TechSpot

[A] "Congratulations! You won!" banners. Run MSE full scan and 5 steps

By chrm
Feb 21, 2012
  1. I have my laptop (Sony Vaio if that's important...) for about 4 months only and seems to have caught a "Congratulations! You won!" banners virus recently (though it's my 3rd computer and I am in the Internet for about 8 years with no serious virus problems). I have read a 5 steps guide, run full scan by Microsoft Security Essentials and all the other programs recommended in the guide. Seems to me that no particular activity was found though. :confused:

    Still, please see my logs below and help, if anybody can. Thank you very much.

    Well, it seems that I have installed russian version of Malwarebytes Anti-Malware, so the log is in russian. I hope it's quite clear though. Please, tell me if I should reinstall it in english and make new log. Thanks.


    Malwarebytes Anti-Malware Log:

    Malwarebytes Anti-Malware (Пробная версия) 1.60.1.1000
    www.malwarebytes.org

    Версия базы данных: v2012.02.21.03

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Chrome :: VAIO [администратор]

    Защитный модуль : Включен

    21.02.2012 19:21:20
    mbam-log-2012-02-21 (19-21-20).txt

    Тип сканирования: Быстрое сканирование
    Опции сканирования включены: Память | Запуск | Реестр | Файловая система | Эвристика/Дополнительно | Эвристика/Шурикен | PUP | PUM
    Опции сканирования отключены: P2P
    Просканированные объекты: 185742
    Времени прошло: 4 минут , 8 секунд

    Обнаруженные процессы в памяти: 0
    (Вредоносных программ не обнаружено)

    Обнаруженные модули в памяти: 0
    (Вредоносных программ не обнаружено)

    Обнаруженные ключи в реестре: 0
    (Вредоносных программ не обнаружено)

    Обнаруженные параметры в реестре: 0
    (Вредоносных программ не обнаружено)

    Объекты реестра обнаружены: 0
    (Вредоносных программ не обнаружено)

    Обнаруженные папки: 0
    (Вредоносных программ не обнаружено)

    Обнаруженные файлы: 0
    (Вредоносных программ не обнаружено)

    (конец)



    2012/02/21 19:21:05 +0200 VAIO Chrome MESSAGE Starting protection
    2012/02/21 19:21:06 +0200 VAIO Chrome MESSAGE Executing scheduled update: Daily
    2012/02/21 19:21:06 +0200 VAIO Chrome MESSAGE Database already up-to-date
    2012/02/21 19:21:07 +0200 VAIO Chrome MESSAGE Protection started successfully
    2012/02/21 19:21:10 +0200 VAIO Chrome MESSAGE Starting IP protection
    2012/02/21 19:21:11 +0200 VAIO Chrome MESSAGE IP Protection started successfully
    2012/02/21 19:27:06 +0200 VAIO Chrome MESSAGE Stopping IP protection
    2012/02/21 19:28:22 +0200 VAIO Chrome MESSAGE IP Protection stopped


    GMER log is just empty! It seems that it had not found anything, because I had no checkboxes at all.

    DDS.TXT:


    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Chrome at 19:38:25 on 2012-02-21
    Microsoft Windows 7 Домашняя расширенная 6.1.7600.0.1251.7.1049.18.8046.5300 [GMT 2:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Users\Chrome\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler.exe
    C:\Users\Chrome\AppData\Local\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files (x86)\Yandex\Punto Switcher\ps64ldr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Apoint\Apvfb.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Program Files\Sony\VAIO Care\VCsystray.exe
    C:\Program Files\Sony\VAIO Care\VCService.exe
    C:\Program Files\Sony\VAIO Care\VCAgent.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\Sony\VAIO Care\Admload.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
    uInternet Settings,ProxyOverride = <local>
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: IE 4.x-6.x BHO for Download Master: {9961627e-4059-41b4-8e0e-a7d6b3854adf} - C:\PROGRA~2\DOWNLO~2\dmiehlp.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\npchrome_frame.dll
    uRun: [Google Update] "C:\Users\Chrome\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [<NO NAME>]
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Chrome\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PUNTOS~1.LNK - C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Google ВикиКомментарии... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: Закачать ВСЕ при помощи Download Master - C:\Program Files (x86)\Download Master\dmieall.htm
    IE: Закачать при помощи Download Master - C:\Program Files (x86)\Download Master\dmie.htm
    IE: Передать на удаленную закачку DM - C:\Program Files (x86)\Download Master\remdown.htm
    IE: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files (x86)\Download Master\dmaster.exe
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{423D4F55-13A2-4D2E-BBDA-A1774A136043} : DhcpNameServer = 172.16.16.19
    TCP: Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}\4584F4D435F4E4 : DhcpNameServer = 77.120.56.2 77.120.56.5
    TCP: Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}\46C696E6B60237562776 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}\84F6D6562313 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}\A567A6F6A746F643B6160275966496 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}\D41445259485F586F6D656F593932393 : DhcpNameServer = 192.168.0.1
    Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\npchrome_frame.dll
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {9961627E-4059-41B4-8E0E-A7D6B3854ADF}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7}
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [(Ї® 㬮«з**Ёо)]
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    IE-X64: {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files (x86)\Download Master\dmaster.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-12 13336]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-21 652360]
    R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
    R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-12-1 259192]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-11-10 104960]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-10 2320920]
    R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-11-10 575856]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-10-7 836608]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-12-1 44736]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Служба Google Update (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 136176]
    S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
    S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 gupdatem;Служба Google Update (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 136176]
    S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Проверка сети (Майкрософт);C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
    S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
    S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
    S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]
    S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
    S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
    .
    =============== Created Last 30 ================
    .
    2012-02-21 17:31:06 8643640 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{482ECF88-7D71-4BF0-8DDA-3455BB326FEB}\mpengine.dll
    2012-02-21 17:20:27 -------- d-----w- C:\Users\Chrome\AppData\Roaming\Malwarebytes
    2012-02-21 17:20:12 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-02-21 17:20:11 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-02-21 17:20:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-02-19 15:12:57 515584 ----a-w- C:\Windows\System32\timedate.cpl
    2012-02-19 15:12:57 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
    2012-02-19 15:12:37 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2012-02-19 15:12:30 509952 ----a-w- C:\Windows\System32\ntshrui.dll
    2012-02-19 15:12:30 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
    2012-02-19 15:12:28 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
    2012-02-19 15:12:28 634368 ----a-w- C:\Windows\System32\msvcrt.dll
    2012-02-19 15:12:24 3143168 ----a-w- C:\Windows\System32\win32k.sys
    2012-02-10 18:25:36 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-02-10 18:25:24 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{66B22EEA-4117-4850-8555-EAF7AE354A7E}\gapaengine.dll
    2012-02-08 12:06:25 66145319 ----a-w- C:\Windows\System32\VAIO S Series - Summer 2011.scr
    2012-02-08 12:06:10 68604077 ----a-w- C:\Windows\System32\VAIO F Series - Summer 2011.scr
    2012-02-08 12:05:55 91832990 ----a-w- C:\Windows\System32\VAIO C Series - Summer 2011.scr
    2012-02-08 12:05:38 -------- d-----w- C:\Program Files (x86)\Sony Europe Limited
    2012-02-08 12:05:35 97157051 ----a-w- C:\Windows\System32\VAIO Hero Screensaver - Summer 2011 - EN.scr
    2012-02-08 12:05:28 -------- d-----w- C:\Users\Chrome\AppData\Local\Axialis
    2012-02-08 12:01:15 601511 ----a-w- C:\Windows\VAIO Clock Screen Saver.exe
    2012-02-08 12:01:15 40960 ----a-w- C:\Windows\VAIO Clock Screen Saver.dll
    2012-02-08 12:01:15 403760 ----a-w- C:\Windows\VAIO Clock Screen Saver.scr
    2012-02-08 12:01:15 18192 ----a-w- C:\Windows\VAIO Clock Screen Saver.dat
    2012-02-08 12:00:52 493054 ----a-w- C:\Windows\0_ENTER.exe
    2012-02-08 12:00:51 40960 ----a-w- C:\Windows\0_ENTER.dll
    2012-02-08 12:00:51 401184 ----a-w- C:\Windows\0_ENTER.scr
    2012-02-08 12:00:51 18192 ----a-w- C:\Windows\0_ENTER.dat
    2012-02-08 12:00:39 337056 ----a-w- C:\Windows\SysWow64\ENTER.scr
    2012-02-08 12:00:22 515469 ----a-w- C:\Windows\0_Circle.exe
    2012-02-08 12:00:21 40960 ----a-w- C:\Windows\0_Circle.dll
    2012-02-08 12:00:21 401184 ----a-w- C:\Windows\0_Circle.scr
    2012-02-08 12:00:21 18192 ----a-w- C:\Windows\0_Circle.dat
    2012-02-08 11:54:26 194560 ----a-w- C:\Windows\vaio.scr
    2012-02-08 11:54:20 606848 ----a-w- C:\Windows\flashax.exe
    2012-02-08 11:54:20 12288 ----a-w- C:\Windows\impborl.dll
    2012-02-08 11:54:20 -------- d-----w- C:\Windows\vaio dir
    2012-02-05 14:32:48 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll
    2012-02-05 14:32:48 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
    2012-02-05 14:32:48 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll
    2012-02-05 14:32:48 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
    2012-02-05 14:32:40 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll
    2012-02-05 14:32:40 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
    2012-02-05 13:51:48 -------- d-----w- C:\Program Files (x86)\GTA IV - Episodes From Liberty City
    .
    ==================== Find3M ====================
    .
    2012-02-20 10:49:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-01-09 20:40:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
    2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-11-23 18:00:00 86016 ----a-w- C:\Windows\System32\ff_vfw.dll
    .
    ============= FINISH: 19:38:48,57 ===============

    Attach.txt:


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Домашняя расширенная
    Boot Device: \Device\HarddiskVolume2
    Install Date: 01.10.2011 16:05:14
    System Uptime: 21.02.2012 4:36:28 (15 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | N/A | 1975/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 285 GiB total, 5,484 GiB free.
    D: is CDROM (UDF)
    E: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP186: 21.02.2012 15:46:01 - Центр обновления Windows
    .
    ==== Installed Programs ======================
    .
    .
    Фотоальбом Windows Live
    µTorrent
    Средство передачи Windows Live
    Программа "Восстановление данных VAIO"
    Руководство VAIO
    Перенос файлов VAIO
    Почта Windows Live
    Основные компоненты Windows Live
    Обновление Download Master 5.12.4.1297
    ABBYY Lingvo 12 Multilingual Edition
    ACDSee
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Photoshop CS4
    Adobe Photoshop Elements 8.0
    Adobe Premiere Elements 8.0
    Adobe Reader 9.5.0 - Russian
    AIMP3
    ArcSoft Magic-i Visual Effects 2
    ArcSoft WebCam Companion 3
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    DAEMON Tools Lite
    Dropbox
    GOM Player
    Google Chrome
    Google Chrome Frame
    Google Earth Plug-in
    Google Talk (remove only)
    Google Talk Plugin
    Google Update Helper
    Grand Theft Auto IV
    Grand Theft Auto: Episodes from Liberty City
    GTA IV - Episodes From Liberty City
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    IP-TV Player 0.28.1.8820
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    K-Lite Codec Pack 8.0.0 (Full)
    Mafia II
    Malwarebytes Anti-Malware, версия 1.60.1.1000
    Microsoft Choice Guard
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Office 2010
    Microsoft Office Starter 2010 - русский
    Microsoft Office нажми и работай 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVCRT
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Need for Speed Underground 2
    Nero 8 Micro v8.3.6.0
    NVIDIA PhysX
    PMB VAIO Edition Guide
    PMB VAIO Edition plug-in (Click to Disc)
    PMB VAIO Edition plug-in (VAIO Image Optimizer)
    PMB VAIO Edition plug-in (VAIO Movie Story)
    Punto Switcher 3.2
    Quick Web Access
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Rockstar Games Social Club
    Security Update for Языковой пакет клиентского профиля Microsoft.NET Framework 4 - RUS (KB2478663)
    Security Update for Языковой пакет клиентского профиля Microsoft.NET Framework 4 - RUS (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Skype™ 5.5
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    VAIO - PMB VAIO Edition Guide
    VAIO - PMB VAIO Edition plug-in (Click to Disc)
    VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
    VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
    vaio Screen Saver
    VAIO C Series - Summer 2011 Screensaver
    VAIO Care
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data
    VAIO F Series - Summer 2011 Screensaver
    VAIO Gate
    VAIO Gate Default
    VAIO Hardware Diagnostics
    VAIO Hero Screensaver - Summer 2011 Screensaver
    VAIO Media plus
    VAIO Media plus Opening Movie
    VAIO Movie Story Template Data
    VAIO S Series - Summer 2011 Screensaver
    VAIO Sample Contents
    VAIO screensaver
    VAIO Smart Network
    VAIO Update
    WAV MP3 Converter v3.9 build 972
    Winamp
    WinDjView 1.0.3
    Windows Live Communications Platform
    Windows Live Messenger
    Windows Live Sync
    Windows Live Writer
    Windows Media Player Firefox Plugin
    World of Tanks 0.6.7
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    =================================================================

    Download BTKR_RunBox to your desktop.

