:32 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
    2012-07-18 13:32 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
    2012-07-18 13:32 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
    2012-07-18 13:28 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2012-07-18 13:28 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2012-07-18 13:28 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2012-07-18 13:28 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
    2012-07-18 13:28 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
    2012-07-18 13:28 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
    2012-07-18 13:28 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
    2012-07-18 13:27 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
    2012-07-18 13:27 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
    2012-07-18 13:27 . 2012-08-04 19:38 -------- d-----w- c:\programdata\IObit
    2012-07-18 13:27 . 2012-08-04 19:39 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\IObit
    2012-07-18 13:27 . 2012-08-04 19:38 -------- d-----w- c:\program files (x86)\IObit
    2012-07-18 13:18 . 2012-08-04 19:39 -------- d-----w- c:\users\Shirley Li\jagexcache
    2012-07-18 02:39 . 2012-08-04 19:39 -------- d-----w- c:\windows\system32\BestPractices
    2012-07-18 02:39 . 2012-07-18 02:39 -------- d-----w- c:\windows\SysWow64\BestPractices
    2012-07-18 02:39 . 2012-08-04 19:37 -------- d-----w- C:\inetpub
    2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\Shirley Li\Roaming
    2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\Public\Roaming
    2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\Default\Roaming
    2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\boinc_master\Roaming
    2012-07-18 02:06 . 2012-08-04 19:38 -------- d-----w- c:\programdata\Intel
    2012-07-18 02:04 . 2012-08-04 19:38 -------- d-----w- c:\program files (x86)\Cisco
    2012-07-12 07:08 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 23:25 . 2012-04-10 17:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-02 23:25 . 2011-06-12 02:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-19 01:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-07-19 01:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-07-12 07:03 . 2011-04-15 14:36 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-03 17:46 . 2011-03-29 13:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
    2012-06-02 22:19 . 2012-06-21 13:52 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 13:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 13:53 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 13:53 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 13:52 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 13:53 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 13:52 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 13:52 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-21 13:52 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-15 04:01 . 2012-06-13 19:29 1188864 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 03:59 . 2012-06-13 19:28 64512 ----a-w- c:\windows\system32\jsproxy.dll
    2012-05-15 03:03 . 2012-06-13 19:29 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
    "WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    .
    c:\users\Shirley Li\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2012-1-4 3208032]
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 41160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
    R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-23 342056]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-23 39464]
    R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 116720]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
    R3 vtany;vtany;c:\windows\vtany.sys [x]
    R3 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-06-14 109064]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736]
    R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
    S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-10 53248]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
    S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-28 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-05-28 158976]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-05-01 317440]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-05-31 402720]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:25]
    .
    2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 15:08]
    .
    2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 15:08]
    .
    2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1832576997-1850227395-2609180072-1006Core.job
    - c:\users\Shirley Li\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 07:32]
    .
    2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1832576997-1850227395-2609180072-1006UA.job
    - c:\users\Shirley Li\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 07:32]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-01 162584]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-01 386840]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-01 417560]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.babylon.com/?affID=109935&tt=010812_rbt_3112_6&babsrc=HP_ss&mntrId=30b2a68d0000000000000026c77ccb53
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
    FF - ProfilePath - c:\users\Shirley Li\AppData\Roaming\Mozilla\Firefox\Profiles\ee9fcumt.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010812_rbt_3112_6
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
    FF - user.js: extensions.BabylonToolbar.id - 30b2a68d0000000000000026c77ccb53
    FF - user.js: extensions.BabylonToolbar.instlDay - 15555
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.120:13
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-CCTVPlayer - c:\users\Shirley Li\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KJO9GOBR\CNTVPlayer101209a[1].exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
    "ImagePath"="c:\windows\system32\xsherlock.xem"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-08-07 17:49:37
    ComboFix-quarantined-files.txt 2012-08-07 21:49
    .
    Pre-Run: 370,838,114,304 bytes free
    Post-Run: 370,598,236,160 bytes free
    .
    - - End Of File - - 84165DCE052A93E927783154234A9705

    Thanks !

