Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Start menu items empty/ can't find volume control following Windows 7 repair virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 mydogbuddy

mydogbuddy

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 05 July 2011 - 10:06 AM

DDS (Ver_2011-06-23.01) - NTFSAMD64
Text of DDS log is as follows:
Internet Explorer: 9.0.8112.16421
Run by rmccaw at 10:56:52 on 2011-07-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.1896 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\lxdrcoms.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\Lexmark 4900 Series\lxdrmon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Lexmark 4900 Series\lxdrMsdMon.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgchsva.exe
C:\Program Files (x86)\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4663E24F-3089-4E27-A1DB-886BC3E53AC6} : NameServer = 10.0.0.4,8.8.8.8
TCP: Interfaces\{4663E24F-3089-4E27-A1DB-886BC3E53AC6} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{4663E24F-3089-4E27-A1DB-886BC3E53AC6}\45865605564796477427F65707 : NameServer = 10.0.0.4,8.8.8.8
TCP: Interfaces\{4663E24F-3089-4E27-A1DB-886BC3E53AC6}\45865605564796477427F65707 : DhcpNameServer = 207.230.75.34 66.0.214.14
TCP: Interfaces\{4663E24F-3089-4E27-A1DB-886BC3E53AC6}\86F6D656 : NameServer = 10.0.0.4,8.8.8.8
TCP: Interfaces\{4663E24F-3089-4E27-A1DB-886BC3E53AC6}\86F6D656 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4663E24F-3089-4E27-A1DB-886BC3E53AC6}\F475E45425D20534F5E4564777F627B6 : DhcpNameServer = 192.168.2.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
mRun-x64: [(Default)]
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 lxdr_device;lxdr_device;C:\Windows\system32\lxdrcoms.exe -service --> C:\Windows\system32\lxdrcoms.exe -service [?]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-5 284696]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-1-16 1250160]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S1 SWIPsec;SonicWALL IPsec Driver;\??\C:\Windows\system32\Drivers\SWIPsec.sys --> C:\Windows\system32\Drivers\SWIPsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdrserv.exe [2010-7-21 29184]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-12 1025352]
S3 GoToAssist Express Customer;GoToAssist Express Customer; [x]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-2-10 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\system32\DRIVERS\swvnic.sys --> C:\Windows\system32\DRIVERS\swvnic.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-05 02:03:14 -------- d-----w- C:\Users\rmccaw\AppData\Local\{9B4C8B30-E1D4-441F-8CD5-A9E107E67400}
2011-07-04 11:37:22 -------- d-----w- C:\Users\rmccaw\AppData\Local\{F681D0C0-5514-4F6D-83FE-FDB269FFD0C6}
2011-07-03 23:14:40 -------- d-----w- C:\Users\rmccaw\AppData\Local\{D7C30C3E-5A01-4F08-8990-75CFF8FF259F}
2011-07-03 11:14:06 -------- d-----w- C:\Users\rmccaw\AppData\Local\{78723CE2-44E0-4CBC-BAB1-C8ABB35CE9E6}
2011-07-02 13:31:59 -------- d-----w- C:\Users\rmccaw\AppData\Local\{58726BEF-2A15-4BFC-A756-F8A5DA3A7F91}
2011-07-02 01:31:35 -------- d-----w- C:\Users\rmccaw\AppData\Local\{FEEC5E7C-7156-432F-A9BB-C19EF19875EE}
2011-07-01 13:30:45 -------- d-----w- C:\Users\rmccaw\AppData\Local\{E453A558-A74D-40EF-93D0-AEA8743AD23F}
2011-07-01 01:30:04 -------- d-----w- C:\Users\rmccaw\AppData\Local\{769072CE-5AD8-4AB9-A69A-C2506B814109}
2011-07-01 01:29:54 -------- d-----w- C:\Users\rmccaw\AppData\Local\{451B1C86-66AC-4D2F-8EFD-6DB5CC1EC613}
