Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Poweliks Help Needed, Please


  • This topic is locked This topic is locked
32 replies to this topic

#1 JoeDaCabbie

JoeDaCabbie

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middletown, NY
  • Local time:06:07 PM

Posted 31 October 2014 - 04:01 AM

Hello, I am trying to clean and repair a Sony Vaio laptop to help out my friend's daughter. I went after it using the Roguekiller/Process Explorer instructions on the Adlice Soltware pages without success. I could very much use some expert assistance. Attached are the logs from DDS and FRST. Thanx!Attached File  FRST.txt   215.83KB   5 downloadsAttached File  Addition.txt   38.95KB   1 downloadsAttached File  DDS.txt   32.87KB   0 downloadsAttached File  Attach.zip   5.32KB   0 downloads



BC AdBot (Login to Remove)

 


#2 JoeDaCabbie

JoeDaCabbie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middletown, NY
  • Local time:06:07 PM

Posted 01 November 2014 - 10:05 AM

Note to any Experts looking at this on 11/1: I see that my post is getting closer to being looked at. I am at work today and did not bring the infected laptop and will not be home until after 4 PM (2100 GMT if you're outside the U.S.) I cannot act on your response until after that time. Sorry!



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:07 PM

Posted 05 November 2014 - 08:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554101 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 JoeDaCabbie

JoeDaCabbie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middletown, NY
  • Local time:06:07 PM