    EDIT: I am going to turn my computer off, and check in a couple hours, thanks again Kevin. Also, is this what something one should typically do after running combofix? Or should I just await further instruction?
     
  8. kevinf80

    kevinf80 Kevin Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,961
    Just wait i`ll post very shortly
     
  9. kevinf80

    kevinf80 Kevin Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,961
    I do not see any sign of the infection you mention... OK continue as follows:

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    ClearJavaCache::
    File::
    Folder::
    
    c:\programdata\Babylon
    c:\users\Shirley Li\AppData\Roaming\Babylon
    
    c:\programdata\IObit
    c:\users\Shirley Li\AppData\Roaming\IObit
    
    c:\program files (x86)\IObit
    c:\program files (x86)\Wajam
    c:\users\Shirley Li\AppData\Local\Wajam
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Advanced SystemCare 5"=-
    DDS::
    uStart Page = hxxp://search.babylon.com/?affID=109935&tt=010812_rbt_3112_6&babsrc=HP_ss&mntrId=30b2a68d000000000000 0026c77ccb53
    FireFox::
    FF - ProfilePath - c:\users\Shirley Li\AppData\Roaming\Mozilla\Firefox\Profiles\ee9fcumt.default\
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935&tt=010812_rbt_3112_6
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
    FF - user.js: extensions.BabylonToolbar.id - 30b2a68d0000000000000026c77ccb53
    FF - user.js: extensions.BabylonToolbar.instlDay - 15555
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.120:13
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    
    Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step 2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Ensure remove found threats is checked
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your system.

    ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

    Post those two logs...

    Kevin
     
  10. Ieaysu

    Ieaysu Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    32
    Hey Kevin, saw your post whilst browsing on my phone.

    Anyways: here is what I get when I open up AVG right now (it is disabled)

    I click on history>resident shield protection

    and I get this ugly mess of stuff

    [​IMG]

    So..yeah I think I'll proceed with what you said, thanks!
     
  11. Ieaysu

    Ieaysu Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    32
    Hey Kevin, sorry for the double post, just came back to check on my laptop to find out whether or not my scans were completed or not, and believe it or not..they are done!!!

    here is my log for Combofix from the codes pasted from the codebox in your previous post