    Double click on downloaded BTKR_RunBox.exe file.
    Small RunBox DOS window will open.
    Press any key to continue.
    Press "1" to select "Run a scan with Bootkit Remover" option.
    Press "Enter".
    Press "Enter" one more time to generate log.
    Click OK, IF any "Warning" message pops up.
    Notepad will open with Bootkit Remover log.
    Copy the content and post it in your next reply.
    In RunBox press "4" then Enter to exit it.

    NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
     
  3. chrm

    chrm TS Rookie Topic Starter Posts: 26

    Thank you for your help, Broni. Here are the logs.

    BTW, there is also a bootkit_remover_debug_log on my desktop, which is quite bigger, than the one i posted below. Should I post it also?


    aswMBR:

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-02-21 23:14:07
    -----------------------------
    23:14:07.715 OS Version: Windows x64 6.1.7600
    23:14:07.716 Number of processors: 4 586 0x2505
    23:14:07.716 ComputerName: VAIO UserName:
    23:14:10.110 Initialize success
    23:16:42.213 AVAST engine defs: 12022100
    23:17:01.588 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    23:17:01.590 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3
    23:17:01.593 Disk 0 MBR read successfully
    23:17:01.595 Disk 0 MBR scan
    23:17:01.599 Disk 0 Windows 7 default MBR code
    23:17:01.607 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13598 MB offset 2048
    23:17:01.650 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27850752
    23:17:01.687 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 291545 MB offset 28055552
    23:17:01.754 Disk 0 scanning C:\Windows\system32\drivers
    23:17:15.907 Service scanning
    23:17:54.730 Modules scanning
    23:17:54.741 Disk 0 trace - called modules:
    23:17:54.769 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys sptd.sys hal.dll
    23:17:54.776 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009506060]
    23:17:54.781 3 CLASSPNP.SYS[fffff88000eb143f] -> nt!IofCallDriver -> [0xfffffa8007470b20]
    23:17:54.786 5 ACPI.sys[fffff880011a4781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007475050]
    23:17:57.046 AVAST engine scan C:\Windows
    23:18:03.946 AVAST engine scan C:\Windows\system32
    23:22:57.089 AVAST engine scan C:\Windows\system32\drivers
    23:23:14.380 AVAST engine scan C:\Users\Chrome
    23:31:21.942 AVAST engine scan C:\ProgramData
    23:33:43.818 Scan finished successfully
    23:35:10.936 Disk 0 MBR has been saved successfully to "C:\Users\Chrome\Desktop\MBR.dat"
    23:35:10.995 The log file has been saved successfully to "C:\Users\Chrome\Desktop\aswMBR.txt"



    BTKR_RunBox.exe

    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com
    Program version: 1.2.0.0
    OS Version: Microsoft Windows 7 Home Premium Edition (build 7600), 64-bit
    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`58300000
    Boot sector MD5 is: bb4f1627d8b9beda49ac0d010229f3ff

    Size Device Name MBR Status
    --------------------------------------------
    298 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)

    Done;



    Press any key to quit...
     
  4. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    You did fine :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. chrm

    chrm TS Rookie Topic Starter Posts: 26

    Ok, here is the ComboFix report. Thanks again for your help. :)


    ComboFix 12-02-21.02 - Chrome 22.02.2012 16:26:35.1.4 - x64
    Microsoft Windows 7 Домашняя расширенная 6.1.7600.0.1251.7.1049.18.8046.6370 [GMT 2:00]
    Running from: c:\users\Chrome\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ACD Systems\ACDSee\ImageDB.ddf
    c:\programdata\ntuser.dat
    c:\users\Chrome\AppData\Roaming\.#
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-01-22 to 2012-02-22 )))))))))))))))))))))))))))))))
    .
    .
    2012-02-22 14:32 . 2012-02-22 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-21 23:48 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3F4AAC0B-ECB5-448A-ADC3-E5D473725C3D}\mpengine.dll
    2012-02-21 17:20 . 2012-02-21 17:20 -------- d-----w- c:\users\Chrome\AppData\Roaming\Malwarebytes
    2012-02-21 17:20 . 2012-02-21 17:20 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-21 17:20 . 2012-02-21 17:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-02-21 17:20 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-20 10:50 . 2012-02-20 10:50 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-02-20 10:49 . 2012-02-20 10:49 -------- d-----w- c:\program files (x86)\Java
    2012-02-19 15:12 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-19 15:12 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-02-19 15:12 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-02-19 15:12 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-19 15:12 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
    2012-02-19 15:12 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-19 15:12 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-02-19 15:12 . 2012-01-14 04:02 3143168 ----a-w- c:\windows\system32\win32k.sys
    2012-02-10 18:25 . 2011-11-15 16:54 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2012-02-10 18:25 . 2012-02-10 18:24 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{66B22EEA-4117-4850-8555-EAF7AE354A7E}\gapaengine.dll
    2012-02-08 12:06 . 2012-02-08 12:06 66145319 ----a-w- c:\windows\system32\VAIO S Series - Summer 2011.scr
    2012-02-08 12:06 . 2012-02-08 12:06 68604077 ----a-w- c:\windows\system32\VAIO F Series - Summer 2011.scr
    2012-02-08 12:05 . 2012-02-08 12:05 91832990 ----a-w- c:\windows\system32\VAIO C Series - Summer 2011.scr
    2012-02-08 12:05 . 2012-02-08 12:06 -------- d-----w- c:\program files (x86)\Sony Europe Limited
    2012-02-08 12:05 . 2012-02-08 12:05 97157051 ----a-w- c:\windows\system32\VAIO Hero Screensaver - Summer 2011 - EN.scr
    2012-02-08 12:05 . 2012-02-14 12:01 -------- d-----w- c:\users\Chrome\AppData\Local\Axialis
    2012-02-08 12:01 . 2012-02-08 12:01 601511 ----a-w- c:\windows\VAIO Clock Screen Saver.exe
    2012-02-08 12:01 . 2012-02-08 12:01 40960 ----a-w- c:\windows\VAIO Clock Screen Saver.dll
    2012-02-05 14:32 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
    2012-02-05 14:32 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
    2012-02-05 14:32 . 2008-07-12 06:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
    2012-02-05 14:32 . 2008-07-12 06:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
    2012-02-05 14:32 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
    2012-02-05 14:32 . 2008-07-12 06:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
    2012-02-05 13:51 . 2012-02-06 10:13 -------- d-----w- c:\program files (x86)\GTA IV - Episodes From Liberty City
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-20 10:49 . 2010-11-10 11:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-02-08 07:13 . 2011-11-17 08:15 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-01-31 12:44 . 2011-11-15 16:54 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-09 20:40 . 2011-10-05 17:28 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Chrome\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Chrome\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Chrome\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Chrome\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-20 102400]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\users\Chrome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Punto Switcher.lnk - c:\program files (x86)\Yandex\Punto Switcher\punto.exe [2011-9-9 2460520]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Служба Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 136176]
    R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
    R3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 gupdatem;Служба Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 136176]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Проверка сети (Майкрософт);c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-20 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-20 67952]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-06 304496]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 836608]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
    S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 10:59]
    .
    2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 10:59]
    .
    2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3514771002-3425352414-2787321000-1000Core.job
    - c:\users\Chrome\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-05 22:19]
    .
    2012-02-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3514771002-3425352414-2787321000-1000UA.job
    - c:\users\Chrome\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-05 22:19]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Chrome\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Chrome\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Chrome\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Chrome\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Google ВикиКомментарии... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: Закачать ВСЕ при помощи Download Master - c:\program files (x86)\Download Master\dmieall.htm
    IE: Закачать при помощи Download Master - c:\program files (x86)\Download Master\dmie.htm
    IE: Передать на удаленную закачку DM - c:\program files (x86)\Download Master\remdown.htm
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-02-22 16:35:47
    ComboFix-quarantined-files.txt 2012-02-22 14:35
    .
    Pre-Run: 1*765*003*264 байт свободно
    Post-Run: 1*642*909*696 байт свободно
    .
    - - End Of File - - 2187DADB2A567B396D159C7D361C9D8F
     
  6. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. chrm

    chrm TS Rookie Topic Starter Posts: 26

    It's fine, working as usual, no changes at all, no slow downs or lags or anything like that. Now I will make this OTL log and post it.

    Thanks again. :)
     
  8. chrm

    chrm TS Rookie Topic Starter Posts: 26

    duplicate.....
     
  9. chrm

    chrm TS Rookie Topic Starter Posts: 26

    OTL.TXT:

    Part 1:

    OTL logfile created on: 22.02.2012 20:26:36 - Run 1
    OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Chrome\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

    7,86 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 77,13% Memory free
    15,71 Gb Paging File | 13,73 Gb Available in Paging File | 87,35% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284,71 Gb Total Space | 1,77 Gb Free Space | 0,62% Space Free | Partition Type: NTFS
    Drive D: | 7,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive E: | 5,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

    Computer Name: VAIO | User Name: Chrome | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - File not found --
    PRC - [2012.02.22 20:18:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Chrome\Desktop\OTL.exe
    PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
    PRC - [2011.01.29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
    PRC - [2010.05.31 18:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2010.05.31 18:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2010.05.31 16:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    PRC - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


