TechSpot

Infected to PC Performance and Stability Analysis Report malware

By zx9rkuma
Jul 19, 2011
  1. Hi,

    I am new to this forum. I am helping out my friend's computer which was infected with "PC Performance and Stability Analysis Report" malware. The system had an active AV software, TrendMicro Virus Buster 2010 until recently but my friend expired its validity; which is when the system turned haywire.

    I am currently in the process of implementing "UPDATED 7-step Viruses/Spyware/Malware Preliminary Removal Instructions", step #4 however I have no idea how to disable any script blocking protection before running DDS by sUBS. No desktop icons, cannot access any of folders in C: drive. Very much appreciate for any help to complete the 7-steps so I can start cleaning this system.

    Thanks in advance.

    Ted
     
  2. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Here are the logs from Malwarebytes....

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7207

    Windows 6.1.7600
    Internet Explorer 9.0.8112.16421

    2011/07/20 (水) 11:14:22
    mbam-log-2011-07-20 (11-14-22).txt

    Scan type: Quick scan
    Objects scanned: 176670
    Time elapsed: 6 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  3. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Report malware

    and here is a log from GMER....

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-07-20 11:04:11
    Windows 6.1.7600
    Running: 4dygtqcz.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313fe70ca
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313fe70ca (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----
     
  4. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Report malware

    Hi,

    I:m back again today.... I forgot to mention the last time, however since I didn`t have functional AV software running, I downloaded Avira Free, installed and conducted a full scan. It detected few viruses and removed them all.

    My objective is to clean the system to virus free and access the partition drive so I can create a recovery CD to reformat the drive and clean install the operating system; hence any help is greatly appreciated. I also would like to mention this friend of mine system runs on Japanese O/S and since the friend doesn`t communicate well in English, I am helping out. I translated some characters displayed in Japanese within "()"..

    I still don`t know how to disable any script blocking protection, but I ran DDS by sUBs and following is the two logs.

