skape7
2011-03-27, 08:52
Hi,
1. Problem: I have a PC that runs dreadfully slow & I suspect it is infected with malware. I cannot start the Windows Security Center & hence, System Restore remains disabled (The Windows Services are unable to start).
2. DDS.scr
On attemting to run DDS.scr, a new dialogue box opens with an error message” Windows can’t open this file PEV.dat”
3. Unfortunately, before I came to this forum, I had I already run Combofix.
The log is pasted below:
ComboFix 11-03-23.04 - SK 03/27/2011 2:57.2.8 - x64
Running from: c:\users\Sumeet\Downloads\PC Clean Softwares\Combo-Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\e95c6f1e.dlllllllllllllllll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 )))))))))))))))))))))))))))))))
.
.
2011-03-26 21:33 . 2011-03-26 21:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-25 16:39 . 2010-12-20 12:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-25 16:39 . 2011-03-25 16:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-24 15:16 . 2011-03-24 15:16 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-03-23 17:34 . 2011-03-23 17:34 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-03-23 17:34 . 2011-03-23 17:34 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-22 07:55 . 2010-02-02 07:04 17216 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-03-22 07:55 . 2010-02-02 07:04 28992 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-03-22 07:55 . 2011-03-22 07:55 -------- d-----w- c:\programdata\Nitro PDF
2011-03-22 07:55 . 2011-03-22 07:55 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-03-22 07:55 . 2011-03-22 07:55 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
2011-03-22 07:55 . 2011-03-22 07:55 -------- d-----w- c:\program files (x86)\Nitro PDF
2011-03-22 05:51 . 2011-03-22 05:51 -------- d-----w- c:\program files\iPod
2011-03-22 05:51 . 2011-03-22 05:51 -------- d-----w- c:\program files\iTunes
2011-03-22 05:51 . 2011-03-22 05:51 -------- d-----w- c:\program files (x86)\iTunes
2011-03-22 05:01 . 2011-03-22 05:01 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-22 05:01 . 2009-05-18 07:47 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-22 05:01 . 2008-04-17 06:42 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-03-22 05:01 . 2008-04-17 06:42 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-03-22 05:00 . 2011-03-22 05:01 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-03-22 04:54 . 2011-03-22 05:51 -------- d-----w- c:\programdata\Apple Computer
2011-03-22 04:54 . 2011-03-22 04:54 -------- d-----w- c:\program files (x86)\QuickTime
2011-03-22 04:54 . 2011-03-22 04:54 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-03-22 04:53 . 2011-03-22 04:53 -------- d-----w- c:\program files\Common Files\Apple
2011-03-22 04:53 . 2011-03-22 04:53 -------- d-----w- c:\program files\Bonjour
2011-03-22 04:53 . 2011-03-22 04:53 -------- d-----w- c:\program files (x86)\Bonjour
2011-03-22 04:53 . 2011-03-22 06:10 -------- d-----w- c:\programdata\Apple
2011-03-22 04:53 . 2011-03-22 05:51 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-03-21 08:03 . 2011-03-21 11:45 -------- d-----w- C:\lame3.98.4
2011-03-21 07:54 . 2011-03-21 07:54 -------- d-----w- c:\program files (x86)\Exact Audio Copy
2011-03-20 19:19 . 2011-03-20 19:19 -------- d-----w- c:\program files (x86)\FreeTime
2011-03-19 16:54 . 2011-03-19 16:54 -------- d-----w- c:\program files\CCleaner
2011-03-19 09:41 . 2011-03-19 09:41 -------- d-----w- c:\program files (x86)\bitRipper
2011-03-16 18:13 . 2011-03-16 18:27 -------- d-----w- c:\program files (x86)\DVDFab 8
2011-03-16 13:49 . 2011-03-16 13:49 -------- d-----w- c:\program files (x86)\Handbrake
2011-03-16 08:04 . 2011-03-16 08:04 -------- d--h--w- c:\programdata\ArcSoft
2011-03-15 10:10 . 2011-03-15 10:11 -------- d-----w- c:\program files (x86)\DVD43 Plug-in
2011-03-15 10:10 . 2010-05-25 09:56 611840 ----a-w- c:\windows\SysWow64\DVD43.dll
2011-03-13 13:26 . 2011-03-19 16:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-13 13:26 . 2011-03-13 13:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-03-13 13:01 . 2010-01-10 14:10 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-03-13 13:01 . 2011-03-13 13:03 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-03-13 12:42 . 2011-03-13 12:42 -------- d-----w- c:\programdata\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2011-03-13 12:38 . 2011-03-16 18:26 -------- d-----w- c:\users\SK
2011-03-13 10:55 . 2011-03-13 10:55 -------- d-----w- c:\programdata\Malwarebytes
2011-03-13 10:55 . 2010-12-20 12:38 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 12:29 . 2011-03-12 12:29 -------- d-----w- C:\temp
2011-03-11 15:43 . 2011-03-11 15:43 -------- d-----w- c:\program files (x86)\VideoLAN
2011-03-11 10:18 . 2011-03-11 10:18 -------- d-----w- c:\program files (x86)\CleanUp!