    ========== Modules (No Company Name) ==========

    MOD - [2012.02.20 01:25:50 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\966a138f3aed60400472ac415bd16bc8\IAStorUtil.ni.dll
    MOD - [2012.02.19 17:36:30 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll
    MOD - [2012.02.19 17:36:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll
    MOD - [2012.02.19 17:35:25 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll
    MOD - [2012.02.19 17:35:16 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll
    MOD - [2012.02.19 17:35:01 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll
    MOD - [2012.02.19 17:34:55 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll
    MOD - [2012.02.19 17:34:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll
    MOD - [2012.02.19 17:34:48 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll
    MOD - [2011.10.13 13:35:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
    MOD - [2010.11.10 23:26:35 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_ru_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2010.11.10 23:26:30 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_ru_b77a5c561934e089\System.Runtime.Remoting.resources.dll
    MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011.09.23 14:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
    SRV:64bit: - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
    SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
    SRV:64bit: - [2010.10.08 08:55:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010.06.21 17:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV:64bit: - [2010.06.09 14:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
    SRV:64bit: - [2010.06.09 14:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
    SRV:64bit: - [2010.06.09 14:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV:64bit: - [2010.06.08 22:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2010.06.08 16:00:04 | 000,836,608 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
    SRV:64bit: - [2010.06.06 21:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
    SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2010.11.10 12:48:56 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010.06.20 20:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
    SRV - [2010.06.20 20:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
    SRV - [2010.06.18 06:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
    SRV - [2010.06.17 11:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2010.05.31 18:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2009.10.09 04:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
    SRV - [2009.07.14 03:16:20 | 000,010,752 | ---- | M] (Корпорация Майкрософт) [On_Demand | Stopped] -- C:\Windows\SysWOW64\wpcsvc.dll -- (WPCSvc)
    SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008.09.18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011.12.09 01:52:59 | 000,530,488 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010.10.08 08:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010.06.24 22:34:53 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
    DRV:64bit: - [2010.06.24 22:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010.06.23 22:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010.06.23 22:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
    DRV:64bit: - [2010.06.23 22:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010.06.23 22:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2010.06.23 22:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2010.06.23 22:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
    DRV:64bit: - [2010.06.23 22:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
    DRV:64bit: - [2010.05.31 23:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2010.05.31 23:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2010.05.31 23:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2010.05.31 22:10:13 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2010.05.28 22:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010.05.28 22:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
    DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009.05.26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV:64bit: - [2008.06.16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3514771002-3425352414-2787321000-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SVEE&bmod=SVEE
    IE - HKU\S-1-5-21-3514771002-3425352414-2787321000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3514771002-3425352414-2787321000-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Chrome\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
    FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Chrome\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chrome\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chrome\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)



    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\pdf.dll
    CHR - plugin: Download Master integration plugin (Enabled) = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehfanjejklfmnldbbclpocdbceaeemkn\1.2_0\npDownloadMasterPlugin.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Chrome\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Chrome\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Bejeweled = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
    CHR - Extension: BIODIGITAL HUMAN = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
    CHR - Extension: Angry Birds = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
    CHR - Extension: Truck Loader 3 HD = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\amghfbjoneabbackihglhbbnjipmljan\1.6.0_0\
    CHR - Extension: Turn Off the Lights = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.0.0.55_0\
    CHR - Extension: SKiD Racer = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhoaojooagiaaiidlnfhkkafjpbbnnno\0.0.0.37_0\
    CHR - Extension: Speed Dial = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.1_0\
    CHR - Extension: Download Master = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehfanjejklfmnldbbclpocdbceaeemkn\1.2_0\
    CHR - Extension: TiltShiftMaker = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo\1.3.2_0\
    CHR - Extension: Super Drift 3D = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjkiffjngjhagcjnmabldpekikknlief\1.0.3_0\
    CHR - Extension: Tanks Rage = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\imiagbbpcdaikfajfdpfemgmngigphfl\1.0.6_0\
    CHR - Extension: BBC Good Food = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\3_0\
    CHR - Extension: Autodesk Homestyler = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb\2.2_0\
    CHR - Extension: Best Game Apps = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcedphmnlpmkcmhmpejeoalaeljdogia\1.0.0.1_0\
    CHR - Extension: Smooth Gestures = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.15.4.12_0\
    CHR - Extension: F1 countdown timer = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\mainnhgflkjlofdnjhnocokdmnekpopm\1.0.2_0\
    CHR - Extension: \u0434\u0435\u0432\u044F\u0442\u043A\u0430 - \u041F\u0443\u043B 9 = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\oafdgpdaojfjhcolidaakebmnbibdbpb\1.0.6_0\
    CHR - Extension: YoudaSushiChef = C:\Users\Chrome\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdcolkmbenkdinfhnngacfoeopihhklh\1.0.3_0\

    O1 HOSTS File: ([2012.02.22 16:33:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (IE 4.x-6.x BHO for Download Master) - {9961627E-4059-41B4-8E0E-A7D6B3854ADF} - C:\Program Files (x86)\Download Master\dmiehlp.dll (WestByte)
    O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\npchrome_frame.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-3514771002-3425352414-2787321000-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - Startup: C:\Users\Chrome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk = C:\Program Files (x86)\Yandex\Punto Switcher\punto.exe (ООО Яндекс)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3514771002-3425352414-2787321000-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3514771002-3425352414-2787321000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3514771002-3425352414-2787321000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google ВикиКомментарии... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O8:64bit: - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files (x86)\Download Master\dmieall.htm ()
    O8:64bit: - Extra context menu item: Закачать при помощи Download Master - C:\Program Files (x86)\Download Master\dmie.htm ()
    O8:64bit: - Extra context menu item: Передать на удаленную закачку DM - C:\Program Files (x86)\Download Master\remdown.htm ()
    O8 - Extra context menu item: Google ВикиКомментарии... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Закачать ВСЕ при помощи Download Master - C:\Program Files (x86)\Download Master\dmieall.htm ()
    O8 - Extra context menu item: Закачать при помощи Download Master - C:\Program Files (x86)\Download Master\dmie.htm ()
    O8 - Extra context menu item: Передать на удаленную закачку DM - C:\Program Files (x86)\Download Master\remdown.htm ()
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files (x86)\Download Master\dmaster.exe (WestByte)
    O9 - Extra 'Tools' menuitem : &Download Master - {8DAE90AD-4583-4977-9DD4-4360F7A45C74} - C:\Program Files (x86)\Download Master\dmaster.exe (WestByte)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{423D4F55-13A2-4D2E-BBDA-A1774A136043}: DhcpNameServer = 172.16.16.19
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3593B11-7940-4EF9-BF6F-C86A919D5698}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\gcf - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\17.0.963.56\npchrome_frame.dll (Google Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009.11.28 17:41:14 | 001,024,000 | R--- | M] () - D:\autorun.exe -- [ UDF ]
    O32 - AutoRun File - [2009.05.16 14:44:09 | 000,000,049 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O32 - AutoRun File - [2010.08.24 16:48:06 | 000,000,058 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
    Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
     
  10. chrm

    chrm TS Rookie Topic Starter Posts: 26

    Part 2:

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012.02.22 20:18:54 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Chrome\Desktop\OTL.exe
    [2012.02.22 16:35:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012.02.22 16:25:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012.02.22 16:25:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012.02.22 16:25:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012.02.22 16:25:13 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012.02.22 16:25:10 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012.02.22 01:12:40 | 004,414,945 | R--- | C] (Swearware) -- C:\Users\Chrome\Desktop\ComboFix.exe
    [2012.02.21 23:37:07 | 000,083,968 | -H-- | C] (eSage Lab) -- C:\Users\Chrome\Desktop\remover.exe
    [2012.02.21 23:12:59 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Chrome\Desktop\aswMBR.exe
    [2012.02.21 19:35:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Chrome\Desktop\dds.scr
    [2012.02.21 19:20:27 | 000,000,000 | ---D | C] -- C:\Users\Chrome\AppData\Roaming\Malwarebytes
    [2012.02.21 19:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012.02.21 19:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012.02.21 19:20:11 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012.02.21 19:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012.02.21 19:17:58 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chrome\Desktop\mbam-setup-1.60.1.1000.exe
    [2012.02.20 12:50:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2012.02.20 12:49:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2012.02.19 17:13:32 | 000,716,800 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysWow64\jscript.dll
    [2012.02.19 17:13:31 | 000,818,688 | ---- | C] (Корпорация Майкрософт) -- C:\Windows\SysNative\jscript.dll
    [2012.02.17 01:30:52 | 000,000,000 | ---D | C] -- C:\Users\Chrome\Desktop\WM Games
    [2012.02.09 23:26:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
    [2012.02.08 14:06:25 | 066,145,319 | ---- | C] (Axialis Software) -- C:\Windows\SysNative\VAIO S Series - Summer 2011.scr
    [2012.02.08 14:06:10 | 068,604,077 | ---- | C] (Axialis Software) -- C:\Windows\SysNative\VAIO F Series - Summer 2011.scr
    [2012.02.08 14:05:55 | 091,832,990 | ---- | C] (Axialis Software) -- C:\Windows\SysNative\VAIO C Series - Summer 2011.scr
    [2012.02.08 14:05:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Europe Limited
    [2012.02.08 14:05:35 | 097,157,051 | ---- | C] (Axialis Software) -- C:\Windows\SysNative\VAIO Hero Screensaver - Summer 2011 - EN.scr
    [2012.02.08 14:05:28 | 000,000,000 | ---D | C] -- C:\Users\Chrome\AppData\Local\Axialis
    [2012.02.08 14:01:15 | 000,601,511 | ---- | C] (Macromedia, Inc.) -- C:\Windows\VAIO Clock Screen Saver.exe
    [2012.02.08 14:01:15 | 000,403,760 | ---- | C] (MacSourcery) -- C:\Windows\VAIO Clock Screen Saver.scr
    [2012.02.08 14:01:15 | 000,040,960 | ---- | C] (MacSourcery) -- C:\Windows\VAIO Clock Screen Saver.dll
    [2012.02.08 14:00:52 | 000,493,054 | ---- | C] (Macromedia, Inc.) -- C:\Windows\0_ENTER.exe
    [2012.02.08 14:00:51 | 000,401,184 | ---- | C] (MacSourcery) -- C:\Windows\0_ENTER.scr
    [2012.02.08 14:00:51 | 000,040,960 | ---- | C] (MacSourcery) -- C:\Windows\0_ENTER.dll
    [2012.02.08 14:00:39 | 000,337,056 | ---- | C] (Axialis Software) -- C:\Windows\SysWow64\ENTER.scr
    [2012.02.08 14:00:22 | 000,515,469 | ---- | C] (Macromedia, Inc.) -- C:\Windows\0_Circle.exe
    [2012.02.08 14:00:21 | 000,401,184 | ---- | C] (MacSourcery) -- C:\Windows\0_Circle.scr
    [2012.02.08 14:00:21 | 000,040,960 | ---- | C] (MacSourcery) -- C:\Windows\0_Circle.dll
    [2012.02.08 13:54:26 | 000,194,560 | ---- | C] (ScreenTime Media) -- C:\Windows\vaio.scr
    [2012.02.08 13:54:20 | 000,000,000 | ---D | C] -- C:\Windows\vaio dir
    [2012.02.05 16:25:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
    [2012.02.05 15:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTA IV - Episodes From Liberty City
    [2012.01.29 20:53:48 | 000,000,000 | ---D | C] -- C:\Users\Chrome\Desktop\Various
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012.02.22 20:18:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Chrome\Desktop\OTL.exe
    [2012.02.22 20:09:00 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3514771002-3425352414-2787321000-1000UA.job
    [2012.02.22 19:42:00 | 000,000,982 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012.02.22 19:42:00 | 000,000,978 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012.02.22 18:37:43 | 000,001,634 | ---- | M] () -- C:\Users\Chrome\Desktop\[36Hertz] Back To The Bass CDRIP-d0me - Ярлык.lnk
    [2012.02.22 17:16:49 | 023,616,119 | ---- | M] () -- C:\Users\Chrome\Desktop\Foxconn An Exclusive Inside Look.flv
    [2012.02.22 16:33:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012.02.22 16:23:07 | 099,054,974 | ---- | M] () -- C:\Users\Chrome\Desktop\Война Слов! (э28 что Американцам противно).mp4
    [2012.02.22 16:22:39 | 085,838,283 | ---- | M] () -- C:\Users\Chrome\Desktop\Rihanna - We Found Love (Live at BRIT Awards 2012).mp4
    [2012.02.22 14:30:56 | 000,001,342 | ---- | M] () -- C:\Users\Chrome\Desktop\Top Gear America - [02x10] - 2012.02.21 [720p x264 by MOMENTUM].lnk
    [2012.02.22 13:09:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3514771002-3425352414-2787321000-1000Core.job
    [2012.02.22 11:58:37 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012.02.22 11:58:37 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012.02.22 11:50:46 | 000,001,125 | ---- | M] () -- C:\Users\Chrome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Punto Switcher.lnk
    [2012.02.22 11:50:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012.02.22 11:50:03 | 2032,738,303 | -HS- | M] () -- C:\hiberfil.sys
    [2012.02.22 01:12:56 | 004,414,945 | R--- | M] (Swearware) -- C:\Users\Chrome\Desktop\ComboFix.exe
    [2012.02.21 23:35:10 | 000,000,512 | ---- | M] () -- C:\Users\Chrome\Desktop\MBR.dat
    [2012.02.21 23:13:42 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Chrome\Desktop\aswMBR.exe
    [2012.02.21 19:35:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Chrome\Desktop\dds.scr
    [2012.02.21 19:26:29 | 000,302,592 | ---- | M] () -- C:\Users\Chrome\Desktop\zjo0ge31.exe
    [2012.02.21 19:20:15 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.02.21 19:19:01 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chrome\Desktop\mbam-setup-1.60.1.1000.exe
    [2012.02.21 11:55:38 | 002,383,701 | ---- | M] () -- C:\Users\Chrome\Desktop\180212-u.pdf
    [2012.02.20 21:15:05 | 230,500,781 | ---- | M] () -- C:\Users\Chrome\Desktop\SB.TV - Rita Ora Interview.mp4
    [2012.02.20 13:31:16 | 000,001,357 | ---- | M] () -- C:\Users\Chrome\Desktop\Extras.lnk
    [2012.02.19 23:33:18 | 000,001,682 | ---- | M] () -- C:\Users\Chrome\Desktop\stephen.merchant.hello.ladies.dvdrip.xvid-haggis.lnk
    [2012.02.19 17:29:15 | 000,297,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012.02.19 17:25:32 | 001,561,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012.02.19 17:25:32 | 000,686,688 | ---- | M] () -- C:\Windows\SysNative\perfh019.dat
    [2012.02.19 17:25:32 | 000,618,552 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012.02.19 17:25:32 | 000,133,866 | ---- | M] () -- C:\Windows\SysNative\perfc019.dat
    [2012.02.19 17:25:32 | 000,107,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012.02.19 17:23:45 | 001,566,192 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012.02.19 15:44:24 | 000,001,157 | ---- | M] () -- C:\Users\Chrome\Desktop\ricky gervais live animals.lnk
    [2012.02.19 03:09:08 | 000,001,687 | ---- | M] () -- C:\Users\Chrome\Desktop\Bridesmaids.UNRATED.BRRIP.MP4.x264.720p-HR.lnk
    [2012.02.19 01:48:10 | 000,001,222 | ---- | M] () -- C:\Users\Chrome\Desktop\Boardwalk.Empire.s01e01.rus.LostFilm.TV.lnk
    [2012.02.17 14:41:13 | 007,773,614 | ---- | M] () -- C:\Users\Chrome\Desktop\oliver_koletzki_-_hypnotized_feat._fran_(zaycev.net).mp3
    [2012.02.17 01:45:12 | 020,111,239 | ---- | M] () -- C:\Users\Chrome\Desktop\WM Games.rar
    [2012.02.15 01:41:12 | 259,580,631 | ---- | M] () -- C:\Users\Chrome\Desktop\Inside The Actors Studio - Eddie Murphy.flv
    [2012.02.15 01:40:12 | 377,380,424 | ---- | M] () -- C:\Users\Chrome\Desktop\Inside The Actors Studio - Robin Williams.flv
    [2012.02.15 01:39:51 | 293,038,877 | ---- | M] () -- C:\Users\Chrome\Desktop\Inside The Actors Studio - Chris Rock.flv
    [2012.02.15 01:34:08 | 140,013,193 | ---- | M] () -- C:\Users\Chrome\Desktop\Inside The Actors Studio - Jim Carrey.flv
    [2012.02.14 12:30:13 | 218,258,824 | ---- | M] () -- C:\Users\Chrome\Desktop\84138468.mp4
    [2012.02.13 13:59:05 | 020,309,584 | ---- | M] () -- C:\Users\Chrome\Desktop\D1NZ mt smart 2012 Mazda Luce 20b burnout fail.mp4
    [2012.02.09 17:00:26 | 000,054,836 | ---- | M] () -- C:\Users\Chrome\Desktop\ebaytoday3.JPG
    [2012.02.09 14:51:41 | 000,055,999 | ---- | M] () -- C:\Users\Chrome\Desktop\ebaytoday2.JPG
    [2012.02.09 14:51:19 | 000,195,734 | ---- | M] () -- C:\Users\Chrome\Desktop\ebaytoday2.png
    [2012.02.08 14:14:58 | 002,689,654 | ---- | M] () -- C:\Windows\ACD Wallpaper.bmp
    [2012.02.08 14:06:26 | 066,145,319 | ---- | M] (Axialis Software) -- C:\Windows\SysNative\VAIO S Series - Summer 2011.scr
    [2012.02.08 14:06:11 | 068,604,077 | ---- | M] (Axialis Software) -- C:\Windows\SysNative\VAIO F Series - Summer 2011.scr
    [2012.02.08 14:05:56 | 091,832,990 | ---- | M] (Axialis Software) -- C:\Windows\SysNative\VAIO C Series - Summer 2011.scr
    [2012.02.08 14:05:37 | 097,157,051 | ---- | M] (Axialis Software) -- C:\Windows\SysNative\VAIO Hero Screensaver - Summer 2011 - EN.scr
    [2012.02.08 14:01:26 | 000,012,288 | ---- | M] () -- C:\Windows\impborl.dll
    [2012.02.08 14:01:15 | 000,601,511 | ---- | M] (Macromedia, Inc.) -- C:\Windows\VAIO Clock Screen Saver.exe
    [2012.02.08 14:01:15 | 000,403,760 | ---- | M] (MacSourcery) -- C:\Windows\VAIO Clock Screen Saver.scr
    [2012.02.08 14:01:15 | 000,040,960 | ---- | M] (MacSourcery) -- C:\Windows\VAIO Clock Screen Saver.dll
    [2012.02.08 14:00:52 | 000,493,054 | ---- | M] (Macromedia, Inc.) -- C:\Windows\0_ENTER.exe
    [2012.02.08 14:00:52 | 000,401,184 | ---- | M] (MacSourcery) -- C:\Windows\0_ENTER.scr
    [2012.02.08 14:00:51 | 000,040,960 | ---- | M] (MacSourcery) -- C:\Windows\0_ENTER.dll
    [2012.02.08 14:00:40 | 000,337,056 | ---- | M] (Axialis Software) -- C:\Windows\SysWow64\ENTER.scr
    [2012.02.08 14:00:22 | 000,515,469 | ---- | M] (Macromedia, Inc.) -- C:\Windows\0_Circle.exe
    [2012.02.08 14:00:22 | 000,401,184 | ---- | M] (MacSourcery) -- C:\Windows\0_Circle.scr
    [2012.02.08 14:00:21 | 000,040,960 | ---- | M] (MacSourcery) -- C:\Windows\0_Circle.dll
    [2012.02.08 13:54:26 | 000,194,560 | ---- | M] (ScreenTime Media) -- C:\Windows\vaio.scr
    [2012.02.07 16:49:36 | 000,150,747 | ---- | M] () -- C:\Users\Chrome\Desktop\img01932.jpg
    [2012.02.07 16:30:30 | 289,999,931 | ---- | M] () -- C:\Users\Chrome\Desktop\38118440.mp4
    [2012.02.07 15:44:53 | 074,245,578 | ---- | M] () -- C:\Users\Chrome\Desktop\Formula 1 2011 Season Highlights (HD).mp4
    [2012.02.06 11:26:31 | 124,375,317 | ---- | M] () -- C:\Users\Chrome\Desktop\Amazing F1 stuff - Lotus E20 Launch.flv
    [2012.02.05 16:25:58 | 000,002,136 | ---- | M] () -- C:\Users\Chrome\Desktop\GTA IV - Episodes From Liberty City.lnk
    [2012.01.31 18:45:56 | 001,674,385 | ---- | M] () -- C:\Users\Chrome\Desktop\!!!COLOUR.png
    [2012.01.30 13:06:02 | 138,877,648 | ---- | M] () -- C:\Users\Chrome\Desktop\H2Oi 2011 OC MD - (BsaintMedia Official Video).mp4
    [2012.01.30 12:59:26 | 191,411,789 | ---- | M] () -- C:\Users\Chrome\Desktop\Before Worthersee 2011.mp4
    [2012.01.30 12:43:35 | 000,347,491 | ---- | M] () -- C:\test.xml
    [2012.01.29 23:26:35 | 000,001,485 | ---- | M] () -- C:\Users\Chrome\Desktop\Susana - Discography.lnk
    [2012.01.29 21:29:52 | 000,000,964 | ---- | M] () -- C:\Users\Chrome\Desktop\Квартиры.lnk
    [2012.01.29 15:23:26 | 000,001,302 | ---- | M] () -- C:\Users\Chrome\Desktop\Grand Theft Auto IV.lnk
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012.02.22 18:37:43 | 000,001,634 | ---- | C] () -- C:\Users\Chrome\Desktop\[36Hertz] Back To The Bass CDRIP-d0me - Ярлык.lnk
    [2012.02.22 17:16:33 | 023,616,119 | ---- | C] () -- C:\Users\Chrome\Desktop\Foxconn An Exclusive Inside Look.flv
    [2012.02.22 16:25:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012.02.22 16:25:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012.02.22 16:25:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012.02.22 16:25:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012.02.22 16:25:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012.02.22 16:21:12 | 099,054,974 | ---- | C] () -- C:\Users\Chrome\Desktop\Война Слов! (э28 что Американцам противно).mp4
    [2012.02.22 16:20:58 | 085,838,283 | ---- | C] () -- C:\Users\Chrome\Desktop\Rihanna - We Found Love (Live at BRIT Awards 2012).mp4
    [2012.02.22 14:30:56 | 000,001,342 | ---- | C] () -- C:\Users\Chrome\Desktop\Top Gear America - [02x10] - 2012.02.21 [720p x264 by MOMENTUM].lnk
    [2012.02.21 23:35:10 | 000,000,512 | ---- | C] () -- C:\Users\Chrome\Desktop\MBR.dat
    [2012.02.21 19:26:26 | 000,302,592 | ---- | C] () -- C:\Users\Chrome\Desktop\zjo0ge31.exe
    [2012.02.21 19:20:15 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012.02.21 11:55:42 | 002,383,701 | ---- | C] () -- C:\Users\Chrome\Desktop\180212-u.pdf
    [2012.02.20 21:12:15 | 230,500,781 | ---- | C] () -- C:\Users\Chrome\Desktop\SB.TV - Rita Ora Interview.mp4
    [2012.02.20 13:31:16 | 000,001,357 | ---- | C] () -- C:\Users\Chrome\Desktop\Extras.lnk
    [2012.02.20 13:15:19 | 366,891,008 | ---- | C] () -- C:\Users\Chrome\Desktop\inside.the.actors.studio.ricky.gervais-siso.avi
    [2012.02.19 23:33:18 | 000,001,682 | ---- | C] () -- C:\Users\Chrome\Desktop\stephen.merchant.hello.ladies.dvdrip.xvid-haggis.lnk
    [2012.02.19 15:44:24 | 000,001,157 | ---- | C] () -- C:\Users\Chrome\Desktop\ricky gervais live animals.lnk
    [2012.02.19 03:09:08 | 000,001,687 | ---- | C] () -- C:\Users\Chrome\Desktop\Bridesmaids.UNRATED.BRRIP.MP4.x264.720p-HR.lnk
    [2012.02.19 01:48:10 | 000,001,222 | ---- | C] () -- C:\Users\Chrome\Desktop\Boardwalk.Empire.s01e01.rus.LostFilm.TV.lnk
    [2012.02.17 14:40:13 | 007,773,614 | ---- | C] () -- C:\Users\Chrome\Desktop\oliver_koletzki_-_hypnotized_feat._fran_(zaycev.net).mp3
    [2012.02.17 01:45:05 | 020,111,239 | ---- | C] () -- C:\Users\Chrome\Desktop\WM Games.rar
    [2012.02.15 01:34:11 | 259,580,631 | ---- | C] () -- C:\Users\Chrome\Desktop\Inside The Actors Studio - Eddie Murphy.flv
    [2012.02.15 01:31:58 | 293,038,877 | ---- | C] () -- C:\Users\Chrome\Desktop\Inside The Actors Studio - Chris Rock.flv
    [2012.02.15 01:31:14 | 377,380,424 | ---- | C] () -- C:\Users\Chrome\Desktop\Inside The Actors Studio - Robin Williams.flv
    [2012.02.15 01:31:01 | 140,013,193 | ---- | C] () -- C:\Users\Chrome\Desktop\Inside The Actors Studio - Jim Carrey.flv
    [2012.02.14 12:27:07 | 218,258,824 | ---- | C] () -- C:\Users\Chrome\Desktop\84138468.mp4
    [2012.02.13 13:58:57 | 020,309,584 | ---- | C] () -- C:\Users\Chrome\Desktop\D1NZ mt smart 2012 Mazda Luce 20b burnout fail.mp4
    [2012.02.09 17:00:26 | 000,054,836 | ---- | C] () -- C:\Users\Chrome\Desktop\ebaytoday3.JPG
    [2012.02.09 14:51:40 | 000,055,999 | ---- | C] () -- C:\Users\Chrome\Desktop\ebaytoday2.JPG
    [2012.02.09 14:51:19 | 000,195,734 | ---- | C] () -- C:\Users\Chrome\Desktop\ebaytoday2.png
    [2012.02.08 13:54:20 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
    [2012.02.07 16:49:41 | 000,150,747 | ---- | C] () -- C:\Users\Chrome\Desktop\img01932.jpg
    [2012.02.07 16:18:21 | 289,999,931 | ---- | C] () -- C:\Users\Chrome\Desktop\38118440.mp4
    [2012.02.07 15:41:42 | 074,245,578 | ---- | C] () -- C:\Users\Chrome\Desktop\Formula 1 2011 Season Highlights (HD).mp4
    [2012.02.07 02:34:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012.02.06 11:24:51 | 124,375,317 | ---- | C] () -- C:\Users\Chrome\Desktop\Amazing F1 stuff - Lotus E20 Launch.flv
    [2012.02.05 16:25:58 | 000,002,136 | ---- | C] () -- C:\Users\Chrome\Desktop\GTA IV - Episodes From Liberty City.lnk
    [2012.01.31 18:45:55 | 001,674,385 | ---- | C] () -- C:\Users\Chrome\Desktop\!!!COLOUR.png
    [2012.01.30 13:05:10 | 138,877,648 | ---- | C] () -- C:\Users\Chrome\Desktop\H2Oi 2011 OC MD - (BsaintMedia Official Video).mp4
    [2012.01.30 12:58:14 | 191,411,789 | ---- | C] () -- C:\Users\Chrome\Desktop\Before Worthersee 2011.mp4
    [2012.01.29 23:26:35 | 000,001,485 | ---- | C] () -- C:\Users\Chrome\Desktop\Susana - Discography.lnk
    [2012.01.29 21:37:31 | 002,689,654 | ---- | C] () -- C:\Windows\ACD Wallpaper.bmp
    [2012.01.29 21:29:52 | 000,000,964 | ---- | C] () -- C:\Users\Chrome\Desktop\Квартиры.lnk
    [2012.01.29 15:23:26 | 000,001,302 | ---- | C] () -- C:\Users\Chrome\Desktop\Grand Theft Auto IV.lnk
    [2011.12.09 02:45:05 | 000,000,017 | ---- | C] () -- C:\Users\Chrome\AppData\Local\resmon.resmoncfg
    [2011.11.22 22:41:14 | 000,033,576 | ---- | C] () -- C:\Windows\SysWow64\BCGPOleAcc.dll
    [2011.11.02 11:43:59 | 000,003,584 | ---- | C] () -- C:\Users\Chrome\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011.10.05 21:28:17 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2011.10.02 11:09:19 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\ldf252.dll
    [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011.01.10 20:04:50 | 001,566,192 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011.01.10 19:50:51 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2010.10.12 19:30:23 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
    [2010.10.12 19:30:22 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2010.10.12 19:30:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
    [2010.10.12 19:30:21 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2010.10.12 19:30:20 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2010.10.12 19:30:13 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
    [2010.10.12 19:30:13 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
    [2010.10.12 19:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010.10.08 08:55:10 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== LOP Check ==========