Posted 05 November 2014 - 11:00 PM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 11.25.2
Run by jasmine at 22:50:58 on 2014-11-05
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3758.1971 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Manager Settings\VcmMgrNotification64.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sony.msn.com
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://sony.msn.com
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect"
dRunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe -update activex
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:3
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
TCP: Interfaces\{333BC165-6E88-4B9C-8091-2F0C4EAC607A} : NameServer = 0.0.0.0
TCP: Interfaces\{E87A7E97-F964-4C99-9896-E42B2ECE0710} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F62E2365-C9BB-4EF8-809B-0308DBF6FCB0} : DHCPNameServer = 192.168.0.1 74.40.74.40
TCP: Interfaces\{F62E2365-C9BB-4EF8-809B-0308DBF6FCB0}\073602C61626 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{F62E2365-C9BB-4EF8-809B-0308DBF6FCB0}\3555E495F42716E67656745756374775946494 : DHCPNameServer = 10.6.0.5 74.39.200.250
TCP: Interfaces\{F62E2365-C9BB-4EF8-809B-0308DBF6FCB0}\3555E495F42716E6765675946494 : DHCPNameServer = 10.6.0.5 74.39.200.250
TCP: Interfaces\{F62E2365-C9BB-4EF8-809B-0308DBF6FCB0}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{F62E2365-C9BB-4EF8-809B-0308DBF6FCB0}\656535 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F62E2365-C9BB-4EF8-809B-0308DBF6FCB0}\C696E6B6379737 : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mSearch Page = hxxp://www.google.com
x64-mDefault_Search_URL = hxxp://www.google.com
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R0 edevmon;edevmon;C:\Windows\System32\drivers\edevmon.sys [2014-8-18 241368]
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2014-9-18 63160]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2014-8-18 243440]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2014-8-18 44632]
R1 GUBootStartup;GUBootStartup;C:\Windows\System32\drivers\GUBootStartup.sys [2014-10-26 20160]
R2 6077757b;6077757b;C:\Windows\System32\drivers\regi.sys [2011-3-24 14112]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-10-1 1349576]
R2 ESRV_SVC;Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-1 377768]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-3 13336]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-11-3 94208]
R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-11-3 78848]
R2 SampleCollector;Intel® System Behavior Tracker Collector Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2013-11-1 266168]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-24 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-3-24 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-3-24 836608]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
R3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;C:\Windows\System32\drivers\bpusb.sys [2012-4-9 83968]
R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\System32\drivers\btwampfl.sys [2011-3-24 342056]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-3-24 39464]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-6-4 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-3 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-3 271872]
R3 semav6thermal64ro;semav6thermal64ro;C:\Windows\System32\drivers\semav6thermal64ro.sys [2014-5-26 13792]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2014-5-26 1642544]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2012-4-9 398112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 regi;regi;C:\Windows\System32\drivers\regi.sys [2011-3-24 14112]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2011-11-12 24576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-3-24 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2014-10-27 32512]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-26 111616]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;C:\Windows\System32\drivers\btblan.sys [2011-11-12 40320]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-11-4 19456]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-10-26 31800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-11-4 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 USER_ESRV_SVC;User Energy Server Service;C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [2013-11-1 377768]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2014-2-20 60504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-9 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-11-04 10:52:38    75888    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2F69F24-71B0-4DDD-9B76-9E00749FDE65}\offreg.dll
2014-11-04 10:36:44    11627712    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2F69F24-71B0-4DDD-9B76-9E00749FDE65}\mpengine.dll
2014-10-31 09:23:25    --------    d-----w-    C:\TDSSKiller_Quarantine