2011-03-11 10:10 . 2011-03-11 10:10 -------- d-----w- c:\programdata\Hewlett-Packard
2011-03-11 10:10 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-03-11 06:25 . 2011-03-11 06:25 -------- d-----w- c:\windows\system32\SPReview
2011-03-11 06:25 . 2011-03-11 06:25 -------- d-----w- c:\windows\system32\EventProviders
2011-03-11 06:22 . 2010-11-20 13:28 566208 ----a-w- c:\windows\system32\winresume.efi
2011-03-11 06:21 . 2010-11-20 13:33 155008 ----a-w- c:\windows\system32\drivers\mpio.sys
2011-03-11 06:20 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-03-11 06:20 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-03-11 06:20 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-03-11 06:20 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-03-11 06:20 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-03-11 06:20 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-03-11 06:19 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-11 06:19 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-11 06:19 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-11 06:19 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-11 06:19 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-11 06:19 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-03-11 06:19 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-03-09 16:27 . 2011-03-25 10:09 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-03-09 16:27 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-03-09 16:27 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-03-09 16:26 . 2011-03-09 16:26 -------- d-----w- c:\program files (x86)\Microsoft
2011-03-09 16:26 . 2011-03-09 16:26 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-03-09 16:26 . 2011-03-09 16:26 -------- d-----w- c:\windows\PCHEALTH
2011-03-09 16:25 . 2011-03-09 16:25 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-03-09 16:19 . 2011-03-09 16:19 -------- d-----w- c:\program files\SPHE BD-Live
2011-03-09 16:14 . 2011-03-09 16:15 -------- d-----w- C:\VAIO Sample Contents
2011-03-09 15:46 . 2011-03-09 15:46 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-03-09 15:46 . 2007-07-20 02:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-03-09 15:43 . 2009-09-05 01:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-03-09 15:43 . 2009-09-05 01:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-03-09 15:43 . 2009-09-05 01:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-03-09 15:43 . 2009-09-05 01:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-03-09 15:43 . 2009-09-05 01:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll
2011-03-09 15:43 . 2009-09-05 01:44 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2011-03-09 15:43 . 2009-09-05 01:29 5501792 ----a-w- c:\windows\SysWow64\d3dcsx_42.dll
2011-03-09 15:43 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-03-09 15:43 . 2009-09-05 01:29 5554512 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-03-09 15:43 . 2009-09-05 01:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-03-09 15:42 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-03-09 15:42 . 2009-09-05 01:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2011-03-09 15:42 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-03-09 15:42 . 2009-09-05 01:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-09 15:42 . 2009-09-05 01:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-03-09 15:42 . 2009-09-05 01:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-03-09 15:41 . 2005-04-28 00:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2011-03-09 15:41 . 2003-03-19 06:14 499712 ----a-r- c:\windows\SysWow64\msvcp71.dll
2011-03-09 15:41 . 2003-02-21 12:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-03-09 15:41 . 1995-07-31 21:44 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL
2011-03-09 15:41 . 2011-03-09 16:17 -------- d-----w- c:\program files (x86)\ArcSoft
2011-03-09 15:41 . 2011-03-09 15:41 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2011-03-09 15:41 . 2009-05-26 22:32 19968 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2011-03-09 15:41 . 2008-09-05 01:06 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll
2011-03-09 15:41 . 2011-03-09 15:41 -------- d-----w- c:\program files (x86)\Evernote
2011-03-09 15:41 . 2011-03-09 15:41 -------- d-----w- c:\programdata\Evernote
2011-03-09 15:39 . 2007-04-17 19:51 14112 ----a-w- c:\windows\system32\drivers\regi.sys
2011-03-09 15:39 . 2011-03-09 15:39 -------- d-----w- c:\program files (x86)\Common Files\InterVideo
2011-03-09 15:39 . 2011-03-09 15:39 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2011-03-09 15:39 . 2011-03-09 15:39 -------- d-----w- c:\programdata\Corel