    [2011.10.06 22:01:56 | 000,000,000 | ---D | M] -- C:\Users\Chrome\AppData\Roaming\ACD Systems
    [2012.02.11 13:42:33 | 000,000,000 | ---D | M] -- C:\Users\Chrome\AppData\Roaming\AIMP3
    [2011.12.01 01:27:01 | 000,000,000 | ---D | M] -- C:\Users\Chrome\AppData\Roaming\Auslogics
    [2012.02.09 23:25:34 | 000,000,000 | ---D | M] -- C:\Users\Chrome\AppData\Roaming\DAEMON Tools Lite
    [2011.10.20 13:39:44 | 000,000,000 | ---D | M] -- C:\Users\Chrome\AppData\Roaming\Download Master
    [2012.02.22 19:32:22 | 000,000,000 | ---D | M] -- C:\Users\Chrome\AppData\Roaming\Dropbox
    [2012.02.19 19:41:14 | 000,000,000 | ---D | M] -- C:\Users\Chrome\AppData\Roaming\IP-TV Player
    [2012.01.27 21:49:19 | 000,000,000 | ---D | M] -- C:\Users\Chrome\AppData\Roaming\OnLive App
    [2012.02.22 02:38:38 | 000,000,000 | ---D | M] -- C:\Users\Chrome\AppData\Roaming\SoftGrid Client
    [2011.01.10 20:05:42 | 000,000,000 | ---D | M] -- C:\Users\Chrome\AppData\Roaming\TP
    [2012.02.22 20:23:52 | 000,000,000 | ---D | M] -- C:\Users\Chrome\AppData\Roaming\uTorrent
    [2011.12.09 17:09:41 | 000,000,000 | ---D | M] -- C:\Users\Chrome\AppData\Roaming\wargaming.net
    [2011.01.10 18:12:35 | 000,000,000 | ---D | M] -- C:\Users\Chrome\AppData\Roaming\Yandex
    [2012.01.10 00:55:40 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2012.02.22 16:35:47 | 000,022,305 | ---- | M] () -- C:\ComboFix.txt
    [2012.02.22 11:50:03 | 2032,738,303 | -HS- | M] () -- C:\hiberfil.sys
    [2010.11.10 13:14:05 | 000,316,696 | ---- | M] () -- C:\lv.log
    [2011.12.06 10:51:00 | 000,020,355 | ---- | M] () -- C:\M1319.log
    [2012.02.22 11:50:40 | 4141,977,599 | -HS- | M] () -- C:\pagefile.sys
    [2010.11.10 12:38:38 | 000,002,935 | ---- | M] () -- C:\RHDSetup.log
    [2011.10.18 21:52:34 | 000,000,074 | -H-- | M] () -- C:\splash.idx
    [2012.01.30 12:43:35 | 000,347,491 | ---- | M] () -- C:\test.xml
    [2010.11.10 13:21:52 | 000,412,682 | ---- | M] () -- C:\vcredist_x86.log
    [2011.07.19 16:46:28 | 000,004,112 | -H-- | M] () -- C:\version

    < %systemroot%\Fonts\*.com >
    [2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012.02.08 14:00:22 | 000,401,184 | ---- | M] (MacSourcery) -- C:\Windows\0_Circle.scr
    [2012.02.08 14:00:52 | 000,401,184 | ---- | M] (MacSourcery) -- C:\Windows\0_ENTER.scr
    [2012.02.08 14:01:15 | 000,403,760 | ---- | M] (MacSourcery) -- C:\Windows\VAIO Clock Screen Saver.scr
    [2012.02.08 13:54:26 | 000,194,560 | ---- | M] (ScreenTime Media) -- C:\Windows\vaio.scr
    [2010.04.16 23:58:04 | 000,306,544 | ---- | M] (Корпорация Майкрософт) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009.07.14 06:49:38 | 000,000,146 | -HS- | M] () -- C:\Users\Chrome\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012.02.21 23:13:42 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Chrome\Desktop\aswMBR.exe
    [2012.02.22 01:12:56 | 004,414,945 | R--- | M] (Swearware) -- C:\Users\Chrome\Desktop\ComboFix.exe
    [2012.02.21 19:19:01 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chrome\Desktop\mbam-setup-1.60.1.1000.exe
    [2012.02.22 20:18:58 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Chrome\Desktop\OTL.exe
    [2010.09.21 21:40:19 | 000,083,968 | -H-- | M] (eSage Lab) -- C:\Users\Chrome\Desktop\remover.exe
    [2012.02.21 19:26:29 | 000,302,592 | ---- | M] () -- C:\Users\Chrome\Desktop\zjo0ge31.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009.06.10 23:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011.10.01 14:01:35 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011.10.01 14:01:35 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011.10.01 14:01:35 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011.10.01 14:01:35 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011.10.01 14:01:35 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
    [2011.10.01 14:01:35 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012.02.19 17:29:53 | 000,000,402 | -HS- | M] () -- C:\Users\Chrome\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011.10.05 21:28:17 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >
    VAIO Clock Screen Saver.exe

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  11. chrm

    chrm TS Rookie Topic Starter Posts: 26

    Extras.txt:



    OTL Extras logfile created on: 22.02.2012 20:26:36 - Run 1
    OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Chrome\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000419 | Country: Россия | Language: RUS | Date Format: dd.MM.yyyy

    7,86 Gb Total Physical Memory | 6,06 Gb Available Physical Memory | 77,13% Memory free
    15,71 Gb Paging File | 13,73 Gb Available in Paging File | 87,35% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 284,71 Gb Total Space | 1,77 Gb Free Space | 0,62% Space Free | Partition Type: NTFS
    Drive D: | 7,39 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
    Drive E: | 5,57 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