2011-06-30 13:29:10 -------- d-----w- C:\Users\rmccaw\AppData\Local\{B15EDB54-F43B-49E5-906A-122E139FC459}
2011-06-30 13:28:58 -------- d-----w- C:\Users\rmccaw\AppData\Local\{CA50D239-ED90-416B-BEE4-FC0931236CD1}
2011-06-30 11:03:28 -------- d-----w- C:\Users\rmccaw\AppData\Roaming\AVG
2011-06-30 01:27:22 -------- d-----w- C:\Users\rmccaw\AppData\Local\{F817B14E-5225-433E-B13E-D39FB5CEBB52}
2011-06-29 11:49:38 -------- d-----w- C:\Users\rmccaw\AppData\Local\{A671A1D2-B9A0-4FB9-868B-6258497143E6}
2011-06-29 11:24:20 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2011-06-28 23:48:49 -------- d-----w- C:\Users\rmccaw\AppData\Local\{4CF3E5F9-22E2-450E-990B-EF89BDE62ADC}
2011-06-28 11:48:23 -------- d-----w- C:\Users\rmccaw\AppData\Local\{9381B591-9CD0-484D-8F3F-745FD401C89F}
2011-06-28 11:47:14 -------- d-----w- C:\Users\rmccaw\AppData\Local\{4EFBFCCA-DBCB-47DF-9DA8-05A3DBED2FF0}
2011-06-27 22:22:09 -------- d-----w- C:\Users\rmccaw\AppData\Local\{C5F10594-EF2D-4919-B77F-9DFC067E972D}
2011-06-27 10:21:26 -------- d-----w- C:\Users\rmccaw\AppData\Local\{9D25C733-4033-401A-A215-2C30F458D459}
2011-06-25 13:25:45 -------- d-----w- C:\Windows\System32\SPReview
2011-06-25 13:24:43 -------- d-----w- C:\Windows\System32\EventProviders
2011-06-25 13:20:59 95616 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-06-25 13:19:59 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2011-06-25 13:17:32 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-25 13:17:32 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-06-25 13:17:31 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-06-25 13:17:22 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-06-25 13:17:17 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-06-25 13:16:56 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-06-25 13:16:56 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-06-25 11:30:02 -------- d-----w- C:\Users\rmccaw\AppData\Local\{C1059EF5-40BD-4C3F-BDB0-46D224B09F25}
2011-06-23 01:35:10 -------- d-----w- C:\Users\rmccaw\AppData\Local\{0CE23CA0-0F46-4267-BD89-7F1B7CEDC0DC}
2011-06-23 01:35:00 -------- d-----w- C:\Users\rmccaw\AppData\Local\{48E21BC0-8EB3-4998-918A-6B21D728EC56}
2011-06-22 19:01:16 77312 ----a-w- C:\Windows\SysWow64\ztvunace26.dll
2011-06-22 19:01:16 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll
2011-06-22 19:01:16 69632 ----a-w- C:\Windows\SysWow64\ztvcabinet.dll
2011-06-22 19:01:16 162304 ----a-w- C:\Windows\SysWow64\ztvunrar36.dll
2011-06-22 19:01:16 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll
2011-06-22 19:01:15 -------- d-----w- C:\Users\rmccaw\AppData\Roaming\Simply Super Software
2011-06-22 19:01:15 -------- d-----w- C:\ProgramData\Simply Super Software
2011-06-22 19:01:15 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2011-06-22 13:34:25 -------- d-----w- C:\Users\rmccaw\AppData\Local\{AF9627A0-1E50-4953-A082-47F552C12089}
2011-06-22 01:32:50 -------- d-----w- C:\Users\rmccaw\AppData\Local\{C5657C43-F061-4F4E-BCC9-60F12D921C97}
2011-06-21 13:32:01 -------- d-----w- C:\Users\rmccaw\AppData\Local\{B70FC9FE-BB2C-490A-BE35-D70D6424807F}
2011-06-21 01:31:19 -------- d-----w- C:\Users\rmccaw\AppData\Local\{17254C23-C00A-4729-8602-4ECD43C32C1F}
2011-06-20 01:49:54 -------- d-----w- C:\Users\rmccaw\AppData\Local\{EC821CF2-9795-4D8E-9874-5D44E3941AE2}
2011-06-19 09:13:09 -------- d-----w- C:\Users\rmccaw\AppData\Local\{E30AC2B2-B940-4F46-AF6F-7971E1339D12}