2011-03-09 15:39 . 2011-03-09 15:39 -------- d-----w- c:\program files (x86)\Corel
2011-03-09 15:38 . 2011-03-09 15:38 -------- d-----w- C:\Documentation
2011-03-09 15:38 . 2011-03-09 15:38 -------- d-----w- C:\_FS_SWRINFO
2011-03-09 15:37 . 2008-09-25 02:17 114688 ----a-w- c:\program files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2011-03-09 15:37 . 2008-09-25 02:17 114688 ----a-w- c:\program files\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2011-03-09 15:36 . 2011-03-09 15:36 -------- d-----w- c:\users\boinc_master
2011-03-09 15:35 . 2011-03-09 03:09 -------- d-----w- c:\program files (x86)\BOINC
2011-03-09 15:35 . 2011-03-09 03:09 -------- d-----w- c:\programdata\BOINC
2011-03-09 15:35 . 2011-03-09 15:35 -------- d-----w- c:\windows\Downloaded Installations
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 06:30 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-11 06:30 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-09 14:44 . 2011-03-09 14:44 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-03-09 14:43 . 2011-03-09 14:43 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-03-09 14:43 . 2011-03-09 14:43 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-03-09 14:43 . 2011-03-09 14:43 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-03-09 14:43 . 2011-03-09 14:43 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-03-09 14:43 . 2011-03-09 14:43 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-02-18 11:06 . 2011-02-18 11:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 11:06 . 2011-02-18 11:06 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2009-12-31 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-02-13 325000]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 mscank;mscank;c:\windows\system32\DRIVERS\mscank64.sys [x]
R2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2010-10-22 253384]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-09 1436424]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2009-12-31 30935416]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-12-29 4925184]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsnf;Network Filter Service;c:\windows\system32\DRIVERS\wsnf.sys [x]
S1 ggc;ggc;c:\windows\system32\DRIVERS\ggc.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 catflt;catflt;c:\windows\system32\DRIVERS\catflt.sys [x]
S2 Core Mail Protection;Core Mail Protection;c:\program files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [2010-10-22 35784]
S2 Core Scanning Server;Core Scanning Server;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2010-10-22 253384]
S2 EMLSS;EMLSS;c:\windows\system32\drivers\emltdi.sys [x]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-02-02 324928]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-02-02 65856]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-02-15 47104]
S2 Online Protection System;Online Protection System;c:\program files\Quick Heal\Quick Heal Total Security\opssvc.exe [2010-10-22 27592]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 Quick Update Service;Quick Update Service;c:\program files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [2010-10-22 110024]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wsnfmp;Network Filter Miniport;c:\windows\system32\DRIVERS\wsnf.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 15:13]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 15:13]
.
2011-03-26 c:\windows\Tasks\Quick Heal AntiMalware Scan.job
- c:\program files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [2010-10-22 14:39]
.
2011-03-26 c:\windows\Tasks\Resume Quickup Download.job
- c:\program files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [2010-10-22 14:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]
"Quick Heal Core UI"="c:\program files\Quick Heal\Quick Heal Total Security\strtupap.exe" [2010-10-22 138696]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2011-02-13 325000]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Apoint - %ProgramFiles%\Apoint\Apoint.exe
AddRemove-ad4aca43 - c:\windows\system32\ad4aca43.exe
AddRemove-{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF} - c:\programdata\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}\VAIO Messenger Setup 2.0.291.0.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1649904300-369593567-363999876-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8b,16,24,05,32,6a,a4,c5,d2,62,d5,69,b9,f3,28,b6,ed,35,f0,95,ec,7e,ce,
2f,fe,ec,e0,92,5c,03,f5,b3,df,d1,8c,fc,de,36,ef,95,b7,59,42,d9,e7,4e,e0,5e,\
"??"=hex:b8,a8,ac,19,9a,2d,e0,70,f9,20,10,05,0c,b5,2f,4e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-27 03:05:29
ComboFix-quarantined-files.txt 2011-03-26 21:35
.