2014-10-31 08:32:49    --------    d-----w-    C:\FRST
2014-10-30 02:50:37    37624    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-10-30 02:50:36    --------    d-----w-    C:\ProgramData\RogueKiller
2014-10-29 04:42:29    --------    d-----w-    C:\Users\jasmine\AppData\Roaming\ESET
2014-10-29 04:42:29    --------    d-----w-    C:\Users\jasmine\AppData\Local\ESET
2014-10-29 04:37:55    --------    d-----w-    C:\Program Files\ESET
2014-10-28 23:22:57    --------    d-----w-    C:\NPE
2014-10-28 23:08:21    0    ----a-w-    C:\Windows\SysWow64\shoCA72.tmp
2014-10-28 21:27:15    7168    ----a-w-    C:\Windows\SysWow64\KBDYAK.DLL
2014-10-28 21:27:15    7168    ----a-w-    C:\Windows\System32\KBDYAK.DLL
2014-10-28 21:27:15    7168    ----a-w-    C:\Windows\System32\KBDBASH.DLL
2014-10-28 21:27:15    6656    ----a-w-    C:\Windows\SysWow64\KBDBASH.DLL
2014-10-28 21:27:07    67072    ----a-w-    C:\Windows\splwow64.exe
2014-10-28 21:27:07    559104    ----a-w-    C:\Windows\System32\spoolsv.exe
2014-10-28 19:21:49    167424    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2014-10-28 19:21:49    164864    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-10-28 19:21:48    12625920    ----a-w-    C:\Windows\System32\wmploc.DLL
2014-10-28 19:21:46    12625408    ----a-w-    C:\Windows\SysWow64\wmploc.DLL
2014-10-28 18:34:53    --------    d-----w-    C:\Windows\Migration
2014-10-28 14:53:29    2560    ----a-w-    C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-10-28 09:09:40    87040    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2014-10-28 09:09:40    198656    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2014-10-28 09:09:37    84992    ----a-w-    C:\Windows\System32\WUDFSvc.dll
2014-10-28 09:09:37    194048    ----a-w-    C:\Windows\System32\WUDFPlatform.dll
2014-10-28 09:09:36    45056    ----a-w-    C:\Windows\System32\WUDFCoinstaller.dll
2014-10-28 09:09:35    744448    ----a-w-    C:\Windows\System32\WUDFx.dll
2014-10-28 09:09:35    229888    ----a-w-    C:\Windows\System32\WUDFHost.exe
2014-10-28 07:31:43    2777088    ----a-w-    C:\Windows\System32\msmpeg2vdec.dll
2014-10-28 07:31:43    2285056    ----a-w-    C:\Windows\SysWow64\msmpeg2vdec.dll
2014-10-28 07:10:36    99480    ----a-w-    C:\Windows\SysWow64\infocardapi.dll
2014-10-28 07:10:36    171160    ----a-w-    C:\Windows\System32\infocardapi.dll
2014-10-28 07:10:32    619672    ----a-w-    C:\Windows\SysWow64\icardagt.exe
2014-10-28 07:10:32    1389208    ----a-w-    C:\Windows\System32\icardagt.exe
2014-10-28 07:10:31    8856    ----a-w-    C:\Windows\SysWow64\icardres.dll
2014-10-28 07:10:31    8856    ----a-w-    C:\Windows\System32\icardres.dll
2014-10-28 07:09:45    35480    ----a-w-    C:\Windows\SysWow64\TsWpfWrp.exe
2014-10-28 07:09:45    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-10-28 02:36:41    --------    d-----w-    C:\Program Files (x86)\ESET
2014-10-28 01:03:29    32512    ----a-w-    C:\Windows\System32\drivers\hitmanpro37.sys
2014-10-28 00:50:28    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2014-10-28 00:50:27    48640    ----a-w-    C:\Windows\System32\wwanprotdim.dll
2014-10-28 00:50:27    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
2014-10-28 00:50:27    228864    ----a-w-    C:\Windows\System32\wwansvc.dll
2014-10-28 00:50:26    633856    ----a-w-    C:\Windows\System32\comctl32.dll
2014-10-28 00:50:26    530432    ----a-w-    C:\Windows\SysWow64\comctl32.dll
2014-10-28 00:50:24    55296    ----a-w-    C:\Windows\System32\dhcpcsvc6.dll
2014-10-28 00:50:24    226816    ----a-w-    C:\Windows\System32\dhcpcore6.dll
2014-10-28 00:50:24    193536    ----a-w-    C:\Windows\SysWow64\dhcpcore6.dll
2014-10-28 00:50:23    44032    ----a-w-    C:\Windows\SysWow64\dhcpcsvc6.dll
2014-10-28 00:50:04    224256    ----a-w-    C:\Windows\System32\wintrust.dll
2014-10-28 00:50:04    175104    ----a-w-    C:\Windows\SysWow64\wintrust.dll
2014-10-28 00:47:59    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2014-10-28 00:46:58    230400    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2014-10-28 00:45:54    1888768    ----a-w-    C:\Windows\System32\WMVDECOD.DLL
2014-10-28 00:44:31    259584    ----a-w-    C:\Windows\System32\WebClnt.dll
2014-10-28 00:44:31    205824    ----a-w-    C:\Windows\SysWow64\WebClnt.dll
2014-10-28 00:44:30    81920    ----a-w-    C:\Windows\SysWow64\davclnt.dll
2014-10-28 00:44:30    140800    ----a-w-    C:\Windows\System32\drivers\mrxdav.sys
2014-10-28 00:44:30    102400    ----a-w-    C:\Windows\System32\davclnt.dll
2014-10-28 00:44:29    478208    ----a-w-    C:\Windows\System32\dpnet.dll
2014-10-28 00:44:28    376832    ----a-w-    C:\Windows\SysWow64\dpnet.dll
2014-10-28 00:44:24    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-28 00:42:44    3928064    ----a-w-    C:\Windows\System32\d2d1.dll
2014-10-28 00:42:44    3419136    ----a-w-    C:\Windows\SysWow64\d2d1.dll