2011-06-18 18:55:54 -------- d-----w- C:\Users\rmccaw\AppData\Local\{DF42747A-E754-4143-B92D-5999B60F0DEF}
2011-06-17 13:26:30 -------- d-----w- C:\Users\rmccaw\AppData\Local\{53D359B2-8205-4F7C-A265-5E34FA2EA240}
2011-06-17 01:24:59 -------- d-----w- C:\Users\rmccaw\AppData\Local\{0EB8D165-411E-46BE-A01A-359F6087B470}
2011-06-16 11:54:17 -------- d-----w- C:\Users\rmccaw\AppData\Local\{54E70AA6-DF6B-427E-880E-3C653435A0EC}
2011-06-16 11:54:01 -------- d-----w- C:\Users\rmccaw\AppData\Local\{BE9AAB02-7A26-47F5-965E-834B3A6BCB86}
2011-06-16 00:59:20 -------- d-----w- C:\Users\rmccaw\AppData\Local\{4E7132E6-4ED1-42D2-884A-9BF4E69EE603}
2011-06-15 17:58:54 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-15 17:58:54 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-15 11:53:56 -------- d-----w- C:\Users\rmccaw\AppData\Local\{53AB4F0D-3006-4C1C-BEED-F856CBFFAB2C}
2011-06-14 13:05:51 -------- d-----w- C:\Users\rmccaw\AppData\Local\{2F760A42-CE68-46CF-B40E-DC93806E4A3E}
2011-06-14 01:05:01 -------- d-----w- C:\Users\rmccaw\AppData\Local\{904E2924-5696-420D-9971-FAA5A3603B8A}
2011-06-13 10:11:05 -------- d-----w- C:\Users\rmccaw\AppData\Local\{FE2635F0-BC24-49A6-A645-B558BC900434}
2011-06-12 23:11:04 -------- d-----w- C:\ProgramData\McAfee Security Scan
2011-06-12 23:11:02 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2011-06-12 15:21:11 -------- d-----w- C:\Users\rmccaw\AppData\Local\{AF144B3A-9B5F-4AE5-8BE8-4E2A69BEDA61}
2011-06-12 03:20:38 -------- d-----w- C:\Users\rmccaw\AppData\Local\{11C53C8F-7BF8-4226-AF38-4B1DBA8B8EA7}
2011-06-11 15:20:16 -------- d-----w- C:\Users\rmccaw\AppData\Local\{EC988FE5-855E-42BB-B792-AA1CFCF1701B}
2011-06-11 03:06:17 -------- d-----w- C:\Users\rmccaw\AppData\Local\{597EB351-EFA6-42CD-B513-1A0B46EC350D}
2011-06-10 15:05:56 -------- d-----w- C:\Users\rmccaw\AppData\Local\{28C16674-07D7-4F36-A3E3-A5728F683DD6}
2011-06-10 03:05:36 -------- d-----w- C:\Users\rmccaw\AppData\Local\{40B9FCAA-9454-4C85-A6D0-9D312B1B068D}
2011-06-09 15:05:15 -------- d-----w- C:\Users\rmccaw\AppData\Local\{F934772C-11DE-449F-8A12-7BEADEDEB01A}
2011-06-09 03:04:52 -------- d-----w- C:\Users\rmccaw\AppData\Local\{D128888F-072E-4762-A9B0-CB76233A3D74}
2011-06-08 13:54:20 -------- d-----w- C:\Users\rmccaw\AppData\Local\{41045F05-E8FF-4723-AF9B-F30187103C15}
2011-06-08 01:53:45 -------- d-----w- C:\Users\rmccaw\AppData\Local\{7D8288A5-ACC6-438A-AD5F-BDC53679F248}
2011-06-07 13:46:49 -------- d-----w- C:\Users\rmccaw\AppData\Local\{EF5A86A9-8009-4187-A124-14EBAF4C270D}
2011-06-07 01:46:16 -------- d-----w- C:\Users\rmccaw\AppData\Local\{3EE6C1C0-7301-4596-A6AB-70882990B5A8}
2011-06-06 13:45:55 -------- d-----w- C:\Users\rmccaw\AppData\Local\{A3AE08E4-7D66-427C-9F5E-9819BA42FF8C}
2011-06-06 01:45:33 -------- d-----w- C:\Users\rmccaw\AppData\Local\{D6909C1E-FA05-42C7-9FEF-A3228CF29EF6}
.
==================== Find3M ====================
.
2011-06-25 13:34:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-25 13:34:30 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-06-22 18:45:53 110456 ----a-w- C:\Users\rmccaw\g2ax_customer_downloadhelper_win32_x86.exe
2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-28 03:06:58 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-27 00:21:39 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-15 01:28:24 118864 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
============= FINISH: 10:57:33.43 ===============

BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:07:30 AM

Posted 21 July 2011 - 08:28 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Best Regards,
oneof4.


#3 mydogbuddy

mydogbuddy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 22 July 2011 - 10:51 AM

My volume control reappeared. I have a 64 bit system, so didn't run the gmer. See log below and zipped log attached. Thanks for your help!


DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by rmccaw at 11:31:32 on 2011-07-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.1913 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\system32\lxdrcoms.exe
C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Lexmark 4900 Series\lxdrMsdMon.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Windows\Samsung\PanelMgr\caller64.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_10_3_162_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\rmccaw\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A56L5D0Q\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_10_3_162_ActiveX.exe -update activex
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [<NO NAME>]
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [TrojanScanner] C:\Program Files (x86)\Trojan Remover\Trjscan.exe /boot
mRun: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {4663E24F-3089-4E27-A1DB-886BC3E53AC6} = 10.0.0.4,8.8.8.8
TCP: 2375942554139383 = 10.0.0.4,8.8.8.8
TCP: 45865605564796477427F65707 = 10.0.0.4,8.8.8.8
TCP: D436341677 = 10.0.0.4,8.8.8.8
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe
mRun-x64: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [lxdrmon.exe] "C:\Program Files (x86)\Lexmark 4900 Series\lxdrmon.exe"
mRun-x64: [lxdramon] "C:\Program Files (x86)\Lexmark 4900 Series\lxdramon.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 lxdr_device;lxdr_device;C:\Windows\system32\lxdrcoms.exe -service --> C:\Windows\system32\lxdrcoms.exe -service [?]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]
R2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?]
R2 SWGVCSvc;SonicWALL Global VPN Client Service;C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-3-5 284696]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S1 SWIPsec;SonicWALL IPsec Driver;\??\C:\Windows\system32\Drivers\SWIPsec.sys --> C:\Windows\system32\Drivers\SWIPsec.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]
S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
S2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxdrserv.exe [2010-7-21 29184]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-12 1025352]
S3 GoToAssist Express Customer;GoToAssist Express Customer; [x]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-2-10 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 SWVNIC;SonicWALL Virtual Miniport;C:\Windows\system32\DRIVERS\swvnic.sys --> C:\Windows\system32\DRIVERS\swvnic.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-1-16 1250160]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-07-22 15:08:17 -------- d-----w- C:\Users\rmccaw\AppData\Local\{FBC570BB-83B7-4B3F-BCEE-B26E849692B8}
2011-07-22 13:31:09 -------- d-----w- C:\Users\rmccaw\AppData\Local\{96DF85E1-B9C5-4771-9A08-75709EE124F2}
2011-07-21 14:57:32 -------- d-----w- C:\Users\rmccaw\AppData\Local\{CE4EEE2F-7FCF-4F9A-AA6D-00C9DD37C240}
2011-07-21 14:34:33 -------- d-----w- C:\Users\rmccaw\AppData\Local\{13D17329-139F-4AB7-9BC9-AA09CB099E85}
2011-07-21 13:25:03 -------- d-----w- C:\Users\rmccaw\AppData\Local\{6B18BA1D-BF14-4777-B08E-7E68665A26E3}
2011-07-21 12:44:55 -------- d-----w- C:\Users\rmccaw\AppData\Local\{7C6B42A8-1EE4-4E3F-90BE-922610ED8645}
2011-07-21 11:21:12 -------- d-----w- C:\Users\rmccaw\AppData\Local\{52EC9187-CE1E-4484-8632-DFE9B5798F3A}
2011-07-20 23:07:52 -------- d-----w- C:\Users\rmccaw\AppData\Local\{4B0CDD28-519D-47A4-ACFD-1055A2046EA1}
2011-07-20 10:56:04 -------- d-----w- C:\Users\rmccaw\AppData\Local\{0F5BE6FD-594F-4DCA-B670-4F55BCB97CFB}