Pre-Run: 43,726,262,272 bytes free
Post-Run: 43,353,559,040 bytes free
.
- - End Of File - - D7ACE1653D99BBA7C67E6E9C67B7F402
4. Results of Spybot, pasted below:
--- Search result list ---
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2011-03-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-02-24 Includes\Adware.sbi (*)
2011-03-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-03-08 Includes\HijackersC.sbi (*)
2010-06-02 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-02-24 Includes\Malware.sbi (*)
2011-03-08 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-03 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-08 Includes\TrojansC-02.sbi (*)
2011-03-03 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-08 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
size: 35736
MD5: 8A6683AC1DAFA824615BB3857EF8C709
Located: HK_LM:Run, AdobeCS5ServiceManager
command: "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
file: C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
size: 406992
MD5: D5B783DACE1BBDD382A63C894BAB8E1E
Located: HK_LM:Run, BCSSync
command: "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
file: C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
size: 91520
MD5: DD475BD97B73008DAF3700506D919AC7
Located: HK_LM:Run, IAStorIcon
command: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
file: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
size: 284696
MD5: 25107F58D1B8F60D67D1EE95798C0DE8
Located: HK_LM:Run, ISBMgr.exe
command: "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
file: C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
size: 673136
MD5: CCA9023E3DDBE290D4381344115D99B7
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03
Located: HK_LM:Run, Malwarebytes' Anti-Malware (reboot)
command: "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
file: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
size: 963976
MD5: 4CEC4B72C5B255EC2F7C54CD03554540
Located: HK_LM:Run, PMBVolumeWatcher
command: c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
file: c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
size: 600928
MD5: AC32E0F47BB9083BB4164171A4C562A2
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: 0AEE5668EB59912F32FF245BFA72465F
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/30/2011 9:15:14 PM
Date (last access): 3/25/2011 3:35:58 PM
Date (last write): 1/30/2011 9:15:14 PM
Filesize: 62376
Attributes: archive
MD5: F31208835709A62ECC5D45211D89C772
CRC32: 7859C01E
Version: 10.0.1.434
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 3/13/2011 6:56:50 PM
Date (last access): 3/13/2011 6:56:50 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~2\MICROS~3\Office14\
Long name: GROOVEEX.DLL
Short name:
Date (created): 12/31/2009 11:12:22 AM
Date (last access): 3/9/2011 8:56:44 AM
Date (last write): 12/31/2009 11:12:22 AM
Filesize: 4220816
Attributes: archive
MD5: 6B60AAF932713A9622D2D5575579DBCF
CRC32: A2B66CF0
Version: 14.0.4730.1007
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 1/23/2009 5:11:30 AM
Date (last access): 3/9/2011 9:56:42 PM
Date (last write): 1/23/2009 5:11:30 AM
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5
{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~3\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 12/30/2009 12:34:06 PM
Date (last access): 3/9/2011 8:57:16 AM
Date (last write): 12/30/2009 12:34:06 PM
Filesize: 561040
Attributes: archive
MD5: F67963D3ED8230443ADB2CB5D53C1F34
CRC32: B08DBB63
Version: 14.0.4730.1007
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 3/9/2011 8:47:04 PM
Date (last access): 3/9/2011 8:47:04 PM
Date (last write): 3/9/2011 8:47:04 PM
Filesize: 41760
Attributes: archive
MD5: 385BD69743EA92E76CDF07B3345A25D5
CRC32: D47CB5BA
Version: 6.0.200.2
The log of Sybot is way too long for me to attach in 1 post.
Hope you can help me & Thanks in advance!
1. Problem: I have a PC that runs dreadfully slow & I suspect it is infected with malware. I cannot start the Windows Security Center & hence, System Restore remains disabled (The Windows Services are unable to start).
2. DDS.scr
On attemting to run DDS.scr, a new dialogue box opens with an error message” Windows can’t open this file PEV.dat”
3. Unfortunately, before I came to this forum, I had I already run Combofix.
The log is pasted below:
ComboFix 11-03-23.04 - SK 03/27/2011 2:57.2.8 - x64
Running from: c:\users\Sumeet\Downloads\PC Clean Softwares\Combo-Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\e95c6f1e.dlllllllllllllllll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 )))))))))))))))))))))))))))))))
.