2014-10-28 00:42:41    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-10-28 00:42:41    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-10-28 00:42:40    985536    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2014-10-28 00:42:40    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2014-10-28 00:42:40    144384    ----a-w-    C:\Windows\System32\cdd.dll
2014-10-28 00:39:54    95744    ----a-w-    C:\Windows\System32\synceng.dll
2014-10-28 00:39:54    78336    ----a-w-    C:\Windows\SysWow64\synceng.dll
2014-10-28 00:39:27    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-10-28 00:39:27    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-10-28 00:39:06    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-10-28 00:39:06    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-10-28 00:39:04    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2014-10-28 00:39:04    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2014-10-28 00:37:49    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-10-28 00:36:44    223752    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2014-10-28 00:36:41    503808    ----a-w-    C:\Windows\System32\srcore.dll
2014-10-28 00:36:41    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2014-10-28 00:36:38    1684928    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-10-28 00:36:29    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2014-10-28 00:36:29    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2014-10-28 00:36:26    52224    ----a-w-    C:\Windows\System32\certenc.dll
2014-10-28 00:36:26    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2014-10-28 00:33:04    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-10-28 00:33:03    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-10-28 00:33:02    956928    ----a-w-    C:\Windows\System32\localspl.dll
2014-10-28 00:32:58    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-10-28 00:32:57    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-10-28 00:32:20    1643520    ----a-w-    C:\Windows\System32\DWrite.dll
2014-10-28 00:32:20    1247744    ----a-w-    C:\Windows\SysWow64\DWrite.dll
2014-10-28 00:32:16    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-10-28 00:32:16    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-10-28 00:32:08    859648    ----a-w-    C:\Windows\System32\IKEEXT.DLL
2014-10-28 00:32:07    830464    ----a-w-    C:\Windows\System32\nshwfp.dll
2014-10-28 00:32:07    656896    ----a-w-    C:\Windows\SysWow64\nshwfp.dll
2014-10-28 00:32:07    324096    ----a-w-    C:\Windows\System32\FWPUCLNT.DLL
2014-10-28 00:32:07    216576    ----a-w-    C:\Windows\SysWow64\FWPUCLNT.DLL
2014-10-28 00:32:04    461312    ----a-w-    C:\Windows\System32\scavengeui.dll
2014-10-28 00:31:51    1216000    ----a-w-    C:\Windows\System32\rpcrt4.dll
2014-10-28 00:31:50    664064    ----a-w-    C:\Windows\SysWow64\rpcrt4.dll
2014-10-26 21:57:43    88576    ----a-w-    C:\Windows\System32\wecapi.dll
2014-10-26 21:57:43    80384    ----a-w-    C:\Windows\SysWow64\wecutil.exe
2014-10-26 21:57:43    58368    ----a-w-    C:\Windows\SysWow64\wecapi.dll
2014-10-26 21:57:43    237568    ----a-w-    C:\Windows\System32\wecsvc.dll
2014-10-26 21:57:43    113152    ----a-w-    C:\Windows\System32\wecutil.exe
2014-10-26 21:35:19    --------    d-sh--w-    C:\Users\jasmine\AppData\Local\EmieUserList
2014-10-26 21:35:19    --------    d-sh--w-    C:\Users\jasmine\AppData\Local\EmieSiteList
2014-10-26 21:34:55    --------    d-----w-    C:\Users\jasmine\AppData\Local\VS Revo Group
2014-10-26 21:34:51    --------    d-----w-    C:\ProgramData\VS Revo Group
2014-10-26 21:34:50    31800    ----a-w-    C:\Windows\System32\drivers\revoflt.sys
2014-10-26 21:34:48    --------    d-----w-    C:\Program Files\VS Revo Group
2014-10-26 19:57:14    0    ----a-w-    C:\Windows\System32\zybwwd.dll
2014-10-26 19:25:58    400968    ----a-w-    C:\Program Files\Internet Explorer\msdbg2.dll
2014-10-26 19:23:57    878080    ----a-w-    C:\Windows\System32\advapi32.dll
2014-10-26 19:23:57    859648    ----a-w-    C:\Windows\System32\tdh.dll
2014-10-26 19:23:57    1732032    ----a-w-    C:\Windows\System32\ntdll.dll
2014-10-26 19:23:56    640512    ----a-w-    C:\Windows\SysWow64\advapi32.dll
2014-10-26 19:23:56    619520    ----a-w-    C:\Windows\SysWow64\tdh.dll
2014-10-26 19:23:56    1292192    ----a-w-    C:\Windows\SysWow64\ntdll.dll
2014-10-26 19:23:25    327168    ----a-w-    C:\Windows\System32\mswsock.dll
2014-10-26 19:23:25    231424    ----a-w-    C:\Windows\SysWow64\mswsock.dll
2014-10-26 19:23:08    68608    ----a-w-    C:\Windows\System32\taskhost.exe
2014-10-26 19:17:33    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
2014-10-26 19:17:33    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2014-10-26 18:25:18    0    ----a-w-    C:\Windows\SysWow64\shoC229.tmp
2014-10-26 18:19:41    --------    d-----w-    C:\Windows\System32\SPReview
2014-10-26 17:52:40    2560    ----a-w-    C:\Windows\System32\drivers\en-US\rdpwd.sys.mui