    DDS (Ver_2011-07-14.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16421
    Run by Owner at 7:54:48 on 2011-07-21
    Microsoft Windows 7 Home Premium 6.1.7600.0.932.81.1041.18.1787.913 [GMT 9:00]
    .
    AV: ウイルスバスター2010 (Virus Buster 2010) *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: ウイルスバスター2010 (Virus Buster 2010) *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    FW: ウイルスバスター2010 (Virus Buster 2010) (パーソナルファイアウォール/Personal Firewall) *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\atieclxx.exe
    C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\CyberLink\Digital Media Player Library v4\Player\Binary\CLHNServer\CLHNService.exe
    C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Trend Micro\Virus Buster\SfCtlCom.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe
    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Trend Micro\Virus Buster\UfSeAgnt.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Apoint\Apvfb.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uWindow Title = Internet Explorer, optimized for Bing and MSN
    mWinlogon: Userinit = userinit.exe,
    BHO: i-フィルター 5.0 ブラウザヘルパー (i-Filter 5.0 Browser Helper): {0FAF6F52-1AD4-4282-9EA1-3EC884DA7AA3} - C:\Program Files (x86)\Digital Arts\IFP5\app\bin\ifp5toolbar.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
    BHO: Windows Live ID サインイン ヘルパー (Signin Helper) : {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Trend ツールバー (Toolbar) : {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" UNATTENDED
    mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun: [IME14 JPN Setup] C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: Google サイドウィキ (Side Wiki)... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: Microsoft Excel にエクスポート(Export to) (&X) - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: Interfaces\{30625CBE-05E0-49E4-8016-F1FA70204A25} : DHCPNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{3CBF4A3E-158F-4D70-BB8A-CDC6E8269365} : DHCPNameServer = 192.168.1.254
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    x64-BHO: i-フィルター 5.0 ブラウザヘルパー (i-Filter 5.0 Browser Helper) : {0FAF6F52-1AD4-4282-9EA1-3EC884DA7AA3} - C:\Program Files (x86)\Digital Arts\IFP5\app\bin\ifp5toolbar64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
    x64-Run: [IME14 JPN Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /JPN /Log
    x64-Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Virus Buster\UfSeAgnt.exe"
    x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-20 55280]
    R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2010-8-8 200720]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]
    R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-7 202752]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-7-20 136360]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-7-20 269480]
    R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-7-20 88288]
    R2 CLHNService3;CLHNService3;C:\Program Files (x86)\CyberLink\Digital Media Player Library v4\Player\Binary\CLHNServer\CLHNService.exe [2009-12-1 107816]
    R2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-1-21 83312]
    R2 ntk3;ntk3;C:\Program Files (x86)\CyberLink\Digital Media Player Library v4\Player\Binary\CLHNServer\ntk3_64.sys [2009-4-22 82416]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-6-15 259192]
    R2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2010-10-19 42576]
    R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2010-8-8 339984]
    R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-3-18 852336]
    R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]
    R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-2-19 386416]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-5-20 822784]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-4-7 6402560]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-4-7 188928]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-20 242720]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-4-8 346144]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-4-8 12032]
    R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-2-8 302448]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-5-20 38456]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-5-20 1021840]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google アップデート サービス (Update Service) (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-8 135664]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-15 183560]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-19 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 gupdatem;Google Update サービス(Service) (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-8 135664]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840]
    S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-5-20 108400]
    S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-5-20 422768]
    S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-5-20 67952]
    S3 TmPfw;Trend Micro Personal Firewall;C:\Program Files\Trend Micro\Virus Buster\TmPfw.exe [2010-8-8 595960]
    S3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Virus Buster\TmProxy.exe [2010-8-8 917768]
    S3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-5-20 574320]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]
    S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-6-15 44736]
    S3 WatAdminSvc;Windows Activation Technologies サービス (service) ;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-8 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-07-20 01:08:28 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
    2011-07-20 01:08:18 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-20 01:08:17 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-07-20 01:08:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-07-19 23:53:45 -------- d-----w- C:\Users\Owner\AppData\Roaming\Avira
    2011-07-19 23:43:25 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-07-19 23:43:18 -------- d--h--w- C:\ProgramData\Avira
    2011-07-19 23:43:18 -------- d--h--w- C:\Program Files (x86)\Avira
    2011-07-16 23:53:08 -------- d--h--w- C:\Users\Owner\AppData\Roaming\Auslogics
    2011-07-10 20:38:31 -------- d--h--w- C:\Users\Owner\新しいフォルダー (new folder)
    2011-07-07 13:51:34 -------- d--h--w- C:\Users\Owner\AppData\Local\{B84435D3-5D49-449C-8F61-B125AB7C1F52}
    2011-07-05 06:47:41 -------- d--h--w- C:\Windows\msdownld.tmp
    2011-07-05 05:40:13 -------- d-----w- C:\Windows\System32\SPReview
    2011-07-05 05:38:43 -------- d-----w- C:\Windows\System32\EventProviders
    2011-06-28 23:03:00 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
    .
    ==================== Find3M ====================
    .
    2011-05-28 03:07:01 3133952 ----a-w- C:\Windows\System32\win32k.sys
    2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
    2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