    ComboFix 12-08-07.03 - Shirley Li 08/07/2012 18:43:31.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.2087 [GMT -4:00]
    Running from: c:\users\Shirley Li\Desktop\ComboFix.exe
    Command switches used :: c:\users\Shirley Li\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\IObit
    c:\program files (x86)\IObit\Advanced SystemCare 5\About.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\ActiveBoost.db
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASC.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCInit.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCInit.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-23.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-24.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-25.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-26.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-27.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-28.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-29.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-30.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-07-31.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-08-01.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-08-02.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-08-03.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-08-04.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-08-06.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCServiceLog\2012-08-07.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTooltips.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCUpgrade.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCv5ComputerMenu.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCv5ComputerMenu_64.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\ASCv5ExtMenu_64.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\AutoCare.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\AutoSweep.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\AutoUpdate.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-07-19 07-48-04
    c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-07-19 11-11-55
    c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-08-02 20-44-49
    c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-08-04 10-26-55
    c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-08-04 12-24-53
    c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-08-07 16-31-14
    c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-08-07 16-52-29
    c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\BootTimeData\2012-08-07 17-20-36
    c:\program files (x86)\IObit\Advanced SystemCare 5\Boottime\path.ini
    c:\program files (x86)\IObit\Advanced SystemCare 5\BootTimeLog\Defrag2012-08-02(20-39-55).log
    c:\program files (x86)\IObit\Advanced SystemCare 5\checkinfo.txt
    c:\program files (x86)\IObit\Advanced SystemCare 5\Cus.dbd
    c:\program files (x86)\IObit\Advanced SystemCare 5\cxLibraryD12.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\datastate.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\Def.dbd
    c:\program files (x86)\IObit\Advanced SystemCare 5\DelayLoad.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\diskhelper.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\DiskMap.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\DiskScan.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\DriverData.db
    c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\win7_amd64\RegistryDefragBootTime.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\win7_x86\RegistryDefragBootTime.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\wlh_amd64\RegistryDefragBootTime.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\wlh_x86\RegistryDefragBootTime.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\wnet_amd64\RegistryDefragBootTime.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\wnet_x86\RegistryDefragBootTime.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\wxp_amd64\RegistryDefragBootTime.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\drivers\wxp_x86\RegistryDefragBootTime.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\dxBarD12.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\dxComnD12.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\dxCoreD12.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\dxDockingD12.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\dxGDIPlusD12.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\dxhelper.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\dxSkinOffice2007BlueD12.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\dxSkinsCoreD12.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\dxThemeD12.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\EULA.rtf
    c:\program files (x86)\IObit\Advanced SystemCare 5\Ext.dbd
    c:\program files (x86)\IObit\Advanced SystemCare 5\fav.ico
    c:\program files (x86)\IObit\Advanced SystemCare 5\FfSweep.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\help.html
    c:\program files (x86)\IObit\Advanced SystemCare 5\ignore.dbd
    c:\program files (x86)\IObit\Advanced SystemCare 5\Images\dcScreen.png
    c:\program files (x86)\IObit\Advanced SystemCare 5\Images\dcScreen2.png
    c:\program files (x86)\IObit\Advanced SystemCare 5\Images\icon-dc.png
    c:\program files (x86)\IObit\Advanced SystemCare 5\Images\icon-qc.png
    c:\program files (x86)\IObit\Advanced SystemCare 5\Images\icon-tb.png
    c:\program files (x86)\IObit\Advanced SystemCare 5\Images\icon-tbox.png
    c:\program files (x86)\IObit\Advanced SystemCare 5\Images\main.png
    c:\program files (x86)\IObit\Advanced SystemCare 5\Images\mainPro.png
    c:\program files (x86)\IObit\Advanced SystemCare 5\Images\toolboxscreen.png
    c:\program files (x86)\IObit\Advanced SystemCare 5\Images\turboboost.png
    c:\program files (x86)\IObit\Advanced SystemCare 5\IObitLogon.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Arabic.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Belarusian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Bulgarian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\ChineseSimp.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\ChineseTrad.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Czech.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Danish.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Dutch.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\English.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Finnish.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\French.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\German.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Greek.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Hungarian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Italian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\japanese.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Korean.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Polish.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Portuguese(PT-BR).lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Portuguese(PT-PT).lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Romanian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Russian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Serbian (cyrillic).lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Serbian (latin).lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Slovenian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Spanish.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Swedish.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Turkish.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Language\Vietnamese.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\LatestNews\imagenews.png