    Computer Name: VAIO | User Name: Chrome | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-3514771002-3425352414-2787321000-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDBrowse] -- "C:\PROGRA~2\ACDSYS~1\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc)
    "{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
    "{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc)
    "{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
    "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
    "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
    "{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
    "{446E8399-F26A-35F5-B140-A7C0DFE33A7A}" = Microsoft .NET Framework 4 Client Profile RUS Language Pack
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story)
    "{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
    "{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
    "{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Центр устройств Windows Mobile
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
    "{7F20FBE0-9939-4BA0-9290-628727D63D55}" = Microsoft Antimalware Service RU-RU Language Pack
    "{90140000-006D-0419-1000-0000000FF1CE}" = Microsoft Office нажми и работай 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
    "{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client RU-RU Language Pack
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "KLiteCodecPack64_is1" = K-Lite Codec Pack 5.5.0 (64-bit)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile RUS Language Pack" = Языковой пакет клиентского профиля Microsoft.NET Framework 4 - RUS
    "Microsoft Security Client" = Microsoft Security Essentials
    "WinRAR archiver" = WinRAR 4.0.0 (64-разрядная)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
    "{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
    "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
    "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
    "{08BB86A3-BD8B-491F-9751-CDA93D8E0B59}" = Windows Live Sync
    "{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access
    "{15088310-1915-4541-B6F6-99B7F8EB5FDB}" = Почта Windows Live
    "{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
    "{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
    "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
    "{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
    "{18BFDC24-7E37-478C-9ADB-7E143C7A2BEE}" = Windows Live Messenger
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks 0.6.7
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Средство передачи Windows Live
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
    "{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
    "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
    "{3B4AA25D-83CF-4C40-83F3-BA687CF2EFC7}" = Windows Live Writer
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
    "{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
    "{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
    "{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
    "{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
    "{5454083B-1308-4485-BF17-1110000B8401}" = Grand Theft Auto IV
    "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
    "{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
    "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = Программа "Восстановление данных VAIO"
    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
    "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
    "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = Перенос файлов VAIO
    "{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
    "{6F03DF2C-A0DC-4506-96D7-C0712A4904F4}" = Punto Switcher 3.2
    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
    "{70991E0A-1108-437E-BA7D-085702C670C0}" =
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{772B1B81-03C5-43E5-85E0-4332A82EDADB}" = Основные компоненты Windows Live
    "{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
    "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
    "{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
    "{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
    "{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
    "{87B69CED-965B-4923-B4AD-702815548EF6}" = Фотоальбом Windows Live
    "{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
    "{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
    "{90140011-0066-0419-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - русский
    "{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
    "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
    "{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
    "{A1200000-0004-0000-0000-074957833700}" = ABBYY Lingvo 12 Multilingual Edition
    "{A20548C1-4B08-C41D-A3A8-FE8C933C2A00}" = Catalyst Control Center InstallProxy
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1" = WAV MP3 Converter v3.9 build 972
    "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
    "{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1049-7B44-A95000000001}" = Adobe Reader 9.5.0 - Russian
    "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
    "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
    "{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
    "{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
    "{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
    "{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
    "{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
    "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = Руководство VAIO
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
    "{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
    "{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
    "{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc)
    "{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
    "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
    "{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
    "{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
    "{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
    "{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
    "{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
    "{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
    "{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
    "{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story)
    "ACDSee" = ACDSee
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS4_is1" = Adobe Photoshop CS4
    "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
    "AIMP3" = AIMP3
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Download Master_is1" = Обновление Download Master 5.12.4.1297
    "GOM Player" = GOM Player
    "Google Chrome" = Google Chrome
    "Google Chrome Frame" = Google Chrome Frame
    "GTA IV - Episodes From Liberty City_is1" = GTA IV - Episodes From Liberty City
    "InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
    "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc)
    "InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = VAIO - PMB VAIO Edition Guide
    "InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
    "IP-TV_Player" = IP-TV Player 0.28.1.8820
    "KLiteCodecPack_is1" = K-Lite Codec Pack 8.0.0 (Full)
    "Mafia II_is1" = Mafia II
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware, версия 1.60.1.1000
    "Nero8360_Micro_is1" = Nero 8 Micro v8.3.6.0
    "Office14.Click2Run" = Microsoft Office нажми и работай 2010
    "PremElem80" = Adobe Premiere Elements 8.0
    "Rockstar Games Social Club" = Rockstar Games Social Club
    "splashtop" = Quick Web Access
    "uTorrent" = µTorrent
    "vaio" = vaio Screen Saver
    "VAIO C Series - Summer 2011 Screensaver" = VAIO C Series - Summer 2011 Screensaver
    "VAIO F Series - Summer 2011 Screensaver" = VAIO F Series - Summer 2011 Screensaver
    "VAIO Help and Support" =
    "VAIO Hero Screensaver - Summer 2011 Screensaver" = VAIO Hero Screensaver - Summer 2011 Screensaver
    "VAIO S Series - Summer 2011 Screensaver" = VAIO S Series - Summer 2011 Screensaver
    "VAIO screensaver" = VAIO screensaver
    "Winamp" = Winamp
    "WinDjView" = WinDjView 1.0.3
    "WinLiveSuite_Wave3" = Основные компоненты Windows Live

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3514771002-3425352414-2787321000-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Good news :)

    OTL log looks clean.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. chrm

    chrm TS Rookie Topic Starter Posts: 26

    Ok, java said I have the latest version, but I did all the steps you wrote anyway. And JavRa part too.

    Now the Secutiry Check:


    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Adobe Flash Player ( 10.0.45.2) Flash Player Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Microsoft Security Essentials msseces.exe
    Microsoft Security Client Antimalware MsMpEng.exe
    Microsoft Security Client Antimalware NisSrv.exe
    ``````````End of Log````````````


    Farbar Service Scanner:

    Farbar Service Scanner Version: 22-02-2012
    Ran by Chrome (administrator) on 23-02-2012 at 00:17:40
    Running from "C:\Users\Chrome\Desktop"
    Microsoft Windows 7 Домашняя расширенная (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys
    [2012-02-19 17:12] - [2011-12-28 05:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll
    [2009-07-14 02:09] - [2009-07-14 03:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll
    [2009-07-14 01:36] - [2009-07-14 03:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll
    [2009-07-14 02:36] - [2009-07-14 03:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****

    Run TFC, rebooted. BTW, this "Congrat. you won!" banner with sound even appears on this very board, I am writing! After all this steps it's still here?

    Also, my notification bar says there is no connection, but the Internet is working fine. It happened after the TFC I think... Is it a temporary bug and will it disappear later?

    Thanks. :)

    P.S. ESET Scanning is in process.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Go on with Eset for now.
     
  15. chrm

    chrm TS Rookie Topic Starter Posts: 26

    ESET finished, says no threats found. I can tick "Uninstall appplication on close" and press "Finish" button?

    BTW, in my country it's 2:00 AM now, so I have to go to sleep. Thanks a lot for your help. :)
     
  16. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Yes.
     
  17. chrm

    chrm TS Rookie Topic Starter Posts: 26

    Ok, I don't see any "Congratulations! You won!" banners and don't hear any sounds - does it mean, that my laptop is cured? Should I do anything else?
     
  18. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ==================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  19. chrm

    chrm TS Rookie Topic Starter Posts: 26

    I use only Google Chrome - do I still need to download Adobe Flash? Usually, it says that my browser has the latest flash player installed.

    Thank God! I mean, you, Broni. :)

    Now I am going to do the recomendations, you posted above. I will keep you informed between the steps.
     
  20. chrm

    chrm TS Rookie Topic Starter Posts: 26

    Well, you won't blieve this, but I have just heard and saw this goddamned "Congratulations! You won!" just seconds, after I posted...

    What should I do? I believe, my steps are now changed....

    (I am deffinately is going to donate you some money as soon as I will put some money to my special Internet-related card!)
     
  21. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Yes.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  22. chrm

    chrm TS Rookie Topic Starter Posts: 26

    Ok, I installed the Flash Player and downloaded the TDSSKiller. Should I run it with Microsoft Security Essentials still working in the background, or should I stop it before runing TDSSKiller?
     
  23. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    It doesn't matter.

    Please don't quote my replies.
     
  24. chrm

    chrm TS Rookie Topic Starter Posts: 26

    Sorry for quotes. Here is the report of TDSSKiller
    (It said that found 1 threat, but suggested to skip it, which I did):