    2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
    2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
    2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
    2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
    2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
    2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
    2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
    2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
    2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
    2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
    2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
    2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
    2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
    2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
    2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
    2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
    2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-05-03 19:52:22 472808 ---ha-w- C:\Windows\SysWow64\deployJava1.dll
    2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
    2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-04-22 20:18:47 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    .
    ============= FINISH: 7:58:42.45 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-07-14.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2010/08/08 (日/Sun) 11:26:29
    System Uptime: 2011/07/21 (木/Thur) 7:50:50 (0 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: AMD Athlon(tm) II P320 Dual-Core Processor | N/A | 798/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 286 GiB total, 245.813 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP92: 2011/07/05 (火/Tues) 14:40:03 - Windows 7 Service Pack 1
    RP93: 2011/07/05 (火/Tues) 15:14:18 - VAIO Care Automatic Restore Point
    RP94: 2011/07/05 (火/Tues) 15:21:08 - Installed Licensing Service Install
    RP95: 2011/07/05 (火/Tues) 15:39:02 - Windows モジュール インストーラー (Module Installer)
    RP96: 2011/07/05 (火/Tues) 16:04:34 - Installed Java(TM) 6 Update 26
    RP97: 2011/07/07 (木/Thur) 12:07:25 - VAIO Care Automatic Restore Point
    RP98: 2011/07/13 (水/Wed) 10:14:54 - VAIO Care Automatic Restore Point
    RP99: 2011/07/13 (水/Wed) 10:38:28 - VAIO Care Automatic Restore Point
    RP100: 2011/07/14 (木/Thur) 9:51:16 - VAIO Care Automatic Restore Point
    RP101: 2011/07/14 (木/Thur) 11:03:55 - Windows Update
    RP102: 2011/07/15 (金/Fri) 7:38:45 - VAIO Care Automatic Restore Point
    RP103: 2011/07/15 (金/Fri) 8:56:52 - VAIO Care Automatic Restore Point
    RP104: 2011/07/15 (金/Fri) 9:11:16 - VAIO Care Automatic Restore Point
    RP105: 2011/07/17 (日/Sun) 7:42:52 - VAIO Care Automatic Restore Point
    RP106: 2011/07/17 (日/Sun) 7:46:49 - VAIO Care Automatic Restore Point
    RP107: 2011/07/17 (日/Sun) 8:21:03 - VAIO Care Automatic Restore Point
    RP108: 2011/07/17 (日/Sun) 8:44:07 - VAIO Care Automatic Restore Point
    RP109: 2011/07/20 (水/Wed) 11:54:25 - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Photoshop Elements 8.0
    Adobe Premiere Elements 8.0
    Adobe Reader 9.3.3 - Japanese
    Alps Pointing-device for VAIO
    AMD USB Filter Driver
    ArcSoft WebCam Companion 3
    ATI Catalyst Install Manager
    Avira AntiVir Personal - Free Antivirus
    Bing Bar
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Click to Disc MergeModules x64
    Corel WinDVD
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726)
    Evernote
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    i-フィルター 5.0 (i-Filter 5.0)
    Java Auto Updater
    Java(TM) 6 Update 17 (64-bit)
    Java(TM) 6 Update 26
    Junk Mail filter update
    Licensing Service Install
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Media Gallery
    Media Gallery MergeModules x64
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Client Profile JPN Language Pack
    Microsoft .NET Framework 4 Client Profile Language Pack - 日本語 (Japanese)
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Excel MUI (Japanese) 2010
    Microsoft Office IME (Japanese) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (Japanese) 2010
    Microsoft Office Personal 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (Japanese) 2010
    Microsoft Office Proofing (Japanese) 2010
    Microsoft Office Shared 64-bit MUI (Japanese) 2010
    Microsoft Office Shared MUI (Japanese) 2010
    Microsoft Office Word MUI (Japanese) 2010
    Microsoft Office ナビ 2010 (Navi 2010)
    Microsoft Outlook Social Connector (KB2441641) の更新プログラム (Update program)
    Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    MSI_SPF_x64
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Online Backup
    PMB
    PMB VAIO Edition Guide
    PMB VAIO Edition plug-in (Click to Disc)
    PMB VAIO Edition plug-in (VAIO Image Optimizer)
    PMB VAIO Edition plug-in (VAIO Movie Story)
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Remote Play with PlayStation 3
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy Media Creator 10 LJ
    Roxio Easy Media Creator Home
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - 日本語 (Japanese) (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile Language Pack - 日本語 (Japanese) (KB2518870)
    Security Update for Microsoft Excel 2010 (KB2523021)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Word 2010 (KB2345000)
    Setting Utility Series
    Skype? 5.3
    SmartSound Quicktracks for Premiere Elements 8.0
    Sony Home Network Library
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft Outlook Social Connector (KB2441641)
    VAIO Care
    VAIO Content Monitoring Settings
    VAIO Data Restore Tool
    VAIO DVD Menu Data
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Gate
    VAIO Gate Default
    VAIO Hardware Diagnostics
    VAIO Manual
    VAIO Media plus
    VAIO Media plus Opening Movie
    VAIO Media plus デジタル放送プラグイン (Digital Broadcast Plugin)
    VAIO Movie Story MergeModules x64
    VAIO Movie Story Template Data
    VAIO One Touch Startup Tool
    VAIO Original Function Settings
    VAIO Sample Contents
    VAIO Smart Network
    VAIO Update
    VAIO Wallpaper Contents
    VAIO オリジナル機能の設定 (Setup original function)
    VAIO オンラインカスタマー登録 (Online customer registration)
    VAIO お引越サポート(Moving support)
    VAIO コンテンツ監視の設定 (Setup contents monitoring)
    VAIO データリストアツール (Data restore tool)
    VAIO の設定 (Setting up VAIO)
    VAIO 省電力設定 (Power management setup)
    VAIO限定特典ブロードバンド・モバイルご紹介 (Introduction to broadband mobile)
    VMp MergeModule x64
    WIDCOMM Bluetooth Software
    Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Live フォト ギャラリー (Photo Gallery)
    Windows Live メール (Mail)
    ウイルスバスター2010 (Virus Buster 2010)
    リモートプレイ (Remote play) with PlayStation 3
    リモート接続用の Windows Live Mesh ActiveX (remote access control) コントロール (日本語/Japanese)
    筆ぐるめ Ver.17 (Fude Gurume Ver.17)
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =======================================================================