    c:\program files (x86)\IObit\Advanced SystemCare 5\LatestNews\LatestNews.ini
    c:\program files (x86)\IObit\Advanced SystemCare 5\LicenseConverter.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\madbasic_.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\maddisAsm_.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\madexcept_.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\NtfsData.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\OFCommon.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\OFCommon3.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\PerformUpdate.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\PMonitor.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Promote.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Reg.dbd
    c:\program files (x86)\IObit\Advanced SystemCare 5\Register.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Reminder.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Report.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\RescueCenter.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Restore.dbd
    c:\program files (x86)\IObit\Advanced SystemCare 5\rtl120.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\Scan.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\SecurityHole_Backup\KB2709981.cab
    c:\program files (x86)\IObit\Advanced SystemCare 5\SecurityHoleScan.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\sh.dat
    c:\program files (x86)\IObit\Advanced SystemCare 5\skin\black.rcc
    c:\program files (x86)\IObit\Advanced SystemCare 5\skin\classic.rcc
    c:\program files (x86)\IObit\Advanced SystemCare 5\skin\cute.rcc
    c:\program files (x86)\IObit\Advanced SystemCare 5\skin\metal.rcc
    c:\program files (x86)\IObit\Advanced SystemCare 5\skin\public.rcc
    c:\program files (x86)\IObit\Advanced SystemCare 5\skin\white.rcc
    c:\program files (x86)\IObit\Advanced SystemCare 5\sqlite3.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\Suc10_RegistryCleaner.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Suc11_PrivacySweeper.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Suc12_Uninstal.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Suc13_DiskCleaner.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Suc14_FileShredder.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sun10_ClonedFilesScanner.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sun11_AutoShutdown.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sun12_DiskExplorer.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sun13_SystemInformation.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sun14_EmptyFolderScanner.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sun15_SystemControl.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Suo10_SmartRAM.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Suo11_InternetBooster.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Suo12_StartupManager.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Suo13_RegistryDefrag.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Suo14_SmartDefrag.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Suo15_GameBooster.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sur10_Undelete.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sur11_ShortcutFixer.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sur12_DiskDoctor.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sur13_WinFix.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sur14_IEHelper.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sus10_SysExplorer.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sus11_SecurityHolesScanner.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sus12_ProcessManager.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Sus13_DriverManager.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\taskmgr.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\TbFfSweep.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\TbFileSweep.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\ToolBox.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Arabic.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Belarusian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Bulgarian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\ChineseSimp.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\ChineseTrad.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Czech.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Danish.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Dutch.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\English.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Finnish.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\French.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\German.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Greek.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Hungarian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Italian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\japanese.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Korean.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Polish.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Portuguese(PT-BR).lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Portuguese(PT-PT).lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Romanian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Russian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Serbian (cyrillic).lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Serbian (latin).lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Slovenian.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Spanish.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Swedish.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Turkish.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\Toolbox_Language\Vietnamese.lng
    c:\program files (x86)\IObit\Advanced SystemCare 5\TurboBoost.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\TurboBoostGame.dbd
    c:\program files (x86)\IObit\Advanced SystemCare 5\Undelete.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\unins000.dat
    c:\program files (x86)\IObit\Advanced SystemCare 5\unins000.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\unins000.msg
    c:\program files (x86)\IObit\Advanced SystemCare 5\UninstallPromote.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\Update History.txt
    c:\program files (x86)\IObit\Advanced SystemCare 5\Update\Update.Ini
    c:\program files (x86)\IObit\Advanced SystemCare 5\UpdateHistory.txt
    c:\program files (x86)\IObit\Advanced SystemCare 5\UPdateTest.log
    c:\program files (x86)\IObit\Advanced SystemCare 5\UpgradeTip.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\vcl120.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\vclx120.bpl
    c:\program files (x86)\IObit\Advanced SystemCare 5\WebUI.dll
    c:\program files (x86)\IObit\Advanced SystemCare 5\Wizard.exe
    c:\program files (x86)\IObit\Advanced SystemCare 5\zlibwapi.dll
    c:\program files (x86)\Wajam
    c:\program files (x86)\Wajam\Updater\WajamUpdater.exe
    c:\programdata\Babylon