2014-10-26 17:51:39    6144    ----a-w-    C:\Windows\System32\drivers\en-US\IPMIDrv.sys.mui
2014-10-26 17:51:37    4608    ----a-w-    C:\Windows\System32\drivers\en-US\kbdclass.sys.mui
2014-10-26 17:33:02    749568    ----a-w-    C:\Program Files\Common Files\System\msadc\msadce.dll
2014-10-26 17:33:02    211456    ----a-w-    C:\Windows\System32\mprddm.dll
2014-10-26 17:33:02    114688    ----a-w-    C:\Program Files\Common Files\System\msadc\msadcf.dll
2014-10-26 17:33:02    102400    ----a-w-    C:\Windows\System32\mobsync.exe
2014-10-26 17:33:02    101376    ----a-w-    C:\Windows\SysWow64\mobsync.exe
2014-10-26 17:33:01    226304    ----a-w-    C:\Windows\SysWow64\MSAC3ENC.DLL
2014-10-26 17:33:01    213504    ----a-w-    C:\Windows\SysWow64\MMDevAPI.dll
2014-10-26 17:33:01    212992    ----a-w-    C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2014-10-26 17:33:00    399360    ----a-w-    C:\Windows\System32\wbem\msiprov.dll
2014-10-26 17:33:00    209920    ----a-w-    C:\Windows\SysWow64\mstask.dll
2014-10-26 17:33:00    1619968    ----a-w-    C:\Program Files (x86)\Windows Mail\msoe.dll
2014-10-26 17:31:59    86528    ----a-w-    C:\Windows\SysWow64\isoburn.exe
2014-10-26 17:30:59    826368    ----a-w-    C:\Windows\SysWow64\rdpcore.dll
2014-10-26 17:29:59    701440    ----a-w-    C:\Windows\System32\dsuiext.dll
2014-10-26 17:23:03    --------    d-----w-    C:\Windows\System32\EventProviders
2014-10-26 13:34:27    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-10-26 13:31:05    98216    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-26 12:20:21    20160    ----a-w-    C:\Windows\System32\drivers\GUBootStartup.sys
2014-10-26 12:20:20    --------    d-----w-    C:\Users\jasmine\AppData\Roaming\GlarySoft
2014-10-26 12:20:20    --------    d-----w-    C:\Users\jasmine\AppData\Roaming\DiskDefrag
2014-10-26 12:20:08    --------    d-----w-    C:\Program Files (x86)\Glary Utilities 5
2014-10-26 05:29:02    --------    d-----w-    C:\Windows\Microsoft Antimalware
2014-10-26 01:25:00    --------    d-----w-    C:\c2ec0cee984a0019bd99a4
2014-10-25 18:18:57    --------    d-----w-    C:\Program Files\HitmanPro
2014-10-25 18:17:57    --------    d-----w-    C:\ProgramData\HitmanPro
2014-10-25 17:45:19    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-10-25 17:43:12    --------    d-----w-    C:\Windows\ERUNT
2014-10-25 17:30:31    --------    d-----w-    C:\AdwCleaner
2014-10-25 17:20:52    --------    d--h--w-    C:\ProgramData\Common Files
2014-10-25 17:20:52    --------    d-----w-    C:\Users\jasmine\AppData\Local\MFAData
2014-10-25 17:20:52    --------    d-----w-    C:\Users\jasmine\AppData\Local\Avg2015
2014-10-25 17:20:52    --------    d-----w-    C:\ProgramData\MFAData
2014-10-17 13:37:09    17903792    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-10-17 13:12:17    687    ----a-w-    C:\awhAAEE.tmp
2014-10-17 13:02:36    --------    d-----w-    C:\Users\jasmine\AppData\Local\1744
.
==================== Find3M  ====================
.
2014-10-28 10:34:58    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-26 19:25:58    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-10-26 19:25:58    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-10-26 19:25:56    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-10-26 19:25:56    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-10-26 19:25:56    13824    ----a-w-    C:\Windows\System32\mshta.exe
2014-10-26 19:25:56    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-10-26 19:25:55    83968    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-10-26 19:25:55    48128    ----a-w-    C:\Windows\System32\imgutil.dll
2014-10-26 18:10:30    175616    ----a-w-    C:\Windows\System32\msclmd.dll
2014-10-26 18:10:30    152576    ----a-w-    C:\Windows\SysWow64\msclmd.dll
2014-09-29 00:58:48    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-09-18 16:38:22    63160    ----a-w-    C:\Windows\System32\drivers\epfwwfp.sys
2014-09-18 02:00:42    3241472    ----a-w-    C:\Windows\System32\msi.dll
2014-09-18 01:32:52    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-09-09 23:23:55    687    ----a-w-    C:\awhC9D3.tmp
2014-09-08 01:01:32    1482656    ----a-w-    C:\ProgramData\Setup.exe
2014-09-08 00:14:51    687    ----a-w-    C:\awh6D14.tmp
2014-08-18 14:28:34    222280    ----a-w-    C:\Windows\System32\drivers\epfw.sys
2014-08-18 14:28:32    44632    ----a-w-    C:\Windows\System32\drivers\EpfwLWF.sys
2014-08-18 14:28:32    243440    ----a-w-    C:\Windows\System32\drivers\eamonm.sys
2014-08-18 14:28:32    241368    ----a-w-    C:\Windows\SysWow64\drivers\edevmon.sys
2014-08-18 14:28:32    241368    ----a-w-    C:\Windows\System32\drivers\edevmon.sys
2014-08-18 14:28:32    169280    ----a-w-    C:\Windows\System32\drivers\ehdrv.sys
2014-05-29 06:17:44    6103040    ----a-w-    C:\Program Files (x86)\GUTFD91.tmp
.
============= FINISH: 22:53:34.04 ===============