    You're running two AV programs, Virus Buster 2010 and Avira.
    One of them has to go.
    Your choice.

    Then....

    Let's see, if we can recover your missing features.
    Download and run UnHide
    Let me know, if it worked.
     
  6. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Reprot malware

    Hi Broni,

    Thank you very much for your response. I had been eagerly waiting for some advice so I can clean this system.

    Since this is not my computer, I am uncertain what or how many icons were present on the desktop; however they seem to reappear instead of just black desktop.

    However upon completion of the program, the command prompt window displayed "Denied Access. Cannot create directory - C: \PROGRA~3\MICROS~1\Windows\STARTM~1\Program Analysis Error". (Please excuse me since the error is displayed in Japanese and I'm just translating the best I could)

    I checked "Start button => All programs" and it seems to display all the programs that are installed. I did not see "empty" on any of the programs displayed.

    I checked "Start button => C: drive" and I am able to see and access the folders in the C: drive.

    Hope this info helps. And thank you very much for your response.

    Ted
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good job :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Report malware

    Hi Broni,

    Thanks for your advice. I was unable to run Combofix on Normal mode; hence I ran it under Safemode. I did not require to run Rkill.exe to start the operation.


    Following is the log for Combofix... Unfortunately, this is my last response for today. I will revert tomorrow 21 July to continue cleaning process(es).

    ComboFix 11-07-20.05 - Owner /07/21 (木) 10:28:10.1.2 - x64 NETWORK
    Microsoft Windows 7 Home Premium 6.1.7600.0.932.81.1041.18.1787.928 [GMT 9:00]
    Running from: C:\Users\Owner\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair
    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Uninstall Windows 7 Repair.lnk
    C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair\Windows 7 Repair.lnk


    ((((((((((((((((((((((((( Files Created from 2011-06-21 to 2011-07-21 )))))))))))))))))))))))))))))))


    2011-07-21 01:55:48 . 2011-07-21 01:55:48 -------- d-----w- C:\Users\Default\AppData\Local\temp
    2011-07-21 01:11:24 . 2011-07-21 01:18:52 -------- d-----w- C:\32788R22FWJFW
    2011-07-20 01:08:28 . 2011-07-20 01:08:28 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes
    2011-07-20 01:08:18 . 2011-07-06 10:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-20 01:08:17 . 2011-07-20 01:08:17 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-07-20 01:08:13 . 2011-07-20 01:08:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-07-19 23:53:45 . 2011-07-19 23:53:45 -------- d-----w- C:\Users\Owner\AppData\Roaming\Avira
    2011-07-19 23:43:25 . 2011-07-20 01:03:33 88288 ----a-w- C:\Windows\system32\drivers\avgntflt.sys
    2011-07-19 23:43:25 . 2011-07-20 01:03:33 123784 ----a-w- C:\Windows\system32\drivers\avipbb.sys
    2011-07-19 23:43:18 . 2011-07-19 23:43:18 -------- d-----w- C:\ProgramData\Avira
    2011-07-19 23:43:18 . 2011-07-19 23:43:18 -------- d-----w- C:\Program Files (x86)\Avira
    2011-07-16 23:53:08 . 2011-07-16 23:53:08 -------- d-----w- C:\Users\Owner\AppData\Roaming\Auslogics
    2011-07-10 20:38:31 . 2011-07-10 20:38:31 -------- d-----w- C:\Users\Owner\新しいフォルダー
    2011-07-05 06:47:41 . 2011-07-05 06:47:42 -------- d-----w- C:\Windows\msdownld.tmp
    2011-07-05 05:40:13 . 2011-07-05 05:40:13 -------- d-----w- C:\Windows\system32\SPReview
    2011-07-05 05:38:43 . 2011-07-05 05:38:44 -------- d-----w- C:\Windows\system32\EventProviders
    2011-06-28 23:03:00 . 2011-05-24 11:21:59 404992 ----a-w- C:\Windows\system32\umpnpmgr.dll
    .