    c:\programdata\IObit
    c:\programdata\IObit\Advanced SystemCare V5\AscService.ini
    c:\users\Shirley Li\AppData\Local\Wajam
    c:\users\Shirley Li\AppData\Local\Wajam\Chrome\wajam.crx
    c:\users\Shirley Li\AppData\Roaming\Babylon
    c:\users\Shirley Li\AppData\Roaming\Babylon\log_file.txt
    c:\users\Shirley Li\AppData\Roaming\IObit
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup32-2012-07-18(09-53-21).reg
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup32-2012-07-23(20-43-24).reg
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup64-2012-07-18(09-53-21).reg
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Backup\ASCBackup64-2012-07-23(20-43-24).reg
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime\Boottime.ini
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Boottime\LastAutoRunList.ini
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\ignore.ini
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\JFilterkey.dbd
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\License.log
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Log\ASCLog-2012-07-18(09-53-21).txt
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Log\ASCLog-2012-07-23(20-43-24).txt
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Log\ASCLog-2012-08-02(21-45-43).txt
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\Main.ini
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\PFilterkey.dbd
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\TBGameconfig.ini
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\TBWorkconfig.ini
    c:\users\Shirley Li\AppData\Roaming\IObit\Advanced SystemCare V5\TurBoost.ini
    c:\users\Shirley Li\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-07-19.log
    c:\users\Shirley Li\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-07-27.log
    c:\users\Shirley Li\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-08-02.log
    c:\users\Shirley Li\AppData\Roaming\IObit\IObit Uninstaller\Select.ini
    c:\users\Shirley Li\AppData\Roaming\IObit\IObit Uninstaller\SoftwareCache.ini
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_AdvancedSystemCareService5
    -------\Service_WajamUpdater
    -------\Service_AdvancedSystemCareService5
    -------\Service_WajamUpdater
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-07 22:51 . 2012-08-07 22:51 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-07 16:21 . 2012-08-07 16:21 -------- d-----w- C:\FRST
    2012-08-03 00:13 . 2012-08-03 00:13 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\FVD Suite
    2012-08-03 00:13 . 2012-08-03 00:13 315 ----a-w- C:\user.js
    2012-08-03 00:12 . 2012-08-04 19:42 -------- d-----w- c:\program files (x86)\Shop to Win 36
    2012-08-03 00:12 . 2012-08-04 19:42 -------- d-----w- c:\program files (x86)\FVD Suite
    2012-07-27 19:09 . 2012-07-29 12:27 -------- d-----w- c:\users\Shirley Li\.emps_cache
    2012-07-26 13:15 . 2012-07-26 13:21 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\WhatPulse
    2012-07-26 13:15 . 2012-07-26 13:15 -------- d-----w- c:\program files (x86)\WhatPulse
    2012-07-24 00:43 . 2012-07-24 00:43 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-07-24 00:43 . 2012-07-24 00:43 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-07-24 00:40 . 2012-05-24 14:47 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
    2012-07-19 22:36 . 2012-07-19 22:36 -------- d-----w- c:\programdata\Nexon
    2012-07-19 01:16 . 2012-08-04 19:40 -------- d-----w- c:\windows\system32\SPReview
    2012-07-19 01:15 . 2012-08-04 19:39 -------- d-----w- c:\windows\system32\EventProviders
    2012-07-19 01:14 . 2012-08-04 19:42 -------- d-----w- c:\users\Shirley Li\AppData\Roaming\Rainmeter
    2012-07-19 01:12 . 2012-08-04 19:42 -------- d-----w- c:\program files\Rainmeter
    2012-07-18 13:39 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
    2012-07-18 13:39 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
    2012-07-18 13:39 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
    2012-07-18 13:39 . 2010-11-20 13:27 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
    2012-07-18 13:39 . 2010-11-20 13:27 3715584 ----a-w- c:\windows\system32\mstscax.dll
    2012-07-18 13:39 . 2010-11-20 11:07 59392 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
    2012-07-18 13:39 . 2010-11-20 13:27 14967808 ----a-w- c:\program files\DVD Maker\OmdBase.dll
    2012-07-18 13:39 . 2010-11-20 13:26 1838080 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-07-18 13:39 . 2010-11-20 12:19 3215872 ----a-w- c:\windows\SysWow64\mstscax.dll
    2012-07-18 13:39 . 2010-11-20 12:19 954752 ----a-w- c:\windows\SysWow64\mfc40.dll
    2012-07-18 13:39 . 2010-11-20 12:18 1171456 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2012-07-18 13:37 . 2010-11-20 13:27 751104 ----a-w- c:\windows\system32\win32spl.dll
    2012-07-18 13:36 . 2010-11-20 13:27 40960 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
    2012-07-18 13:35 . 2010-11-20 13:27 25600 ----a-w- c:\windows\system32\msyuv.dll
    2012-07-18 13:34 . 2010-11-20 13:27 14848 ----a-w- c:\windows\system32\tsbyuv.dll
    2012-07-18 13:33 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
    2012-07-18 13:33 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
    2012-07-18 13:33 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
    2012-07-18 13:32 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
    2012-07-18 13:32 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
    2012-07-18 13:32 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
    2012-07-18 13:32 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
    2012-07-18 13:32 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
    2012-07-18 13:28 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2012-07-18 13:28 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
    2012-07-18 13:28 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
    2012-07-18 13:28 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
    2012-07-18 13:28 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
    2012-07-18 13:28 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
    2012-07-18 13:28 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
    2012-07-18 13:27 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
    2012-07-18 13:27 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
    2012-07-18 13:18 . 2012-08-04 19:39 -------- d-----w- c:\users\Shirley Li\jagexcache
    2012-07-18 02:39 . 2012-08-04 19:39 -------- d-----w- c:\windows\system32\BestPractices
    2012-07-18 02:39 . 2012-07-18 02:39 -------- d-----w- c:\windows\SysWow64\BestPractices
    2012-07-18 02:39 . 2012-08-04 19:37 -------- d-----w- C:\inetpub
    2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\Shirley Li\Roaming
    2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\Public\Roaming
    2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\Default\Roaming
    2012-07-18 02:06 . 2012-07-18 02:06 -------- d-----w- c:\users\boinc_master\Roaming
    2012-07-18 02:06 . 2012-08-04 19:38 -------- d-----w- c:\programdata\Intel
    2012-07-18 02:04 . 2012-08-04 19:38 -------- d-----w- c:\program files (x86)\Cisco