.
2011-03-26 21:33 . 2011-03-26 21:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-25 16:39 . 2010-12-20 12:39 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-25 16:39 . 2011-03-25 16:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-24 15:16 . 2011-03-24 15:16 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2011-03-23 17:34 . 2011-03-23 17:34 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-03-23 17:34 . 2011-03-23 17:34 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-22 07:55 . 2010-02-02 07:04 17216 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-03-22 07:55 . 2010-02-02 07:04 28992 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-03-22 07:55 . 2011-03-22 07:55 -------- d-----w- c:\programdata\Nitro PDF
2011-03-22 07:55 . 2011-03-22 07:55 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-03-22 07:55 . 2011-03-22 07:55 -------- d-----w- c:\program files (x86)\Common Files\Nitro PDF
2011-03-22 07:55 . 2011-03-22 07:55 -------- d-----w- c:\program files (x86)\Nitro PDF
2011-03-22 05:51 . 2011-03-22 05:51 -------- d-----w- c:\program files\iPod
2011-03-22 05:51 . 2011-03-22 05:51 -------- d-----w- c:\program files\iTunes
2011-03-22 05:51 . 2011-03-22 05:51 -------- d-----w- c:\program files (x86)\iTunes
2011-03-22 05:01 . 2011-03-22 05:01 -------- dc----w- c:\windows\system32\DRVSTORE
2011-03-22 05:01 . 2009-05-18 07:47 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-22 05:01 . 2008-04-17 06:42 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2011-03-22 05:01 . 2008-04-17 06:42 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2011-03-22 05:00 . 2011-03-22 05:01 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-22 04:54 . 2011-03-22 04:54 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-03-22 04:54 . 2011-03-22 05:51 -------- d-----w- c:\programdata\Apple Computer
2011-03-22 04:54 . 2011-03-22 04:54 -------- d-----w- c:\program files (x86)\QuickTime
2011-03-22 04:54 . 2011-03-22 04:54 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-03-22 04:53 . 2011-03-22 04:53 -------- d-----w- c:\program files\Common Files\Apple
2011-03-22 04:53 . 2011-03-22 04:53 -------- d-----w- c:\program files\Bonjour
2011-03-22 04:53 . 2011-03-22 04:53 -------- d-----w- c:\program files (x86)\Bonjour
2011-03-22 04:53 . 2011-03-22 06:10 -------- d-----w- c:\programdata\Apple
2011-03-22 04:53 . 2011-03-22 05:51 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-03-21 08:03 . 2011-03-21 11:45 -------- d-----w- C:\lame3.98.4
2011-03-21 07:54 . 2011-03-21 07:54 -------- d-----w- c:\program files (x86)\Exact Audio Copy
2011-03-20 19:19 . 2011-03-20 19:19 -------- d-----w- c:\program files (x86)\FreeTime
2011-03-19 16:54 . 2011-03-19 16:54 -------- d-----w- c:\program files\CCleaner
2011-03-19 09:41 . 2011-03-19 09:41 -------- d-----w- c:\program files (x86)\bitRipper
2011-03-16 18:13 . 2011-03-16 18:27 -------- d-----w- c:\program files (x86)\DVDFab 8
2011-03-16 13:49 . 2011-03-16 13:49 -------- d-----w- c:\program files (x86)\Handbrake
2011-03-16 08:04 . 2011-03-16 08:04 -------- d--h--w- c:\programdata\ArcSoft
2011-03-15 10:10 . 2011-03-15 10:11 -------- d-----w- c:\program files (x86)\DVD43 Plug-in
2011-03-15 10:10 . 2010-05-25 09:56 611840 ----a-w- c:\windows\SysWow64\DVD43.dll
2011-03-13 13:26 . 2011-03-19 16:55 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-03-13 13:26 . 2011-03-13 13:26 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-03-13 13:01 . 2010-01-10 14:10 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2011-03-13 13:01 . 2011-03-13 13:03 -------- d-----w- c:\program files (x86)\SpywareBlaster
2011-03-13 12:42 . 2011-03-13 12:42 -------- d-----w- c:\programdata\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2011-03-13 12:38 . 2011-03-16 18:26 -------- d-----w- c:\users\SK
2011-03-13 10:55 . 2011-03-13 10:55 -------- d-----w- c:\programdata\Malwarebytes
2011-03-13 10:55 . 2010-12-20 12:38 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-12 12:29 . 2011-03-12 12:29 -------- d-----w- C:\temp
2011-03-11 15:43 . 2011-03-11 15:43 -------- d-----w- c:\program files (x86)\VideoLAN
2011-03-11 10:18 . 2011-03-11 10:18 -------- d-----w- c:\program files (x86)\CleanUp!