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2011-05-28 03:07:01 . 2011-06-15 00:48:10 3133952 ----a-w- C:\Windows\system32\win32k.sys
    2011-05-04 02:51:08 . 2011-06-15 00:48:12 287744 ----a-w- C:\Windows\system32\drivers\mrxsmb10.sys
    2011-05-04 02:51:08 . 2011-06-15 00:48:12 157696 ----a-w- C:\Windows\system32\drivers\mrxsmb.sys
    2011-05-04 02:51:05 . 2011-06-15 00:48:12 126464 ----a-w- C:\Windows\system32\drivers\mrxsmb20.sys
    2011-05-03 19:52:22 . 2010-08-08 06:34:14 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-05-03 05:21:22 . 2011-06-15 00:47:04 976896 ----a-w- C:\Windows\system32\inetcomm.dll
    2011-05-03 04:50:29 . 2011-06-15 00:47:04 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-04-29 03:13:10 . 2011-06-15 00:47:09 461312 ----a-w- C:\Windows\system32\drivers\srv.sys
    2011-04-29 03:12:54 . 2011-06-15 00:47:09 399872 ----a-w- C:\Windows\system32\drivers\srv2.sys
    2011-04-29 03:12:37 . 2011-06-15 00:47:09 161792 ----a-w- C:\Windows\system32\drivers\srvnet.sys
    2011-04-27 02:57:40 . 2011-06-15 00:48:17 102400 ----a-w- C:\Windows\system32\drivers\dfsc.sys
    2011-04-25 05:32:22 . 2011-06-15 00:48:16 1896832 ----a-w- C:\Windows\system32\drivers\tcpip.sys
    2011-04-25 02:44:02 . 2011-06-15 00:48:15 499712 ----a-w- C:\Windows\system32\drivers\afd.sys
    2011-04-22 20:18:47 . 2011-05-24 22:50:49 27008 ----a-w- C:\Windows\system32\drivers\Diskdump.sys


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-07-14 01:39:41 1475072]
    "swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-20 14:08:29 39408]
    "CAHeadless"="C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-05 19:40:00 615808]
    "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe" [2011-06-15 06:02:58 15141768]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-02 14:23:54 98304]
    "NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe" [2009-12-03 11:21:12 3272040]
    "PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-01-21 11:31:32 597792]
    "IME14 JPN Setup"="C:\PROGRA~2\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 16:45:36 80240]
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 02:44:46 248552]
    "avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 22:53:33 281768]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200411]
    Ime File REG_SZ imjp14.ime

    R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-05 21:06:20 169312]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-20 22:53:48 136360]
    R2 CLHNService3;CLHNService3;C:\Program Files (x86)\CyberLink\Digital Media Player Library v4\Player\Binary\CLHNServer\CLHNService.exe [2009-12-01 12:04:58 107816]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 04:16:28 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 05:27:14 138576]
    R2 gupdate;Google アップデート サービス (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-08 06:27:58 135664]
    R2 ImeDictUpdateService;Microsoft IME Dictionary Update;C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-01-20 16:36:32 83312]
    R2 ntk3;ntk3;C:\Program Files (x86)\CyberLink\Digital Media Player Library v4\Player\Binary\CLHNServer\ntk3_64.sys [2009-04-22 01:53:34 82416]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-23 18:18:54 360224]
    R2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-24 19:49:14 362992]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-01-28 20:36:18 259192]
    R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-03-17 23:56:06 852336]
    R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-19 10:19:24 529776]
    R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-02-19 10:19:26 386416]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-03-08 02:04:04 822784]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys [x]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]
    R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-15 13:27:14 183560]
    R3 gupdatem;Google Update サービス (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-08 06:27:58 135664]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 12:34:24 4925184]
    R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-24 19:49:04 313840]
    R3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-02-24 05:59:08 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-02-24 05:59:08 422768]
    R3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-02-24 05:59:08 67952]
    R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [2010-02-08 01:46:46 302448]
    R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-03-25 05:10:10 574320]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-19 10:19:28 115568]
    R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-02-14 04:23:50 44736]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 01:50:52 1021840]
    R3 WatAdminSvc;Windows Activation Technologies サービス;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 09:10:10 57184]
    S0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys [x]
    S0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys [x]
    S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys [x]
    S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]