    19:10:24.0096 1784 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
    19:10:24.0233 1784 ============================================================
    19:10:24.0233 1784 Current date / time: 2012/02/23 19:10:24.0233
    19:10:24.0233 1784 SystemInfo:
    19:10:24.0233 1784
    19:10:24.0233 1784 OS Version: 6.1.7600 ServicePack: 0.0
    19:10:24.0233 1784 Product type: Workstation
    19:10:24.0233 1784 ComputerName: VAIO
    19:10:24.0233 1784 UserName: Chrome
    19:10:24.0233 1784 Windows directory: C:\Windows
    19:10:24.0233 1784 System windows directory: C:\Windows
    19:10:24.0233 1784 Running under WOW64
    19:10:24.0233 1784 Processor architecture: Intel x64
    19:10:24.0233 1784 Number of processors: 4
    19:10:24.0233 1784 Page size: 0x1000
    19:10:24.0233 1784 Boot type: Normal boot
    19:10:24.0233 1784 ============================================================
    19:10:25.0006 1784 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:10:25.0012 1784 \Device\Harddisk0\DR0:
    19:10:25.0012 1784 MBR used
    19:10:25.0012 1784 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A8F800, BlocksNum 0x32000
    19:10:25.0012 1784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1AC1800, BlocksNum 0x2396CAB0
    19:10:25.0039 1784 Initialize success
    19:10:25.0039 1784 ============================================================
    19:10:38.0279 6880 ============================================================
    19:10:38.0279 6880 Scan started
    19:10:38.0279 6880 Mode: Manual;
    19:10:38.0279 6880 ============================================================
    19:10:38.0475 6880 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\drivers\1394ohci.sys
    19:10:38.0479 6880 1394ohci - ok
    19:10:38.0523 6880 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
    19:10:38.0538 6880 ACPI - ok
    19:10:38.0677 6880 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
    19:10:38.0678 6880 AcpiPmi - ok
    19:10:38.0748 6880 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    19:10:38.0756 6880 adp94xx - ok
    19:10:38.0831 6880 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    19:10:38.0836 6880 adpahci - ok
    19:10:38.0888 6880 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    19:10:38.0892 6880 adpu320 - ok
    19:10:38.0979 6880 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
    19:10:39.0002 6880 AFD - ok
    19:10:39.0063 6880 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    19:10:39.0065 6880 agp440 - ok
    19:10:39.0144 6880 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    19:10:39.0145 6880 aliide - ok
    19:10:39.0172 6880 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    19:10:39.0173 6880 amdide - ok
    19:10:39.0224 6880 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    19:10:39.0226 6880 AmdK8 - ok
    19:10:39.0414 6880 amdkmdag (ea244a8b88de8b5986bf3b7903b063af) C:\Windows\system32\DRIVERS\atikmdag.sys
    19:10:39.0788 6880 amdkmdag - ok
    19:10:39.0856 6880 amdkmdap (dca6e341a4a7c31ea8a14c6166c9b249) C:\Windows\system32\DRIVERS\atikmpag.sys
    19:10:39.0872 6880 amdkmdap - ok
    19:10:39.0911 6880 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    19:10:39.0913 6880 AmdPPM - ok
    19:10:39.0953 6880 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
    19:10:39.0956 6880 amdsata - ok
    19:10:40.0042 6880 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    19:10:40.0046 6880 amdsbs - ok
    19:10:40.0083 6880 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
    19:10:40.0084 6880 amdxata - ok
    19:10:40.0161 6880 ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\drivers\Apfiltr.sys
    19:10:40.0166 6880 ApfiltrService - ok
    19:10:40.0192 6880 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    19:10:40.0194 6880 AppID - ok
    19:10:40.0297 6880 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    19:10:40.0300 6880 arc - ok
    19:10:40.0336 6880 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    19:10:40.0339 6880 arcsas - ok
    19:10:40.0368 6880 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
    19:10:40.0369 6880 ArcSoftKsUFilter - ok
    19:10:40.0431 6880 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    19:10:40.0433 6880 AsyncMac - ok
    19:10:40.0468 6880 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    19:10:40.0470 6880 atapi - ok
    19:10:40.0527 6880 athr (cca705cdf038d5bc243203ce4416b345) C:\Windows\system32\DRIVERS\athrx.sys
    19:10:40.0549 6880 athr - ok
    19:10:40.0768 6880 atikmdag (ea244a8b88de8b5986bf3b7903b063af) C:\Windows\system32\DRIVERS\atikmdag.sys
    19:10:40.0800 6880 atikmdag - ok
    19:10:40.0891 6880 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    19:10:40.0899 6880 b06bdrv - ok
    19:10:40.0978 6880 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    19:10:40.0982 6880 b57nd60a - ok
    19:10:41.0009 6880 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    19:10:41.0010 6880 Beep - ok
    19:10:41.0032 6880 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
    19:10:41.0034 6880 blbdrive - ok
    19:10:41.0109 6880 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
    19:10:41.0112 6880 bowser - ok
    19:10:41.0165 6880 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    19:10:41.0166 6880 BrFiltLo - ok
    19:10:41.0188 6880 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    19:10:41.0189 6880 BrFiltUp - ok
    19:10:41.0238 6880 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
    19:10:41.0240 6880 BridgeMP - ok
    19:10:41.0306 6880 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    19:10:41.0312 6880 Brserid - ok
    19:10:41.0330 6880 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    19:10:41.0331 6880 BrSerWdm - ok
    19:10:41.0379 6880 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:10:41.0381 6880 BrUsbMdm - ok
    19:10:41.0446 6880 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    19:10:41.0447 6880 BrUsbSer - ok
    19:10:41.0518 6880 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
    19:10:41.0520 6880 BthEnum - ok
    19:10:41.0588 6880 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    19:10:41.0591 6880 BTHMODEM - ok
    19:10:41.0653 6880 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    19:10:41.0655 6880 BthPan - ok
    19:10:41.0750 6880 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
    19:10:41.0758 6880 BTHPORT - ok
    19:10:41.0855 6880 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
    19:10:41.0857 6880 BTHUSB - ok
    19:10:41.0919 6880 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\Windows\system32\drivers\btwampfl.sys
    19:10:41.0924 6880 btwampfl - ok
    19:10:41.0953 6880 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\Windows\system32\drivers\btwaudio.sys
    19:10:41.0956 6880 btwaudio - ok
    19:10:42.0010 6880 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\Windows\system32\DRIVERS\btwavdt.sys
    19:10:42.0013 6880 btwavdt - ok
    19:10:42.0080 6880 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\Windows\system32\DRIVERS\btwl2cap.sys
    19:10:42.0082 6880 btwl2cap - ok
    19:10:42.0125 6880 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\Windows\system32\DRIVERS\btwrchid.sys
    19:10:42.0126 6880 btwrchid - ok
    19:10:42.0145 6880 catchme - ok
    19:10:42.0204 6880 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    19:10:42.0206 6880 cdfs - ok
    19:10:42.0251 6880 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    19:10:42.0254 6880 cdrom - ok
    19:10:42.0280 6880 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    19:10:42.0282 6880 circlass - ok
    19:10:42.0333 6880 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    19:10:42.0340 6880 CLFS - ok
    19:10:42.0402 6880 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    19:10:42.0403 6880 CmBatt - ok
    19:10:42.0427 6880 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    19:10:42.0428 6880 cmdide - ok
    19:10:42.0529 6880 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
    19:10:42.0536 6880 CNG - ok
    19:10:42.0611 6880 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    19:10:42.0612 6880 Compbatt - ok
    19:10:42.0642 6880 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
    19:10:42.0643 6880 CompositeBus - ok
    19:10:42.0686 6880 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    19:10:42.0687 6880 crcdisk - ok
    19:10:42.0816 6880 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
    19:10:42.0818 6880 DfsC - ok
    19:10:42.0857 6880 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    19:10:42.0859 6880 discache - ok
    19:10:42.0899 6880 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    19:10:42.0901 6880 Disk - ok
    19:10:42.0977 6880 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    19:10:42.0979 6880 drmkaud - ok
    19:10:43.0026 6880 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    19:10:43.0040 6880 DXGKrnl - ok
    19:10:43.0193 6880 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    19:10:43.0258 6880 ebdrv - ok
    19:10:43.0346 6880 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    19:10:43.0354 6880 elxstor - ok
    19:10:43.0436 6880 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    19:10:43.0437 6880 ErrDev - ok
    19:10:43.0504 6880 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    19:10:43.0507 6880 exfat - ok
    19:10:43.0589 6880 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    19:10:43.0593 6880 fastfat - ok
    19:10:43.0619 6880 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    19:10:43.0620 6880 fdc - ok
    19:10:43.0646 6880 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    19:10:43.0648 6880 FileInfo - ok
    19:10:43.0668 6880 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    19:10:43.0670 6880 Filetrace - ok
    19:10:43.0736 6880 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    19:10:43.0737 6880 flpydisk - ok
    19:10:43.0760 6880 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    19:10:43.0765 6880 FltMgr - ok
    19:10:43.0781 6880 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    19:10:43.0783 6880 FsDepends - ok
    19:10:43.0803 6880 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    19:10:43.0805 6880 Fs_Rec - ok
    19:10:43.0868 6880 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    19:10:43.0872 6880 fvevol - ok
    19:10:43.0949 6880 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    19:10:43.0951 6880 gagp30kx - ok
    19:10:43.0992 6880 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    19:10:43.0993 6880 hcw85cir - ok
    19:10:44.0060 6880 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    19:10:44.0066 6880 HdAudAddService - ok
    19:10:44.0091 6880 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\drivers\HDAudBus.sys
    19:10:44.0094 6880 HDAudBus - ok
    19:10:44.0131 6880 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
    19:10:44.0133 6880 HECIx64 - ok
    19:10:44.0214 6880 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    19:10:44.0215 6880 HidBatt - ok
    19:10:44.0240 6880 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    19:10:44.0243 6880 HidBth - ok
    19:10:44.0286 6880 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    19:10:44.0288 6880 HidIr - ok
    19:10:44.0348 6880 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    19:10:44.0350 6880 HidUsb - ok
    19:10:44.0394 6880 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
    19:10:44.0396 6880 HpSAMD - ok
    19:10:44.0439 6880 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    19:10:44.0450 6880 HTTP - ok
    19:10:44.0521 6880 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    19:10:44.0522 6880 hwpolicy - ok
    19:10:44.0553 6880 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    19:10:44.0556 6880 i8042prt - ok
    19:10:44.0590 6880 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
    19:10:44.0593 6880 iaStor - ok
    19:10:44.0684 6880 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
    19:10:44.0691 6880 iaStorV - ok
    19:10:44.0913 6880 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\Windows\system32\DRIVERS\igdkmd64.sys
    19:10:45.0134 6880 igfx - ok
    19:10:45.0202 6880 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    19:10:45.0204 6880 iirsp - ok
    19:10:45.0234 6880 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys
    19:10:45.0237 6880 Impcd - ok
    19:10:45.0315 6880 IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys
    19:10:45.0347 6880 IntcAzAudAddService - ok
    19:10:45.0424 6880 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
    19:10:45.0440 6880 IntcDAud - ok
    19:10:45.0474 6880 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    19:10:45.0475 6880 intelide - ok
    19:10:45.0537 6880 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
    19:10:45.0538 6880 intelppm - ok
    19:10:45.0596 6880 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:10:45.0598 6880 IpFilterDriver - ok
    19:10:45.0647 6880 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
    19:10:45.0649 6880 IPMIDRV - ok
    19:10:45.0686 6880 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    19:10:45.0688 6880 IPNAT - ok
    19:10:45.0738 6880 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    19:10:45.0739 6880 IRENUM - ok
    19:10:45.0793 6880 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    19:10:45.0795 6880 isapnp - ok
    19:10:45.0830 6880 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
    19:10:45.0834 6880 iScsiPrt - ok
    19:10:45.0914 6880 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    19:10:45.0916 6880 kbdclass - ok
    19:10:45.0946 6880 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
    19:10:45.0948 6880 kbdhid - ok
    19:10:46.0010 6880 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
    19:10:46.0012 6880 KSecDD - ok
    19:10:46.0116 6880 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
    19:10:46.0120 6880 KSecPkg - ok
    19:10:46.0149 6880 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    19:10:46.0150 6880 ksthunk - ok
    19:10:46.0175 6880 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    19:10:46.0177 6880 lltdio - ok
    19:10:46.0266 6880 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    19:10:46.0269 6880 LSI_FC - ok
    19:10:46.0295 6880 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    19:10:46.0298 6880 LSI_SAS - ok
    19:10:46.0322 6880 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    19:10:46.0324 6880 LSI_SAS2 - ok
    19:10:46.0401 6880 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    19:10:46.0403 6880 LSI_SCSI - ok
    19:10:46.0441 6880 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    19:10:46.0443 6880 luafv - ok
    19:10:46.0534 6880 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    19:10:46.0535 6880 MBAMProtector - ok
    19:10:46.0566 6880 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    19:10:46.0568 6880 megasas - ok
    19:10:46.0605 6880 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    19:10:46.0610 6880 MegaSR - ok
    19:10:46.0670 6880 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    19:10:46.0672 6880 Modem - ok
    19:10:46.0702 6880 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    19:10:46.0703 6880 monitor - ok
    19:10:46.0732 6880 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    19:10:46.0734 6880 mouclass - ok
    19:10:46.0761 6880 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    19:10:46.0763 6880 mouhid - ok
    19:10:46.0834 6880 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    19:10:46.0836 6880 mountmgr - ok
    19:10:46.0892 6880 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\Windows\system32\DRIVERS\MpFilter.sys
    19:10:46.0895 6880 MpFilter - ok
    19:10:46.0933 6880 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
    19:10:46.0936 6880 mpio - ok
    19:10:47.0010 6880 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\Windows\system32\DRIVERS\MpNWMon.sys
    19:10:47.0012 6880 MpNWMon - ok
    19:10:47.0051 6880 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    19:10:47.0053 6880 mpsdrv - ok
    19:10:47.0094 6880 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    19:10:47.0097 6880 MRxDAV - ok
    19:10:47.0182 6880 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:10:47.0186 6880 mrxsmb - ok
    19:10:47.0207 6880 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:10:47.0212 6880 mrxsmb10 - ok