2011-03-11 10:10 . 2011-03-11 10:10 -------- d-----w- c:\programdata\Hewlett-Packard
2011-03-11 10:10 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2011-03-11 06:25 . 2011-03-11 06:25 -------- d-----w- c:\windows\system32\SPReview
2011-03-11 06:25 . 2011-03-11 06:25 -------- d-----w- c:\windows\system32\EventProviders
2011-03-11 06:22 . 2010-11-20 13:28 566208 ----a-w- c:\windows\system32\winresume.efi
2011-03-11 06:21 . 2010-11-20 13:33 155008 ----a-w- c:\windows\system32\drivers\mpio.sys
2011-03-11 06:20 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2011-03-11 06:20 . 2010-11-20 12:17 209920 ----a-w- c:\windows\SysWow64\PkgMgr.exe
2011-03-11 06:20 . 2010-11-20 12:18 323072 ----a-w- c:\windows\SysWow64\drvstore.dll
2011-03-11 06:20 . 2010-11-20 12:18 257024 ----a-w- c:\windows\SysWow64\dpx.dll
2011-03-11 06:20 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-03-11 06:20 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-03-11 06:19 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-03-11 06:19 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-03-11 06:19 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-03-11 06:19 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-03-11 06:19 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-03-11 06:19 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-03-11 06:19 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-03-09 16:27 . 2011-03-25 10:09 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-03-09 16:27 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-03-09 16:27 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-03-09 16:26 . 2011-03-09 16:26 -------- d-----w- c:\program files (x86)\Microsoft
2011-03-09 16:26 . 2011-03-09 16:26 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-03-09 16:26 . 2011-03-09 16:26 -------- d-----w- c:\windows\PCHEALTH
2011-03-09 16:25 . 2011-03-09 16:25 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-03-09 16:19 . 2011-03-09 16:19 -------- d-----w- c:\program files\SPHE BD-Live
2011-03-09 16:14 . 2011-03-09 16:15 -------- d-----w- C:\VAIO Sample Contents
2011-03-09 15:46 . 2011-03-09 15:46 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-03-09 15:46 . 2007-07-20 02:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-03-09 15:43 . 2009-09-05 01:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-03-09 15:43 . 2009-09-05 01:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-03-09 15:43 . 2009-09-05 01:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-03-09 15:43 . 2009-09-05 01:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-03-09 15:43 . 2009-09-05 01:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll
2011-03-09 15:43 . 2009-09-05 01:44 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2011-03-09 15:43 . 2009-09-05 01:29 5501792 ----a-w- c:\windows\SysWow64\d3dcsx_42.dll
2011-03-09 15:43 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-03-09 15:43 . 2009-09-05 01:29 5554512 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-03-09 15:43 . 2009-09-05 01:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-03-09 15:42 . 2009-09-05 01:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-03-09 15:42 . 2009-09-05 01:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2011-03-09 15:42 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-03-09 15:42 . 2009-09-05 01:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-03-09 15:42 . 2009-09-05 01:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-03-09 15:42 . 2009-09-05 01:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-03-09 15:41 . 2005-04-28 00:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2011-03-09 15:41 . 2003-03-19 06:14 499712 ----a-r- c:\windows\SysWow64\msvcp71.dll
2011-03-09 15:41 . 2003-02-21 12:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-03-09 15:41 . 1995-07-31 21:44 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL
2011-03-09 15:41 . 2011-03-09 16:17 -------- d-----w- c:\program files (x86)\ArcSoft
2011-03-09 15:41 . 2011-03-09 15:41 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2011-03-09 15:41 . 2009-05-26 22:32 19968 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2011-03-09 15:41 . 2008-09-05 01:06 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll
2011-03-09 15:41 . 2011-03-09 15:41 -------- d-----w- c:\program files (x86)\Evernote
2011-03-09 15:41 . 2011-03-09 15:41 -------- d-----w- c:\programdata\Evernote
2011-03-09 15:39 . 2007-04-17 19:51 14112 ----a-w- c:\windows\system32\drivers\regi.sys
2011-03-09 15:39 . 2011-03-09 15:39 -------- d-----w- c:\program files (x86)\Common Files\InterVideo
2011-03-09 15:39 . 2011-03-09 15:39 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2011-03-09 15:39 . 2011-03-09 15:39 -------- d-----w- c:\programdata\Corel
2011-03-09 15:39 . 2011-03-09 15:39 -------- d-----w- c:\program files (x86)\Corel