Attached File  attach.zip   4KB   0 downloads



#5 JoeDaCabbie

JoeDaCabbie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middletown, NY
  • Local time:06:07 PM

Posted 05 November 2014 - 11:05 PM

I ran FRST again, too, but the board will neither let me post nor upload it.



#6 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:07 PM

Posted 06 November 2014 - 08:44 AM

:welcome:

 

Sorry for the delay but we get pretty busy around here

 

Lets do some basic cleanup and see where we stand, it looks like you may or still have Malwarebytes installed, if you do open it and on the dashboard you should have version 2.0.3, if not than uninstall it and I will provide instructions to download , install the run the new version

 

First i want to see if a rootkit is involved, if you can I prefer that you copy and paste the logs in the thread in lieu of attaching them

 

1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything
 
============================================================================
 
 
 
 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
===============================================================================
 
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  •  
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
 
 
 
===============================================================================
 
Download Malwarebytes' Anti-Malware  to your desktop. 
 
  •  
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
 
 
MBAM203_zps0a230260.jpg
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 
 

 

 

 


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#7 JoeDaCabbie

JoeDaCabbie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middletown, NY
  • Local time:06:07 PM

Posted 06 November 2014 - 08:52 AM

Sadly I gave up and started using the process from Malwaretips.com blog. Combofix is running on that machine. How does that affect things?



#8 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:07 PM

Posted 06 November 2014 - 08:56 AM

Why dont you let Combofix finish and then post the log here for me to see and we can go from there


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#9 JoeDaCabbie

JoeDaCabbie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middletown, NY
  • Local time:06:07 PM

Posted 06 November 2014 - 11:22 AM

Will do. it kept saying Microsoft Security Essentials is running but I looked in the Start Menu, Control Panel, and Uninstall List and couldn't find it. Combokill wouldn't let me abort out at that point so I let it go. Even if it wrecked the OS restoring the computer wouldn't have bothered me; it's the chance to learn missed that would.