    19:10:47.0233 6880 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:10:47.0236 6880 mrxsmb20 - ok
    19:10:47.0283 6880 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
    19:10:47.0285 6880 msahci - ok
    19:10:47.0347 6880 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
    19:10:47.0350 6880 msdsm - ok
    19:10:47.0396 6880 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    19:10:47.0398 6880 Msfs - ok
    19:10:47.0416 6880 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    19:10:47.0417 6880 mshidkmdf - ok
    19:10:47.0462 6880 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    19:10:47.0463 6880 msisadrv - ok
    19:10:47.0548 6880 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    19:10:47.0549 6880 MSKSSRV - ok
    19:10:47.0564 6880 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    19:10:47.0565 6880 MSPCLOCK - ok
    19:10:47.0588 6880 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    19:10:47.0590 6880 MSPQM - ok
    19:10:47.0628 6880 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    19:10:47.0634 6880 MsRPC - ok
    19:10:47.0685 6880 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    19:10:47.0686 6880 mssmbios - ok
    19:10:47.0725 6880 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    19:10:47.0726 6880 MSTEE - ok
    19:10:47.0760 6880 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    19:10:47.0761 6880 MTConfig - ok
    19:10:47.0807 6880 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    19:10:47.0809 6880 Mup - ok
    19:10:47.0850 6880 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    19:10:47.0855 6880 NativeWifiP - ok
    19:10:47.0897 6880 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    19:10:47.0910 6880 NDIS - ok
    19:10:47.0983 6880 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    19:10:47.0985 6880 NdisCap - ok
    19:10:48.0006 6880 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    19:10:48.0007 6880 NdisTapi - ok
    19:10:48.0026 6880 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    19:10:48.0028 6880 Ndisuio - ok
    19:10:48.0069 6880 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    19:10:48.0072 6880 NdisWan - ok
    19:10:48.0131 6880 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    19:10:48.0133 6880 NDProxy - ok
    19:10:48.0150 6880 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    19:10:48.0152 6880 NetBIOS - ok
    19:10:48.0197 6880 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    19:10:48.0202 6880 NetBT - ok
    19:10:48.0272 6880 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    19:10:48.0273 6880 nfrd960 - ok
    19:10:48.0297 6880 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    19:10:48.0300 6880 NisDrv - ok
    19:10:48.0383 6880 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    19:10:48.0384 6880 Npfs - ok
    19:10:48.0411 6880 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    19:10:48.0412 6880 nsiproxy - ok
    19:10:48.0499 6880 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
    19:10:48.0522 6880 Ntfs - ok
    19:10:48.0591 6880 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    19:10:48.0593 6880 Null - ok
    19:10:48.0639 6880 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
    19:10:48.0642 6880 nvraid - ok
    19:10:48.0705 6880 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
    19:10:48.0708 6880 nvstor - ok
    19:10:48.0772 6880 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    19:10:48.0775 6880 nv_agp - ok
    19:10:48.0823 6880 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    19:10:48.0826 6880 ohci1394 - ok
    19:10:48.0915 6880 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    19:10:48.0918 6880 Parport - ok
    19:10:48.0954 6880 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    19:10:48.0956 6880 partmgr - ok
    19:10:48.0988 6880 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
    19:10:48.0990 6880 pci - ok
    19:10:49.0042 6880 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    19:10:49.0043 6880 pciide - ok
    19:10:49.0089 6880 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    19:10:49.0094 6880 pcmcia - ok
    19:10:49.0114 6880 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    19:10:49.0116 6880 pcw - ok
    19:10:49.0181 6880 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    19:10:49.0191 6880 PEAUTH - ok
    19:10:49.0284 6880 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    19:10:49.0287 6880 PptpMiniport - ok
    19:10:49.0313 6880 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    19:10:49.0315 6880 Processor - ok
    19:10:49.0348 6880 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    19:10:49.0350 6880 Psched - ok
    19:10:49.0421 6880 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
    19:10:49.0423 6880 PxHlpa64 - ok
    19:10:49.0476 6880 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    19:10:49.0497 6880 ql2300 - ok
    19:10:49.0589 6880 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    19:10:49.0592 6880 ql40xx - ok
    19:10:49.0626 6880 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    19:10:49.0628 6880 QWAVEdrv - ok
    19:10:49.0648 6880 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    19:10:49.0650 6880 RasAcd - ok
    19:10:49.0679 6880 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:10:49.0681 6880 RasAgileVpn - ok
    19:10:49.0739 6880 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:10:49.0742 6880 Rasl2tp - ok
    19:10:49.0762 6880 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    19:10:49.0765 6880 RasPppoe - ok
    19:10:49.0803 6880 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    19:10:49.0806 6880 RasSstp - ok
    19:10:49.0869 6880 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    19:10:49.0874 6880 rdbss - ok
    19:10:49.0908 6880 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    19:10:49.0910 6880 rdpbus - ok
    19:10:49.0975 6880 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:10:49.0976 6880 RDPCDD - ok
    19:10:49.0999 6880 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    19:10:50.0000 6880 RDPENCDD - ok
    19:10:50.0021 6880 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    19:10:50.0022 6880 RDPREFMP - ok
    19:10:50.0056 6880 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    19:10:50.0060 6880 RDPWD - ok
    19:10:50.0137 6880 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
    19:10:50.0141 6880 rdyboost - ok
    19:10:50.0191 6880 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    19:10:50.0194 6880 RFCOMM - ok
    19:10:50.0273 6880 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
    19:10:50.0275 6880 rimspci - ok
    19:10:50.0310 6880 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
    19:10:50.0312 6880 risdsnpe - ok
    19:10:50.0393 6880 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    19:10:50.0395 6880 rspndr - ok
    19:10:50.0427 6880 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
    19:10:50.0431 6880 RTHDMIAzAudService - ok
    19:10:50.0520 6880 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
    19:10:50.0522 6880 sbp2port - ok
    19:10:50.0552 6880 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    19:10:50.0553 6880 scfilter - ok
    19:10:50.0578 6880 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
    19:10:50.0581 6880 sdbus - ok
    19:10:50.0652 6880 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    19:10:50.0654 6880 secdrv - ok
    19:10:50.0690 6880 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    19:10:50.0691 6880 Serenum - ok
    19:10:50.0724 6880 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    19:10:50.0726 6880 Serial - ok
    19:10:50.0783 6880 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    19:10:50.0785 6880 sermouse - ok
    19:10:50.0864 6880 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
    19:10:50.0866 6880 SFEP - ok
    19:10:50.0913 6880 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    19:10:50.0914 6880 sffdisk - ok
    19:10:50.0974 6880 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    19:10:50.0975 6880 sffp_mmc - ok
    19:10:51.0021 6880 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
    19:10:51.0022 6880 sffp_sd - ok
    19:10:51.0055 6880 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    19:10:51.0057 6880 sfloppy - ok
    19:10:51.0122 6880 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
    19:10:51.0133 6880 Sftfs - ok
    19:10:51.0215 6880 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    19:10:51.0220 6880 Sftplay - ok
    19:10:51.0281 6880 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    19:10:51.0283 6880 Sftredir - ok
    19:10:51.0321 6880 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
    19:10:51.0322 6880 Sftvol - ok
    19:10:51.0407 6880 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    19:10:51.0409 6880 SiSRaid2 - ok
    19:10:51.0464 6880 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    19:10:51.0467 6880 SiSRaid4 - ok
    19:10:51.0522 6880 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    19:10:51.0525 6880 Smb - ok
    19:10:51.0601 6880 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    19:10:51.0603 6880 spldr - ok
    19:10:51.0677 6880 sptd (d519ad2de7968cd2b47fea807c5b29b2) C:\Windows\System32\Drivers\sptd.sys
    19:10:51.0678 6880 Suspicious file (NoAccess): C:\Windows\System32\Drivers\sptd.sys. md5: d519ad2de7968cd2b47fea807c5b29b2
    19:10:51.0679 6880 sptd ( LockedFile.Multi.Generic ) - warning
    19:10:51.0679 6880 sptd - detected LockedFile.Multi.Generic (1)
    19:10:51.0765 6880 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
    19:10:51.0773 6880 srv - ok
    19:10:51.0890 6880 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
    19:10:51.0898 6880 srv2 - ok
    19:10:51.0964 6880 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
    19:10:51.0968 6880 srvnet - ok
    19:10:52.0003 6880 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    19:10:52.0005 6880 stexstor - ok
    19:10:52.0096 6880 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    19:10:52.0097 6880 swenum - ok
    19:10:52.0202 6880 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
    19:10:52.0228 6880 Tcpip - ok
    19:10:52.0357 6880 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
    19:10:52.0366 6880 TCPIP6 - ok
    19:10:52.0446 6880 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    19:10:52.0448 6880 tcpipreg - ok
    19:10:52.0483 6880 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    19:10:52.0484 6880 TDPIPE - ok
    19:10:52.0498 6880 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    19:10:52.0500 6880 TDTCP - ok
    19:10:52.0528 6880 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    19:10:52.0530 6880 tdx - ok
    19:10:52.0602 6880 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
    19:10:52.0605 6880 TermDD - ok
    19:10:52.0634 6880 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:10:52.0636 6880 tssecsrv - ok
    19:10:52.0692 6880 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    19:10:52.0695 6880 tunnel - ok
    19:10:52.0730 6880 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    19:10:52.0732 6880 uagp35 - ok
    19:10:52.0760 6880 udfs (0e5e962b5649d544be54e8c90761ea2b) C:\Windows\system32\DRIVERS\udfs.sys
    19:10:52.0766 6880 udfs - ok
    19:10:52.0828 6880 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    19:10:52.0830 6880 uliagpkx - ok
    19:10:52.0886 6880 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    19:10:52.0888 6880 umbus - ok
    19:10:52.0929 6880 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    19:10:52.0930 6880 UmPass - ok
    19:10:53.0028 6880 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
    19:10:53.0030 6880 usbccgp - ok
    19:10:53.0088 6880 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    19:10:53.0090 6880 usbcir - ok
    19:10:53.0164 6880 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
    19:10:53.0166 6880 usbehci - ok
    19:10:53.0217 6880 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
    19:10:53.0222 6880 usbhub - ok
    19:10:53.0326 6880 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
    19:10:53.0328 6880 usbohci - ok
    19:10:53.0380 6880 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    19:10:53.0381 6880 usbprint - ok
    19:10:53.0442 6880 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:10:53.0453 6880 USBSTOR - ok
    19:10:53.0534 6880 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
    19:10:53.0536 6880 usbuhci - ok
    19:10:53.0576 6880 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    19:10:53.0580 6880 usbvideo - ok
    19:10:53.0659 6880 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    19:10:53.0660 6880 vdrvroot - ok
    19:10:53.0703 6880 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    19:10:53.0705 6880 vga - ok
    19:10:53.0727 6880 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    19:10:53.0729 6880 VgaSave - ok
    19:10:53.0769 6880 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
    19:10:53.0773 6880 vhdmp - ok
    19:10:53.0819 6880 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    19:10:53.0820 6880 viaide - ok
    19:10:53.0860 6880 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
    19:10:53.0862 6880 volmgr - ok
    19:10:53.0910 6880 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    19:10:53.0915 6880 volmgrx - ok
    19:10:53.0974 6880 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
    19:10:53.0979 6880 volsnap - ok
    19:10:54.0031 6880 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    19:10:54.0034 6880 vsmraid - ok
    19:10:54.0088 6880 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    19:10:54.0090 6880 vwifibus - ok
    19:10:54.0131 6880 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    19:10:54.0133 6880 vwififlt - ok
    19:10:54.0172 6880 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    19:10:54.0173 6880 vwifimp - ok
    19:10:54.0230 6880 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    19:10:54.0232 6880 WacomPen - ok
    19:10:54.0271 6880 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    19:10:54.0274 6880 WANARP - ok
    19:10:54.0287 6880 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    19:10:54.0288 6880 Wanarpv6 - ok
    19:10:54.0348 6880 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    19:10:54.0350 6880 Wd - ok
    19:10:54.0400 6880 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    19:10:54.0410 6880 Wdf01000 - ok
    19:10:54.0469 6880 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    19:10:54.0470 6880 WfpLwf - ok
    19:10:54.0514 6880 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    19:10:54.0516 6880 WIMMount - ok
    19:10:54.0578 6880 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    19:10:54.0579 6880 WmiAcpi - ok
    19:10:54.0628 6880 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    19:10:54.0629 6880 ws2ifsl - ok
    19:10:54.0668 6880 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    19:10:54.0670 6880 WudfPf - ok
    19:10:54.0694 6880 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:10:54.0698 6880 WUDFRd - ok
    19:10:54.0750 6880 yukonw7 (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys
    19:10:54.0757 6880 yukonw7 - ok
    19:10:54.0785 6880 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    19:10:54.0849 6880 \Device\Harddisk0\DR0 - ok
    19:10:54.0853 6880 Boot (0x1200) (e9550aee67cf2748c1d305901120963f) \Device\Harddisk0\DR0\Partition0
    19:10:54.0854 6880 \Device\Harddisk0\DR0\Partition0 - ok
    19:10:54.0863 6880 Boot (0x1200) (fb514e4624a8c02b3c522d76afedd596) \Device\Harddisk0\DR0\Partition1
    19:10:54.0864 6880 \Device\Harddisk0\DR0\Partition1 - ok
    19:10:54.0865 6880 ============================================================
    19:10:54.0865 6880 Scan finished
    19:10:54.0865 6880 ============================================================
    19:10:54.0874 6504 Detected object count: 1
    19:10:54.0874 6504 Actual detected object count: 1
    19:11:00.0196 6504 sptd ( LockedFile.Multi.Generic ) - skipped by user
    19:11:00.0196 6504 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
     
  25. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Nothing there.

    Delete your Combofix file, download new one, run it and post new log.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...