2011-07-19 22:40:16 -------- d-----w- C:\Users\rmccaw\AppData\Local\{0774C21E-9B06-45D9-8C28-DAF8F174B897}
2011-07-19 10:39:22 -------- d-----w- C:\Users\rmccaw\AppData\Local\{15B6DDCB-CEBF-493A-9075-582BF917F560}
2011-07-18 19:45:41 -------- d-----w- C:\Users\rmccaw\AppData\Local\{1B16B9BB-2A2D-4675-B5AA-52E96EAAF1E8}
2011-07-18 19:41:18 -------- d-----w- C:\Users\rmccaw\AppData\Local\{A8A7A6FF-AC83-430E-9A5A-5F0F9908F906}
2011-07-18 10:11:22 -------- d-----w- C:\Users\rmccaw\AppData\Local\{1E264560-0A02-46CF-8E1A-3E80A5B78DA6}
2011-07-17 16:19:39 -------- d-----w- C:\Users\rmccaw\AppData\Local\{8561E9FF-0A76-4E0F-8DE9-790B4E9CE433}
2011-07-17 02:45:46 -------- d-----w- C:\Users\rmccaw\AppData\Local\{589199BF-4AD1-4607-915F-CD9B5BF249E9}
2011-07-16 14:34:37 -------- d-----w- C:\Users\rmccaw\AppData\Local\{7FE97101-7AF5-4657-8E68-9680AE3C201E}
2011-07-16 02:34:03 -------- d-----w- C:\Users\rmccaw\AppData\Local\{2B409D54-2CD4-47FF-BC8F-0ADD2B27F8FC}
2011-07-15 14:33:41 -------- d-----w- C:\Users\rmccaw\AppData\Local\{A3BB22F0-4ADD-4FBF-865A-472D0A2CCA32}
2011-07-15 02:32:47 -------- d-----w- C:\Users\rmccaw\AppData\Local\{BAD52E5A-159A-4584-A8E3-AFAC2DB98752}
2011-07-14 14:20:29 -------- d-----w- C:\Users\rmccaw\AppData\Local\{23B4A8EA-B2BB-4F7C-853F-B960F70E316F}
2011-07-14 02:19:14 -------- d-----w- C:\Users\rmccaw\AppData\Local\{D4C438E2-AD9D-4F97-8A8A-687ED5A26360}
2011-07-13 13:08:34 -------- d-----w- C:\Users\rmccaw\AppData\Local\{71E61BA8-538B-4D02-81E6-F63280CB45B4}
2011-07-13 13:08:23 -------- d-----w- C:\Users\rmccaw\AppData\Local\{1A72AE0F-D85F-4275-A1D3-51D64E47CE2B}
2011-07-13 05:01:21 -------- d-----w- C:\Program Files (x86)\SamsungPrinterLiveUpdate
2011-07-13 05:01:18 -------- d-----w- C:\Windows\Samsung
2011-07-13 01:44:10 20 ----a-w- C:\Windows\System32\MSXML4.DLL
2011-07-13 01:07:49 -------- d-----w- C:\Users\rmccaw\AppData\Local\{E6C18926-D207-4DBD-A30E-A70785F4466D}
2011-07-12 12:41:57 -------- d-----w- C:\Users\rmccaw\AppData\Local\{5173FFA2-EE71-44A0-81B5-FE4D65FA32F4}
2011-07-12 00:41:23 -------- d-----w- C:\Users\rmccaw\AppData\Local\{68F6082C-F33D-42CA-953E-34ADC72A935D}
2011-07-11 12:40:50 -------- d-----w- C:\Users\rmccaw\AppData\Local\{A12CD7B9-506C-48FB-AAF7-78431EE3A063}
2011-07-11 00:40:30 -------- d-----w- C:\Users\rmccaw\AppData\Local\{0E131A22-5875-45CA-9B9E-209BE1883A13}
2011-07-10 12:22:46 -------- d-----w- C:\Users\rmccaw\AppData\Local\{D6F9F7AB-2393-43FD-A490-BBEE3662065B}
2011-07-09 02:45:45 -------- d-----w- C:\Users\rmccaw\AppData\Local\{7C3AD12D-F414-4CCB-9140-407D29DF7FBC}
2011-07-08 14:44:59 -------- d-----w- C:\Users\rmccaw\AppData\Local\{6CCD8FF2-8876-40AA-803E-F88B4180E623}
2011-07-08 14:44:48 -------- d-----w- C:\Users\rmccaw\AppData\Local\{FB50890C-5FC0-46F3-ADF5-F9815D215233}
2011-07-08 02:44:10 -------- d-----w- C:\Users\rmccaw\AppData\Local\{71DCA497-31D2-4425-873B-F3EB23E57314}
2011-07-07 11:18:14 -------- d-----w- C:\Users\rmccaw\AppData\Local\{DC437740-8AE8-403B-A7D3-78A4D9185897}
2011-07-06 23:17:43 -------- d-----w- C:\Users\rmccaw\AppData\Local\{11B6FF72-11AB-47AD-A26D-15C3D959D208}
2011-07-06 23:17:33 -------- d-----w- C:\Users\rmccaw\AppData\Local\{32E7E58A-7074-4AC8-A2B4-61E91CD79DB7}
2011-07-06 11:17:04 -------- d-----w- C:\Users\rmccaw\AppData\Local\{C89287AB-4D0C-4CEC-83D7-8E38404B83FB}
2011-07-05 15:17:35 -------- d-----w- C:\Users\rmccaw\AppData\Local\{63EBC4BC-7A39-4DEB-B43F-568DF75CAE34}
2011-07-05 02:03:14 -------- d-----w- C:\Users\rmccaw\AppData\Local\{9B4C8B30-E1D4-441F-8CD5-A9E107E67400}
2011-07-04 11:37:22 -------- d-----w- C:\Users\rmccaw\AppData\Local\{F681D0C0-5514-4F6D-83FE-FDB269FFD0C6}
2011-07-03 23:14:40 -------- d-----w- C:\Users\rmccaw\AppData\Local\{D7C30C3E-5A01-4F08-8990-75CFF8FF259F}
2011-07-03 11:14:06 -------- d-----w- C:\Users\rmccaw\AppData\Local\{78723CE2-44E0-4CBC-BAB1-C8ABB35CE9E6}
2011-07-02 13:31:59 -------- d-----w- C:\Users\rmccaw\AppData\Local\{58726BEF-2A15-4BFC-A756-F8A5DA3A7F91}