 

ComboFix 14-10-29.01 - jasmine 11/06/2014   5:59.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3758.1855 [GMT -5:00]
Running from: c:\users\jasmine\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Setup.exe
c:\windows\SysWow64\u
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-06 to 2014-11-06  )))))))))))))))))))))))))))))))
.
.
2014-11-06 13:03 . 2014-11-06 13:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-04 10:52 . 2014-11-04 10:52 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2F69F24-71B0-4DDD-9B76-9E00749FDE65}\offreg.dll
2014-11-04 10:36 . 2014-10-20 07:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2F69F24-71B0-4DDD-9B76-9E00749FDE65}\mpengine.dll
2014-10-31 09:23 . 2014-10-31 09:23 -------- d-----w- C:\TDSSKiller_Quarantine
2014-10-31 08:52 . 2014-10-31 08:52 -------- d-----w- c:\program files (x86)\7-Zip
2014-10-31 08:32 . 2014-11-06 03:49 -------- d-----w- C:\FRST
2014-10-30 02:50 . 2014-10-31 08:30 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-30 02:50 . 2014-10-30 02:50 -------- d-----w- c:\programdata\RogueKiller
2014-10-29 04:42 . 2014-10-29 04:42 -------- d-----w- c:\users\jasmine\AppData\Local\ESET
2014-10-29 04:37 . 2014-10-29 04:37 -------- d-----w- c:\program files\ESET
2014-10-28 23:22 . 2014-10-28 23:25 -------- d-----w- C:\NPE
2014-10-28 23:08 . 2014-10-28 23:08 0 ----a-w- c:\windows\SysWow64\shoCA72.tmp
2014-10-28 21:27 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-10-28 21:27 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-10-28 21:27 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-10-28 21:27 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-10-28 21:27 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-10-28 21:27 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-10-28 21:27 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-10-28 21:27 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2014-10-28 21:27 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2014-10-28 19:21 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-10-28 19:21 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-10-28 19:21 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-10-28 19:21 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-10-28 19:21 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-10-28 18:34 . 2014-10-28 18:34 -------- d-----w- c:\windows\Migration
2014-10-28 14:53 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-10-28 09:09 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-10-28 09:09 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-10-28 09:09 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-10-28 09:09 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-10-28 09:09 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-10-28 09:09 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-10-28 09:09 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-10-28 07:31 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-10-28 07:31 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-10-28 07:10 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-10-28 07:10 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-10-28 07:10 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-10-28 07:10 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-10-28 07:10 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-10-28 07:10 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-10-28 07:09 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-10-28 07:09 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-10-28 02:36 . 2014-10-28 02:36 -------- d-----w- c:\program files (x86)\ESET
2014-10-28 01:03 . 2014-10-28 01:03 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-10-28 00:50 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2014-10-28 00:50 . 2014-01-28 02:32 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-10-28 00:50 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2014-10-28 00:50 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2014-10-28 00:50 . 2013-07-04 12:50 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-10-28 00:50 . 2013-07-04 11:50 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2014-10-28 00:50 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2014-10-28 00:50 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2014-10-28 00:50 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2014-10-28 00:50 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2014-10-28 00:50 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
2014-10-28 00:50 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-10-28 00:47 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2014-10-28 00:46 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-10-28 00:45 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2014-10-28 00:44 . 2013-07-04 12:57 259584 ----a-w- c:\windows\system32\WebClnt.dll
2014-10-28 00:44 . 2013-07-04 11:57 205824 ----a-w- c:\windows\SysWow64\WebClnt.dll
2014-10-28 00:44 . 2013-07-04 12:50 102400 ----a-w- c:\windows\system32\davclnt.dll
2014-10-28 00:44 . 2013-07-04 11:51 81920 ----a-w- c:\windows\SysWow64\davclnt.dll
2014-10-28 00:44 . 2013-07-04 10:11 140800 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-10-28 00:44 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2014-10-28 00:44 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2014-10-28 00:44 . 2014-09-19 01:18 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-10-28 00:42 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-10-28 00:42 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-10-28 00:42 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-28 00:42 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-10-28 00:42 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-10-28 00:42 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2014-10-28 00:42 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2014-10-28 00:39 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2014-10-28 00:39 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2014-10-28 00:39 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
2014-10-28 00:39 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-28 00:39 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-28 00:39 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-28 00:39 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-10-28 00:39 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2014-10-28 00:39 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2014-10-28 00:39 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-10-28 00:37 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-10-28 00:36 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2014-10-28 00:36 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2014-10-28 00:36 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2014-10-28 00:36 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-10-28 00:36 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe
2014-10-28 00:36 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2014-10-28 00:36 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll
2014-10-28 00:36 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2014-10-28 00:33 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-28 00:33 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-28 00:33 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2014-10-28 00:32 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-10-28 00:32 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-10-28 00:32 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-10-28 00:32 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-10-28 00:32 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-10-28 00:32 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-10-28 00:32 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
2014-10-28 00:32 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
2014-10-28 00:32 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2014-10-28 00:32 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
2014-10-28 00:32 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2014-10-28 00:32 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
2014-10-28 00:31 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-10-28 00:31 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-10-26 21:57 . 2013-02-15 06:08 88576 ----a-w- c:\windows\system32\wecapi.dll
2014-10-26 21:57 . 2013-02-15 06:08 237568 ----a-w- c:\windows\system32\wecsvc.dll
2014-10-26 21:57 . 2013-02-15 03:53 113152 ----a-w- c:\windows\system32\wecutil.exe
2014-10-26 21:57 . 2013-02-15 02:54 80384 ----a-w- c:\windows\SysWow64\wecutil.exe
2014-10-26 21:57 . 2013-02-15 02:54 58368 ----a-w- c:\windows\SysWow64\wecapi.dll
2014-10-26 21:35 . 2014-10-26 21:35 -------- d-sh--w- c:\users\jasmine\AppData\Local\EmieUserList
2014-10-26 21:35 . 2014-10-26 21:35 -------- d-sh--w- c:\users\jasmine\AppData\Local\EmieSiteList
2014-10-26 21:34 . 2014-10-26 21:34 -------- d-----w- c:\users\jasmine\AppData\Local\VS Revo Group
2014-10-26 21:34 . 2014-10-26 21:34 -------- d-----w- c:\programdata\VS Revo Group
2014-10-26 21:34 . 2009-12-30 15:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-10-26 21:34 . 2014-10-26 21:34 -------- d-----w- c:\program files\VS Revo Group
2014-10-26 19:57 . 2014-10-26 19:57 0 ----a-w- c:\windows\system32\zybwwd.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-28 10:34 . 2012-02-29 03:44 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-26 18:10 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2014-10-26 18:10 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2014-10-03 14:02 . 2012-05-04 18:02 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-09-18 16:38 . 2014-09-18 16:38 63160 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2014-09-09 23:23 . 2014-09-09 23:23 687 ----a-w- C:\awhC9D3.tmp
2014-09-08 00:14 . 2014-09-08 00:14 687 ----a-w- C:\awh6D14.tmp
2014-09-06 16:32 . 2010-06-24 18:33 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-18 14:28 . 2014-08-18 14:28 222280 ----a-w- c:\windows\system32\drivers\epfw.sys
2014-08-18 14:28 . 2014-08-18 14:28 44632 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2014-08-18 14:28 . 2014-08-18 14:28 243440 ----a-w- c:\windows\system32\drivers\eamonm.sys
2014-08-18 14:28 . 2014-08-18 14:28 241368 ----a-w- c:\windows\SysWow64\drivers\edevmon.sys
2014-08-18 14:28 . 2014-08-18 14:28 241368 ----a-w- c:\windows\system32\drivers\edevmon.sys
2014-08-18 14:28 . 2014-08-18 14:28 169280 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2014-05-29 06:17 . 2014-05-29 05:51 6103040 ----a-w- c:\program files (x86)\GUTFD91.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GUDelayStartup"="c:\program files (x86)\Glary Utilities 5\StartupManager.exe" [2014-10-28 37152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-06 43848]
"SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-06-21 99696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-06 152392]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
2;2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys;c:\windows\SYSNATIVE\DRIVERS\FlyUsb.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MFE_RR;MFE_RR;c:\users\jasmine\AppData\Local\Temp\mfe_rr.sys;c:\users\jasmine\AppData\Local\Temp\mfe_rr.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 USER_ESRV_SVC;User Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 GUBootStartup;GUBootStartup;c:\windows\System32\drivers\GUBootStartup.sys;c:\windows\SYSNATIVE\drivers\GUBootStartup.sys [x]
S2 6077757b;6077757b;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 ESRV_SVC;Energy Server Service;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1;c:\program files\Sony\VAIO Care\ESRV\esrv_svc.exe --AUTO_START --start --address 127.0.0.1 [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;Intel® System Behavior Tracker Collector Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 semav6thermal64ro;semav6thermal64ro;c:\windows\system32\drivers\semav6thermal64ro.sys;c:\windows\SYSNATIVE\drivers\semav6thermal64ro.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-06 c:\windows\Tasks\GlaryInitialize 5.job
- c:\program files (x86)\Glary Utilities 5\Initialize.exe [2014-10-28 02:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-24 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-24 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-24 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2014-10-01 5595336]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://sony.msn.com
mDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Trusted Zone: eset.com\www
TCP: Interfaces\{333BC165-6E88-4B9C-8091-2F0C4EAC607A}: NameServer = 0.0.0.0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe
SafeBoot-03548631.sys
Toolbar-10 - (no file)
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-06  08:07:25
ComboFix-quarantined-files.txt  2014-11-06 13:07
.
Pre-Run: 475,689,644,032 bytes free
Post-Run: 534,962,466,816 bytes free
.
- - End Of File - - AEA7BE74EC42D98C73785B87F2CEC4C4
 



#10 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:07 PM

Posted 06 November 2014 - 09:34 PM

Go ahead and run the programs I posted prior to Combofix and lets see what it finds


mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



donate.gif Please consider a donation to help me keep up my fight against malware.