2011-03-09 15:38 . 2011-03-09 15:38 -------- d-----w- C:\Documentation
2011-03-09 15:38 . 2011-03-09 15:38 -------- d-----w- C:\_FS_SWRINFO
2011-03-09 15:37 . 2008-09-25 02:17 114688 ----a-w- c:\program files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2011-03-09 15:37 . 2008-09-25 02:17 114688 ----a-w- c:\program files\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2011-03-09 15:36 . 2011-03-09 15:36 -------- d-----w- c:\users\boinc_master
2011-03-09 15:35 . 2011-03-09 03:09 -------- d-----w- c:\program files (x86)\BOINC
2011-03-09 15:35 . 2011-03-09 03:09 -------- d-----w- c:\programdata\BOINC
2011-03-09 15:35 . 2011-03-09 15:35 -------- d-----w- c:\windows\Downloaded Installations
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-11 06:30 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-11 06:30 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-09 14:44 . 2011-03-09 14:44 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-03-09 14:43 . 2011-03-09 14:43 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-03-09 14:43 . 2011-03-09 14:43 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-03-09 14:43 . 2011-03-09 14:43 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-03-09 14:43 . 2011-03-09 14:43 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-03-09 14:43 . 2011-03-09 14:43 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-02-18 11:06 . 2011-02-18 11:06 51712 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2011-02-18 11:06 . 2011-02-18 11:06 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2009-12-31 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-02-13 325000]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R0 mscank;mscank;c:\windows\system32\DRIVERS\mscank64.sys [x]
R2 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2010-10-22 253384]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 9096]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-09 1436424]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2009-12-31 30935416]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-12-29 4925184]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsnf;Network Filter Service;c:\windows\system32\DRIVERS\wsnf.sys [x]
S1 ggc;ggc;c:\windows\system32\DRIVERS\ggc.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 catflt;catflt;c:\windows\system32\DRIVERS\catflt.sys [x]
S2 Core Mail Protection;Core Mail Protection;c:\program files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [2010-10-22 35784]
S2 Core Scanning Server;Core Scanning Server;c:\program files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [2010-10-22 253384]
S2 EMLSS;EMLSS;c:\windows\system32\drivers\emltdi.sys [x]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-02-02 324928]
S2 nlsX86cc;NLS Service;c:\windows\SysWOW64\NLSSRV32.EXE [2010-02-02 65856]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-02-15 47104]
S2 Online Protection System;Online Protection System;c:\program files\Quick Heal\Quick Heal Total Security\opssvc.exe [2010-10-22 27592]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 Quick Update Service;Quick Update Service;c:\program files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [2010-10-22 110024]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wsnfmp;Network Filter Miniport;c:\windows\system32\DRIVERS\wsnf.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 15:13]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 15:13]
.
2011-03-26 c:\windows\Tasks\Quick Heal AntiMalware Scan.job
- c:\program files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [2010-10-22 14:39]
.
2011-03-26 c:\windows\Tasks\Resume Quickup Download.job
- c:\program files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [2010-10-22 14:39]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-21 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-06-21 2040352]
"Quick Heal Core UI"="c:\program files\Quick Heal\Quick Heal Total Security\strtupap.exe" [2010-10-22 138696]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2011-02-13 325000]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Apoint - %ProgramFiles%\Apoint\Apoint.exe
AddRemove-ad4aca43 - c:\windows\system32\ad4aca43.exe
AddRemove-{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF} - c:\programdata\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}\VAIO Messenger Setup 2.0.291.0.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1649904300-369593567-363999876-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:8b,16,24,05,32,6a,a4,c5,d2,62,d5,69,b9,f3,28,b6,ed,35,f0,95,ec,7e,ce,
2f,fe,ec,e0,92,5c,03,f5,b3,df,d1,8c,fc,de,36,ef,95,b7,59,42,d9,e7,4e,e0,5e,\
"??"=hex:b8,a8,ac,19,9a,2d,e0,70,f9,20,10,05,0c,b5,2f,4e
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-27 03:05:29
ComboFix-quarantined-files.txt 2011-03-26 21:35
.