2011-07-02 01:31:35 -------- d-----w- C:\Users\rmccaw\AppData\Local\{FEEC5E7C-7156-432F-A9BB-C19EF19875EE}
2011-07-01 13:30:45 -------- d-----w- C:\Users\rmccaw\AppData\Local\{E453A558-A74D-40EF-93D0-AEA8743AD23F}
2011-07-01 01:30:04 -------- d-----w- C:\Users\rmccaw\AppData\Local\{769072CE-5AD8-4AB9-A69A-C2506B814109}
2011-07-01 01:29:54 -------- d-----w- C:\Users\rmccaw\AppData\Local\{451B1C86-66AC-4D2F-8EFD-6DB5CC1EC613}
2011-06-30 13:29:10 -------- d-----w- C:\Users\rmccaw\AppData\Local\{B15EDB54-F43B-49E5-906A-122E139FC459}
2011-06-30 13:28:58 -------- d-----w- C:\Users\rmccaw\AppData\Local\{CA50D239-ED90-416B-BEE4-FC0931236CD1}
2011-06-30 11:03:28 -------- d-----w- C:\Users\rmccaw\AppData\Roaming\AVG
2011-06-30 01:27:22 -------- d-----w- C:\Users\rmccaw\AppData\Local\{F817B14E-5225-433E-B13E-D39FB5CEBB52}
2011-06-29 11:49:38 -------- d-----w- C:\Users\rmccaw\AppData\Local\{A671A1D2-B9A0-4FB9-868B-6258497143E6}
2011-06-29 11:24:20 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2011-06-28 23:48:49 -------- d-----w- C:\Users\rmccaw\AppData\Local\{4CF3E5F9-22E2-450E-990B-EF89BDE62ADC}
2011-06-28 11:48:23 -------- d-----w- C:\Users\rmccaw\AppData\Local\{9381B591-9CD0-484D-8F3F-745FD401C89F}
2011-06-28 11:47:14 -------- d-----w- C:\Users\rmccaw\AppData\Local\{4EFBFCCA-DBCB-47DF-9DA8-05A3DBED2FF0}
2011-06-27 22:22:09 -------- d-----w- C:\Users\rmccaw\AppData\Local\{C5F10594-EF2D-4919-B77F-9DFC067E972D}
2011-06-27 10:21:26 -------- d-----w- C:\Users\rmccaw\AppData\Local\{9D25C733-4033-401A-A215-2C30F458D459}
2011-06-25 13:25:45 -------- d-----w- C:\Windows\System32\SPReview
2011-06-25 13:24:43 -------- d-----w- C:\Windows\System32\EventProviders
2011-06-25 13:20:59 95616 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2011-06-25 13:19:59 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2011-06-25 13:17:32 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-25 13:17:32 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-06-25 13:17:31 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-06-25 13:17:22 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-06-25 13:17:17 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-06-25 13:16:56 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-06-25 13:16:56 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-06-25 11:30:02 -------- d-----w- C:\Users\rmccaw\AppData\Local\{C1059EF5-40BD-4C3F-BDB0-46D224B09F25}
2011-06-23 01:35:10 -------- d-----w- C:\Users\rmccaw\AppData\Local\{0CE23CA0-0F46-4267-BD89-7F1B7CEDC0DC}
2011-06-23 01:35:00 -------- d-----w- C:\Users\rmccaw\AppData\Local\{48E21BC0-8EB3-4998-918A-6B21D728EC56}
2011-06-22 19:01:16 77312 ----a-w- C:\Windows\SysWow64\ztvunace26.dll
2011-06-22 19:01:16 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll
2011-06-22 19:01:16 69632 ----a-w- C:\Windows\SysWow64\ztvcabinet.dll
2011-06-22 19:01:16 162304 ----a-w- C:\Windows\SysWow64\ztvunrar36.dll
2011-06-22 19:01:16 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll
2011-06-22 19:01:15 -------- d-----w- C:\Users\rmccaw\AppData\Roaming\Simply Super Software
2011-06-22 19:01:15 -------- d-----w- C:\ProgramData\Simply Super Software
2011-06-22 19:01:15 -------- d-----w- C:\Program Files (x86)\Trojan Remover
.
==================== Find3M ====================
.
2011-06-25 13:34:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-25 13:34:30 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-06-22 18:45:53 110456 ----a-w- C:\Users\rmccaw\g2ax_customer_downloadhelper_win32_x86.exe
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-03 05:29:29 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:30:02 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-28 03:55:08 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-04-28 03:54:56 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-27 00:21:39 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 11:32:18.90 ===============