    2012-07-12 07:08 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-02 23:25 . 2012-04-10 17:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-02 23:25 . 2011-06-12 02:29 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-19 01:31 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2012-07-19 01:31 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2012-07-12 07:03 . 2011-04-15 14:36 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-03 17:46 . 2011-03-29 13:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-25 20:04 . 2012-06-25 20:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
    2012-06-02 22:19 . 2012-06-21 13:52 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 13:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 13:53 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 13:53 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 13:52 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 13:53 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 13:52 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 13:52 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-21 13:52 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-15 04:01 . 2012-06-13 19:29 1188864 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 03:59 . 2012-06-13 19:28 64512 ----a-w- c:\windows\system32\jsproxy.dll
    2012-05-15 03:03 . 2012-06-13 19:29 981504 ----a-w- c:\windows\SysWow64\wininet.dll
    .
    .
    ((((((((((((((((((((((((((((( [email protected]_21.46.31 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-08-07 21:16 . 2012-08-07 21:16 18334 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    + 2012-08-07 22:51 . 2012-08-07 22:51 18334 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
    - 2009-07-14 04:54 . 2012-08-07 21:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2012-08-07 22:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-08-07 21:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-07 22:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-07 22:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2012-08-07 21:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 05:10 . 2012-08-07 22:54 36814 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-12-12 04:16 . 2012-08-07 22:54 16398 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1832576997-1850227395-2609180072-1006_UserData.bin
    - 2009-07-14 04:54 . 2012-08-07 21:20 98304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-08-07 22:53 98304 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-12 00:23 . 2012-08-07 22:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-12 00:23 . 2012-08-07 21:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-12 00:23 . 2012-08-07 21:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-12 00:23 . 2012-08-07 22:26 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2012-08-07 22:52 . 2012-08-07 22:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-08-07 21:17 . 2012-08-07 21:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-07 22:52 . 2012-08-07 22:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-07 21:17 . 2012-08-07 21:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2010-12-12 00:49 . 2012-08-07 22:26 333858 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    - 2010-09-22 14:51 . 2012-08-07 21:20 114688 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-09-22 14:51 . 2012-08-07 22:53 114688 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 05:01 . 2012-08-07 22:51 302628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2012-08-07 21:16 302628 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2010-09-22 14:51 . 2012-08-07 22:53 1998848 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-09-22 14:51 . 2012-08-07 21:20 1998848 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2011-06-11 18:35 . 2012-08-07 22:51 27198884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1832576997-1850227395-2609180072-1006-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WhatPulse"="c:\program files (x86)\WhatPulse\WhatPulse.exe" [2011-11-15 3990528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    .
    c:\users\Shirley Li\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2012-1-4 3208032]
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-7-3 41160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
    R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-23 342056]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-23 39464]
    R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\NCsoft\Lineage II\system\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 116720]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-05-31 7689216]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
    R3 vtany;vtany;c:\windows\vtany.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-15 1255736]
    R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
    S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-02-10 53248]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
    S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-28 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-05-28 158976]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-05-01 317440]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-05-31 402720]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-07 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 23:25]
    .
    2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 15:08]
    .
    2012-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-22 15:08]
    .
    2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1832576997-1850227395-2609180072-1006Core.job
    - c:\users\Shirley Li\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 07:32]
    .
    2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1832576997-1850227395-2609180072-1006UA.job
    - c:\users\Shirley Li\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-10 07:32]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-01 162584]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-01 386840]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-01 417560]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
    "combofix"="c:\combofix\CF18777.3XE" [2010-11-20 345088]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
    FF - ProfilePath - c:\users\Shirley Li\AppData\Roaming\Mozilla\Firefox\Profiles\ee9fcumt.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Advanced SystemCare 5_is1 - c:\program files (x86)\IObit\Advanced SystemCare 5\unins000.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\xsherlock]
    "ImagePath"="c:\windows\system32\xsherlock.xem"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
    c:\windows\SysWOW64\DllHost.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    c:\program files\Sony\VAIO Care\VCSpt.exe
    c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
    c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
    c:\windows\SysWOW64\RunDll32.exe
    q:\140062.enu\Office14\ONENOTEM.EXE
    c:\program files (x86)\Sony\SmartWi Connection Utility\CCP.exe
    c:\program files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
    c:\program files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
    c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
    c:\program files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-07 19:01:36 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-07 23:01
    ComboFix2.txt 2012-08-07 21:49
    .
    Pre-Run: 370,651,119,616 bytes free
    Post-Run: 370,210,508,800 bytes free
    .
    - - End Of File - - 2F2ED020B3F5F38B47F7AC4CAECAC3AA
    -------------------------------------------------------------------------------------------------