    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - PXHLPA64

    Contents of the 'Scheduled Tasks' folder

    2011-07-21 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-08 06:28:00 . 2010-08-08 06:27:58]

    2011-07-21 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-08-08 06:28:00 . 2010-08-08 06:27:58]


    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 03:30:47 10134560]
    "IME14 JPN Setup"="C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2010-01-20 16:36:24 109424]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0

    ------- Supplementary Scan -------

    uLocal Page = C:\Windows\system32\blank.htm
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    IE: Google サイドウィキ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
    IE: Microsoft Excel にエクスポート(&X) - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254

    - - - - ORPHANS REMOVED - - - -

    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    HKLM-Run-Apoint - C:\Program Files (x86)\Apoint\Apoint.exe



    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"C:\Program Files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata\""

    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="C:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="C:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="C:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="C:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="C:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10a.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="C:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)

    Completion time: 2011-07-21 11:18:18
    ComboFix-quarantined-files.txt 2011-07-21 02:18:11

    Pre-Run: 264,151,982,080 バイトの空き領域
    Post-Run: 264,479,989,760 バイトの空き領域
     
  9. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks good :)

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  10. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Report malware

    Hi Broni,

    I`m back again. Thank you very much for your help, so far so good, I don`t see any issue with the system, it seems to be running fine.

    Here is the log from OLT.txt. I added some translation in "()"

    It also told me the text exceeds 50000 characters hence I`ll divide this in two replys.

    OTL logfile created on: 2011/07/22 (金) 7:51:16 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Owner\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000411 | Country: 日本 | Language: JPN | Date Format: yyyy/MM/dd' ('ddd')'

    1.75 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 40.21% Memory free
    3.49 Gb Paging File | 2.03 Gb Available in Paging File | 58.18% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.50 Gb Total Space | 246.15 Gb Free Space | 85.92% Space Free | Partition Type: NTFS