Attached Files



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:30 AM

Posted 23 July 2011 - 02:26 PM

Hello mydogbuddy,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


1.
Please download and run unHide.exe


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


3.
Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.



Things to include in your next reply::
Combofix.txt
aswMBR log
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 mydogbuddy

mydogbuddy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 23 July 2011 - 06:41 PM

I ran unhide.exe

I temporarily disabled avg live.

I downloaded combofix (despite the really scary warnings), but when I tried to run it, it said combofix could not run while avg was installed. It directed me to uninstall and try again.

Since this wasn't part of your instructions, I was reluctant to do that.

Thanks for your advice.

#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:30 AM

Posted 24 July 2011 - 12:04 AM

Hello,

Please use Appremoverto remove AVG and then try Combofix again.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 mydogbuddy

mydogbuddy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 24 July 2011 - 03:58 AM

un date: 2011-07-24 04:55:43
-----------------------------
04:55:43.553 OS Version: Windows x64 6.1.7601 Service Pack 1
04:55:43.553 Number of processors: 2 586 0x170A
04:55:43.553 ComputerName: RMCCAW-VAIO UserName: rmccaw
04:55:44.863 Initialize success
04:56:26.801 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
04:56:26.801 Disk 0 Vendor: FUJITSU_ 0041 Size: 305245MB BusType: 3
04:56:26.817 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000071
04:56:26.817 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
04:56:26.817 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000072
04:56:26.817 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
04:56:26.832 Disk 0 MBR read successfully
04:56:26.832 Disk 0 MBR scan
04:56:26.832 Disk 0 Windows 7 default MBR code
04:56:26.832 Service scanning
04:56:32.136 Modules scanning
04:56:32.136 Disk 0 trace - called modules:
04:56:32.183 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
04:56:32.199 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005788060]
04:56:32.199 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa80047382b0]
04:56:32.214 5 ACPI.sys[fffff88000f8c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800473e050]
04:56:32.214 Scan finished successfully
04:56:51.433 Disk 0 MBR has been saved successfully to "C:\Users\rmccaw\Documents\MBR.dat"
04:56:51.433 The log file has been saved successfully to "C:\Users\rmccaw\Documents\aswMBR.txt"

#8 mydogbuddy

mydogbuddy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 24 July 2011 - 08:58 AM

icrosoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2736 [GMT -4:00]
Running from: c:\users\rmccaw\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\rmccaw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair
c:\users\rmccaw\g2ax_customer_downloadhelper_win32_x86.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-24 to 2011-07-24 )))))))))))))))))))))))))))))))
.
.
2011-07-24 08:27 . 2011-07-24 08:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-13 05:01 . 2011-07-13 05:01 -------- d-----w- c:\program files (x86)\SamsungPrinterLiveUpdate
2011-07-13 05:01 . 2011-07-13 05:01 -------- d-----w- c:\windows\Samsung
2011-07-13 01:44 . 2011-07-13 01:44 20 ----a-w- c:\windows\system32\MSXML4.DLL
2011-07-04 15:43 . 2011-07-04 15:43 -------- d-----w- c:\windows\system32\Macromed
2011-06-30 11:03 . 2011-06-30 11:04 -------- d-----w- c:\users\rmccaw\AppData\Roaming\AVG
2011-06-29 11:24 . 2011-06-30 11:44 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-06-25 13:25 . 2011-06-25 13:25 -------- d-----w- c:\windows\system32\SPReview
2011-06-25 13:24 . 2011-06-25 13:24 -------- d-----w- c:\windows\system32\EventProviders
2011-06-25 13:20 . 2010-11-20 13:33 95616 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-06-25 13:19 . 2010-11-20 13:26 41984 ----a-w- c:\windows\system32\FXSMON.dll
2011-06-25 13:17 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-06-25 13:17 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-06-25 13:17 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-06-25 13:17 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-06-25 13:17 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-06-25 13:16 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-06-25 13:16 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-25 13:34 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-25 13:34 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-03 05:57 . 2011-07-13 11:02 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-29 13:11 . 2011-02-28 02:07 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-02-28 02:07 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 05:29 . 2011-06-15 17:58 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-15 17:58 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:06 . 2011-06-15 17:59 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:05 . 2011-06-15 17:59 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:05 . 2011-06-15 17:59 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:40 . 2011-06-15 17:59 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-27 02:39 . 2011-06-15 17:59 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:39 . 2011-06-15 17:59 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-27 00:21 . 2010-03-30 13:49 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-08-27 79872]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"TrojanScanner"="c:\program files (x86)\Trojan Remover\Trjscan.exe" [2011-05-18 1233856]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-08-28 606208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SWIPsec;SonicWALL IPsec Driver;c:\windows\system32\Drivers\SWIPsec.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 133104]
R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 lxdrCATSCustConnectService;lxdrCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxdrserv.exe [2009-10-16 29184]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]
R3 BlackBox;BlackBox SR2; [x]
R3 GoToAssist Express Customer;GoToAssist Express Customer; [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 133104]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]
R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-17 167424]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]
R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]
R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 SWVNIC;SonicWALL Virtual Miniport;c:\windows\system32\DRIVERS\swvnic.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-05-31 1250160]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 lxdr_device;lxdr_device;c:\windows\system32\lxdrcoms.exe [2009-10-16 1039360]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-07-24 189984]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]
S2 SWGVCSvc;SonicWALL Global VPN Client Service;c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVCSvc.exe [2009-03-06 284696]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 06:08]
.
2011-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 06:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
"lxdrmon.exe"="c:\program files (x86)\Lexmark 4900 Series\lxdrmon.exe" [2010-02-04 676520]
"lxdramon"="c:\program files (x86)\Lexmark 4900 Series\lxdramon.exe" [2010-02-04 16040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.105.28.12 68.105.29.11
TCP: Interfaces\{4663E24F-3089-4E27-A1DB-886BC3E53AC6}: NameServer = 10.0.0.4,8.8.8.8
TCP: Interfaces\{4663E24F-3089-4E27-A1DB-886BC3E53AC6}\2375942554139383: NameServer = 10.0.0.4,8.8.8.8
TCP: Interfaces\{4663E24F-3089-4E27-A1DB-886BC3E53AC6}\45865605564796477427F65707: NameServer = 10.0.0.4,8.8.8.8
TCP: Interfaces\{4663E24F-3089-4E27-A1DB-886BC3E53AC6}\D436341677: NameServer = 10.0.0.4,8.8.8.8
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1 - c:\program files (x86)\AVG\AVG PC Tuneup 2011\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-24 04:32:10
ComboFix-quarantined-files.txt 2011-07-24 08:32
.
Pre-Run: 248,215,617,536 bytes free
Post-Run: 248,115,666,944 bytes free
.
- - End Of File - - 02883BE396B8E4DE6B171630EA910829

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:30 AM

Posted 24 July 2011 - 09:44 AM

How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 mydogbuddy

mydogbuddy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 24 July 2011 - 09:51 AM

My computer hasn't been running badly, it's just that my program files are hidden. The start menu folders are still empty.

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:30 AM

Posted 24 July 2011 - 02:30 PM

Hello,


With this infection if you have ran a cleaner or Removed any temp files we may not be able to fix the problem.

1.
Please download SystemLook from jpshortstuff and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Double-click the SystemLook and copy/paste the following into the box
    :dir
    %Temp%\smtmp /s
  • Hit the Look button. Let it finish the scan
  • A log will then pop-up to your Desktop.. Post the content of the log here in your next reply


2.
  • Download RogueKiller on the desktop
  • Close all the running processes
  • Under Vista/Seven, right click -> Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • When prompted, type 6 (Shortcut HJFix). then Enter
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


my program files are hidden. The start menu folders are still empty.

Are they back now?

Things to include in your next reply::
Systemlook.txt
RogueKiller log

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 mydogbuddy

mydogbuddy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 26 July 2011 - 08:19 PM

I ran malwarebytes. I did not remove any temp files, but it did quarantine some.

#13 mydogbuddy

mydogbuddy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 26 July 2011 - 08:33 PM

SystemLook 04.09.10 by jpshortstuff
Log created at 21:31 on 26/07/2011 by rmccaw
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "OTLPEStd.exe"
No files found.

-= EOF =-

#14 mydogbuddy

mydogbuddy
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 26 July 2011 - 08:37 PM

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: rmccaw [Admin rights]
Mode: Shortcuts HJfix -- Date : 07/26/2011 21:36:27

Bad processes: 0

File attributes restored:
Desktop: Success 62 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 2 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 83 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 8 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 45 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[F:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[G:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[1].txt >>
RKreport[1].txt

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:06:30 AM

Posted 27 July 2011 - 05:01 PM

Hello,

Are your Program files visible now? Are your start menu items back?


Try these see if they help.

You can restore the defaults for the Start Menu and Administrative Tools as follows:


Please look in your MalwareBytes Quarantined files and see if you see any file with smtmp in them

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users