Pre-Run: 43,726,262,272 bytes free
Post-Run: 43,353,559,040 bytes free
.
- - End Of File - - D7ACE1653D99BBA7C67E6E9C67B7F402
4. Results of Spybot, pasted below:
--- Search result list ---
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2011-03-13 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-02-24 Includes\Adware.sbi (*)
2011-03-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2011-03-08 Includes\HijackersC.sbi (*)
2010-06-02 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-02-24 Includes\Malware.sbi (*)
2011-03-08 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-03 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-08 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-08 Includes\TrojansC-02.sbi (*)
2011-03-03 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-08 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
size: 35736
MD5: 8A6683AC1DAFA824615BB3857EF8C709
Located: HK_LM:Run, AdobeCS5ServiceManager
command: "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
file: C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
size: 406992
MD5: D5B783DACE1BBDD382A63C894BAB8E1E
Located: HK_LM:Run, BCSSync
command: "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
file: C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
size: 91520
MD5: DD475BD97B73008DAF3700506D919AC7
Located: HK_LM:Run, IAStorIcon
command: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
file: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
size: 284696
MD5: 25107F58D1B8F60D67D1EE95798C0DE8
Located: HK_LM:Run, ISBMgr.exe
command: "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
file: C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
size: 673136
MD5: CCA9023E3DDBE290D4381344115D99B7
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03
Located: HK_LM:Run, Malwarebytes' Anti-Malware (reboot)
command: "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
file: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
size: 963976
MD5: 4CEC4B72C5B255EC2F7C54CD03554540
Located: HK_LM:Run, PMBVolumeWatcher
command: c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
file: c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
size: 600928
MD5: AC32E0F47BB9083BB4164171A4C562A2
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files (x86)\QuickTime\QTTask.exe
size: 421888
MD5: 0AEE5668EB59912F32FF245BFA72465F
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/30/2011 9:15:14 PM
Date (last access): 3/25/2011 3:35:58 PM
Date (last write): 1/30/2011 9:15:14 PM
Filesize: 62376
Attributes: archive
MD5: F31208835709A62ECC5D45211D89C772
CRC32: 7859C01E
Version: 10.0.1.434
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~2\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 3/13/2011 6:56:50 PM
Date (last access): 3/13/2011 6:56:50 PM
Date (last write): 1/26/2009 3:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~2\MICROS~3\Office14\
Long name: GROOVEEX.DLL
Short name:
Date (created): 12/31/2009 11:12:22 AM
Date (last access): 3/9/2011 8:56:44 AM
Date (last write): 12/31/2009 11:12:22 AM
Filesize: 4220816
Attributes: archive
MD5: 6B60AAF932713A9622D2D5575579DBCF
CRC32: A2B66CF0
Version: 14.0.4730.1007
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 1/23/2009 5:11:30 AM
Date (last access): 3/9/2011 9:56:42 PM
Date (last write): 1/23/2009 5:11:30 AM
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5
{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: URLRedirectionBHO
CLSID name: Office Document Cache Handler
Path: C:\PROGRA~2\MICROS~3\Office14\
Long name: URLREDIR.DLL
Short name:
Date (created): 12/30/2009 12:34:06 PM
Date (last access): 3/9/2011 8:57:16 AM
Date (last write): 12/30/2009 12:34:06 PM
Filesize: 561040
Attributes: archive
MD5: F67963D3ED8230443ADB2CB5D53C1F34
CRC32: B08DBB63
Version: 14.0.4730.1007
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 3/9/2011 8:47:04 PM
Date (last access): 3/9/2011 8:47:04 PM
Date (last write): 3/9/2011 8:47:04 PM
Filesize: 41760
Attributes: archive
MD5: 385BD69743EA92E76CDF07B3345A25D5
CRC32: D47CB5BA
Version: 6.0.200.2
The log of Sybot is way too long for me to attach in 1 post.
Hope you can help me & Thanks in advance!