    ESETScan Log (Not entirely sure if this is the one your asking for..but I'll post the other one I got, which I'm sure is probably what your not looking for, but I'm going to post it anyways.

    [email protected] as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=172b5e50b7acbf4a8abd52229ff0d34c
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2012-08-08 01:23:42
    # local_time=2012-08-07 09:23:42 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1024 16777215 100 0 11986960 11986960 0 0
    # compatibility_mode=5893 16776574 100 94 797370 95924892 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=174635
    # found=2
    # cleaned=2
    # scan_time=7581
    C:\Users\Shirley Li\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120310182449411.rsc multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
    C:\Users\Shirley Li\Downloads\fvdsuite_installer.exe a variant of Win32/InstallCore.AE application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


    Other Log:

    C:\Users\Shirley Li\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\120310182449411.rsc multiple threats deleted - quarantined
    C:\Users\Shirley Li\Downloads\fvdsuite_installer.exe a variant of Win32/InstallCore.AE application cleaned by deleting - quarantined


    Just something I want to say..going through this entire process and all..I find it pathetic, in how/why I even wanted to download 'youtube' videos from youtube and save them as music files on my computer to I could listen to them whenever without having to open youtube.

    I know its a lame excuse and a sign of laziness, but I whole heartly thought it was a good idea and all, and so when I searched for an addon like like this in firefox, it first directed me to this one downloading tool, but then said I couldn't download these videos to convert them into so and so files, so I had to download another program in order to do so. Yet on the site for this program fvdsuit whatever its called, it lists how it "100% SAFE", etc, etc blah blah..boy was this lame..

    And to be honest..I think after 40min of installing all this crap on my computer I used the iobit uninstaller to get rid of it all, and even ran an avg scan, and nothing came up. It's just so strange from then to now.

    Anyways..sorry if you read this stupid rant of myself contemplating my about woes, I just want to thank you for all you help.
     
  12. kevinf80

    kevinf80 Kevin Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,961
    Once again CF does not flag the patched file Services.exe, I see the references to it in the AVG history, this is very strange because that is actually the Zeroaccess infection and there should be severall associated files, they are not showing either in the CF scans.