    Computer Name: OWNER-VAIO | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/22 07:42:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2011/07/20 10:03:25 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/06/28 08:44:32 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
    PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
    PRC - [2010/05/14 14:29:50 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2010/03/18 08:56:06 | 000,852,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    PRC - [2010/03/02 16:22:44 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2010/02/19 19:19:26 | 000,386,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    PRC - [2010/02/19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    PRC - [2010/01/21 20:31:32 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2009/12/01 21:04:58 | 000,107,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Digital Media Player Library v4\Player\Binary\CLHNServer\CLHNService.exe
    PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    PRC - [2009/07/14 10:14:47 | 000,254,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/07/22 07:42:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    MOD - [2010/08/21 14:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2010/01/21 01:45:30 | 001,175,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IMJP14K.DLL
    MOD - [2010/01/21 01:45:30 | 001,128,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\IMJP14.IME
    MOD - [2009/06/11 06:14:56 | 000,652,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcr90.dll
    MOD - [2009/06/11 06:14:54 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4926_none_508ed732bcbc0e5a\msvcp90.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/04/20 10:50:52 | 001,021,840 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
    SRV:64bit: - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
    SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/04/07 12:04:19 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2010/03/25 14:10:10 | 000,574,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV:64bit: - [2010/03/08 11:04:04 | 000,822,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
    SRV:64bit: - [2010/02/19 19:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
    SRV:64bit: - [2010/02/19 19:19:26 | 000,386,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
    SRV:64bit: - [2010/02/19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV:64bit: - [2010/02/08 10:46:46 | 000,302,448 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe -- (SpfService)
    SRV:64bit: - [2009/09/04 13:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/07/14 10:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/07/20 10:03:25 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/05/20 22:57:00 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/05/14 14:29:50 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2010/04/08 14:27:18 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2010/03/18 08:56:06 | 000,852,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2010/02/24 14:59:08 | 000,422,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
    SRV - [2010/02/24 14:59:08 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
    SRV - [2010/02/24 14:59:08 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
    SRV - [2009/12/01 21:04:58 | 000,107,816 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CyberLink\Digital Media Player Library v4\Player\Binary\CLHNServer\CLHNService.exe -- (CLHNService3)
    SRV - [2009/11/25 04:49:14 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
    SRV - [2009/11/25 04:49:04 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
    SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2009/09/10 15:12:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2009/09/06 06:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
    SRV - [2009/06/11 06:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/07/20 10:03:33 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011/07/20 10:03:33 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2010/05/14 18:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2010/05/14 18:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2010/04/07 13:15:45 | 000,265,776 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2010/04/07 13:08:44 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/04/07 12:04:49 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2010/04/07 12:04:22 | 006,402,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
    DRV:64bit: - [2010/04/07 12:04:22 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2010/03/22 20:21:21 | 000,242,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/03/09 17:59:23 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
    DRV:64bit: - [2010/03/09 17:09:06 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/03/09 17:09:06 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/03/09 16:56:08 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
    DRV:64bit: - [2010/03/09 15:09:24 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2010/03/09 15:09:24 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2010/03/09 12:23:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/12/22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2009/07/14 10:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 10:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 10:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 10:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/09 19:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/06/11 05:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/11 05:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 05:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 05:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 05:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/04/22 10:53:34 | 000,082,416 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\Digital Media Player Library v4\Player\Binary\CLHNServer\ntk3_64.sys -- (ntk3)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-4226158196-507302392-1261982788-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-4226158196-507302392-1261982788-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://jp.msn.com/?ocid=OIE9HP
    IE - HKU\S-1-5-21-4226158196-507302392-1261982788-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)