 

Just a reminder that threads will be closed if no response in 3 days


#11 JoeDaCabbie

JoeDaCabbie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middletown, NY
  • Local time:06:07 PM

Posted 07 November 2014 - 07:54 AM

aswMBR kicked open a can of worms during its scan. ESET went after about a hundred files it said was infected by Filecoder.CR and Filecoder.CR.Gen.



#12 JoeDaCabbie

JoeDaCabbie
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Middletown, NY
  • Local time:06:07 PM

Posted 07 November 2014 - 07:56 AM

FYI: Windows downloaded and installed important updates during the early part of this scan. I've postponed restarting until the others are done.

 

aswMBR version 1.0.1.2201 Copyright© 2014 AVAST Software
Run date: 2014-11-07 07:11:48
-----------------------------
07:11:48.124    OS Version: Windows x64 6.1.7601 Service Pack 1
07:11:48.124    Number of processors: 4 586 0x2505
07:11:48.124    ComputerName: JASMINE-VAIO  UserName: jasmine
07:11:49.279    Initialize success
07:11:49.341    VM: initialized successfully
07:11:49.341    VM: Intel CPU BiosDisabled
07:15:20.765    AVAST engine defs: 14110600
07:15:29.235    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:15:29.235    Disk 0 Vendor: TOSHIBA_ GH01 Size: 610480MB BusType: 3
07:15:29.516    Disk 0 MBR read successfully
07:15:29.532    Disk 0 MBR scan
07:15:29.547    Disk 0 Windows 7 default MBR code
07:15:29.579    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10905 MB offset 2048
07:15:29.594    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 22335488
07:15:29.610    Disk 0 default boot code
07:15:29.625    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       599473 MB offset 22540288
07:15:29.828    Disk 0 scanning C:\Windows\system32\drivers
07:16:37.121    Service scanning
07:18:38.787    Modules scanning
07:18:38.802    Disk 0 trace - called modules:
07:18:38.896    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys
07:18:38.912    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006388060]
07:18:38.927    3 CLASSPNP.SYS[fffff88001aec43f] -> nt!IofCallDriver -> [0xfffffa800434b3d0]
07:18:38.927    5 ACPI.sys[fffff88000faf7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004350050]
07:18:47.507    AVAST engine scan C:\Windows
07:19:00.347    AVAST engine scan C:\Windows\system32
07:32:48.474    AVAST engine scan C:\Windows\system32\drivers
07:33:11.172    AVAST engine scan C:\Users\jasmine
07:49:30.402    AVAST engine scan C:\ProgramData
07:53:34.050    Disk 0 statistics 4593066/0/0 @ 1.60 MB/s
07:53:34.066    Scan finished successfully
07:55:17.229    Disk 0 MBR has been saved successfully to "C:\Users\jasmine\Desktop\Cleaning Logs\MBR.dat"
07:55:17.244    The log file has been saved successfully to "C:\Users\jasmine\Desktop\Cleaning Logs\aswMBR110714.txt"

 



#13 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:06:07 PM

Posted 07 November 2014 - 08:00 AM

Do you have the logs from both scans ? What your saying doesn't sound good

 

Run this new tool to remove Poweliks and lets make sure its gone

 

 

Please download ESET Poweliks Cleanerto your desktop
 
  • Right Click  Poweliks and select Run As Administrator
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply

  • mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #14 JoeDaCabbie

    JoeDaCabbie
    • Topic Starter

    • Members
    • 31 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Middletown, NY
    • Local time:06:07 PM

    Posted 07 November 2014 - 08:05 AM

    Will get the ESET tool right now.

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.6 (11.05.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by jasmine on Fri 11/07/2014 at  7:58:59.85
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

    ~~~ Services

     

    ~~~ Registry Values

     

    ~~~ Registry Keys

     

    ~~~ Files

     

    ~~~ Folders

     

    ~~~ Event Viewer Logs were cleared

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Fri 11/07/2014 at  8:03:22.50
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    #15 JoeDaCabbie

    JoeDaCabbie
    • Topic Starter

    • Members
    • 31 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Middletown, NY
    • Local time:06:07 PM

    Posted 07 November 2014 - 08:12 AM

    I can't post the ESET log (an error occurred: Post too long) but it said no threat detected.






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users