    OK to be sure I want you to upload that suspect file for analysis, do the following please:

    Upload a File to Virustotal
    Please visit
    Virustotal
    • Click the Browse... button
    • Navigate to the file C:\Windows\System32\Services.exe or just copy/paste it in.
    • Click the Scan it tab
    • If you get a message saying File has already been analyzed: click Reanalyze file now
    • Copy and paste the results back here please.

    Kevin
     
  13. Ieaysu

    Ieaysu Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    32
    Here is what I just got as I tried what you have just instructed:

    [​IMG]

    Also..something I probably forgot to tell you earlier, and I know..it is the wrong thing to do, but i guess I did it out of desperation. All this is was done before I found this forum to post my problem

    I went to my Windows Task Manager, deleted/ended all process files or programs/services that had svchost.exe since there were like 5 of them running all at once.

    Also..I remember when I tried to delete / end one of the process trees to one of the svchost.exe thingys..it said I could delete it for some reason and some how I got around that, by restarting my computer and then deleted it from the Windows Task Manager..again.

    So..really I don't know what to do now, I can do a scan of the other things that pop up when i search for service(s) in system 32.

    Log:

    SHA256: 00d8538999941044286c2ad69600b4c158dbc7a1da6546b49f73327cbb5c3453 SHA1: 8c861a73b23b92e0cae74aa275c4029bdcf1ec77 MD5: 7a1d35f59468b8118af5b8e21df78ae2 File size: 90.6 KB ( 92745 bytes ) File name: services.msc File type: XML Detection ratio: 0 / 42 Analysis date: 2012-08-08 11:20:42 UTC ( 0 minutes ago ) [​IMG]
    8

    7




    Yeah..the thing above is the best thing I can find that is the closest match for any service(s) file in system 32

    I think the problem now I have to deal with is not having 'services.exe' and that I have to re-install it again, but I am not entirely sure if this is the case so I just wanted to let you know that I have already enabled to view hidden folders, files, etc from tools>view in a folder in system32.

    Alright, thanks again Kevin
     
  14. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    Hi Leaysu, my name is Mark and I am jumping in to help you while Kevin is unavailable.

    You cannot delete processes using Task Manager you can only stop them from running. After a reboot the processes will start again, so you will have done no harm.

    Running the scan on the wrong file does not tell us anything, Services.msc and Services.exe are not two of the same.

    Follow these instructions to find the services.exe file and post the result.


    Please download SystemLook for your operating system from one of the links below and save it to your Desktop.
    • Double-click SystemLook.exe to run it.
    • Vista/Windows 7 users right-click and select Run As Administrator.
    • Copy and paste everything in the codebox below into the main textfield:
      Code:
      :filefind
      services.exe      
    • Click the Look button to start the scan.
    • When finished, a Notepad window will open SystemLook.txt with the results of the search and save a copy on your Desktop.
    • Please copy and paste the contents of that log in your next reply.
     
  15. Ieaysu

    Ieaysu Thread Starter

    Joined:
    Aug 4, 2012
    Messages:
    32
    Hey Mark!

    Thanks for the help and the clarification, I've been waiting all day lol and its just this problem has been driving me nuts so I've been just checking on my phone browser like every hour or so.

    Anyways, here is the log I produced:

    SystemLook 30.07.11 by jpshortstuff
    Log created at 14:24 on 08/08/2012 by Shirley Li
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "services.exe"
    C:\Windows\erdnt\cache64\services.exe --a---- 328704 bytes [21:47 07/08/2012] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --a---- 328704 bytes [23:19 13/07/2009] [01:39 14/07/2009] 24ACB7E5BE595468E3B9AA488B9B4FCB

    -= EOF =-
     
  16. Mark1956

    Mark1956 Malware Specialist

    Joined:
    May 7, 2011
    Messages:
    14,142
    That result shows that the services.exe file is fine, this adds a bit more confusion to the situation as it is not clear why AVG should see it as an infection.

    Please run another scan with AVG and tell me what, if anything, it detects.
     
  17. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1063822