    O1 HOSTS File: ([2011/07/21 10:58:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (i-フィルター 5.0 ブラウザヘルパー/i-Filter 5.0 Browser Helper) - {0FAF6F52-1AD4-4282-9EA1-3EC884DA7AA3} - C:\Program Files (x86)\Digital Arts\IFP5\app\bin\ifp5toolbar64.dll (デジタルアーツ株式会社/Digital Arts, Inc)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
    O2 - BHO: (i-フィルター 5.0 ブラウザヘルパーブラウザヘルパー/i-Filter 5.0 Browser Helper) - {0FAF6F52-1AD4-4282-9EA1-3EC884DA7AA3} - C:\Program Files (x86)\Digital Arts\IFP5\app\bin\ifp5toolbar.dll (デジタルアーツ株式会社/Digital Arts, Inc)
    O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - File not found
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Trend ツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - File not found
    O3:64bit: - HKU\S-1-5-21-4226158196-507302392-1261982788-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NOBuActivation.exe (Symantec Corporation)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-4226158196-507302392-1261982788-1000..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-4226158196-507302392-1261982788-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-4226158196-507302392-1261982788-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-4226158196-507302392-1261982788-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Google サイドウィキ (Side Wiki) ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
    O8 - Extra context menu item: Google サイドウィキ (Side Wiki) ... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Bluetooth ヘ送る (send to) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Bluetooth デバイスに送信 (send to device) (&B) - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - File not found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/22 07:42:30 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/07/22 07:38:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/07/21 11:18:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/07/21 10:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ウイルスバスター2010
    [2011/07/21 10:20:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/07/21 10:20:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/07/21 10:20:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/07/21 10:18:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/07/21 10:18:49 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/07/21 10:12:07 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/07/21 10:11:24 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/07/21 10:00:36 | 004,151,535 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2011/07/20 10:08:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
    [2011/07/20 10:08:18 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/07/20 10:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/07/20 10:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/07/20 10:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/07/20 08:53:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Avira
    [2011/07/20 08:44:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/07/20 08:43:25 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2011/07/20 08:43:25 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2011/07/20 08:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/07/20 08:43:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
    [2011/07/20 08:41:22 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe
    [2011/07/20 08:41:22 | 000,489,596 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
    [2011/07/17 08:53:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Auslogics
    [2011/07/11 05:38:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\新しいフォルダー (New Folder)
    [2011/07/07 22:51:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{B84435D3-5D49-449C-8F61-B125AB7C1F52}
    [2011/07/05 14:40:13 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
    [2011/07/05 14:38:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/07/22 07:46:40 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/07/22 07:46:40 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/07/22 07:42:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/07/22 07:38:26 | 000,000,686 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/07/22 07:37:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/07/22 07:37:49 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/21 10:58:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/07/21 10:06:05 | 000,000,690 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/07/21 10:00:27 | 004,151,535 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2011/07/21 09:33:00 | 000,684,297 | ---- | M] () -- C:\Users\Owner\Desktop\unhide.exe
    [2011/07/20 10:03:33 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2011/07/20 10:03:33 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2011/07/20 10:03:15 | 001,226,912 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/07/20 10:03:15 | 000,618,912 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/07/20 10:03:15 | 000,392,912 | ---- | M] () -- C:\Windows\SysNative\perfh011.dat
    [2011/07/20 10:03:15 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc011.dat
    [2011/07/20 10:03:15 | 000,107,232 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/07/20 08:44:30 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/07/19 19:36:48 | 000,489,596 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.scr
    [2011/07/19 19:33:52 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\4dygtqcz.exe
    [2011/07/19 19:31:14 | 056,039,816 | ---- | M] () -- C:\Users\Owner\Desktop\avira_antivir_personal_en.exe
    [2011/07/19 19:24:26 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe
    [2011/07/11 06:00:07 | 000,000,000 | ---- | M] () -- C:\Users\Owner\Desktop\新しいビットマップ イメージ.bmp
    [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2011/07/05 15:52:42 | 000,001,381 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/07/05 15:44:42 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/07/05 15:44:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/07/05 12:56:44 | 000,000,240 | ---- | M] () -- C:\ProgramData\~37150456
    [2011/07/05 12:56:44 | 000,000,176 | ---- | M] () -- C:\ProgramData\~37150456r
    [2011/07/05 12:56:17 | 000,000,631 | ---- | M] () -- C:\Users\Owner\Desktop\Windows 7 Repair.lnk
    [2011/07/05 12:55:56 | 000,000,336 | ---- | M] () -- C:\ProgramData\37150456
    [2011/07/01 08:11:24 | 000,002,340 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/07/01 07:40:49 | 000,421,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/06/26 15:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/07/21 10:20:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/07/21 10:20:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/07/21 10:20:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/07/21 10:20:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/07/21 10:20:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/07/21 09:41:51 | 000,002,340 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/07/21 09:41:51 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/07/21 09:41:51 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\ウイルスバスター2010 (Virus Buster 2010) .lnk
    [2011/07/21 09:41:43 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2011/07/21 09:41:43 | 000,002,390 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2011/07/21 09:41:43 | 000,002,254 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO の設定 (Setup VAIO) .lnk
    [2011/07/21 09:41:43 | 000,002,177 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 8.0.lnk
    [2011/07/21 09:41:43 | 000,002,171 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\はじめよう (Start with)! Microsoft Office.lnk
    [2011/07/21 09:41:43 | 000,002,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO お引越サポート (Moving Support).lnk
    [2011/07/21 09:41:43 | 000,002,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Gallery.lnk
    [2011/07/21 09:41:43 | 000,002,028 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Media plus.lnk
    [2011/07/21 09:41:43 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
    [2011/07/21 09:41:43 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
    [2011/07/21 09:41:43 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\重要なお知らせ (Important Information).lnk
    [2011/07/21 09:41:43 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO限定特典ブロードバンド・モバイルご紹介 (Introduction to Mobile Broadband) .lnk
    [2011/07/21 09:41:43 | 000,001,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk
    [2011/07/21 09:41:43 | 000,001,605 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO オンラインカスタマー登録 (Online Customer Registration).lnk
    [2011/07/21 09:41:43 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    [2011/07/21 09:41:43 | 000,001,390 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    [2011/07/21 09:41:43 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
    [2011/07/21 09:41:43 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
    [2011/07/21 09:41:43 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
    [2011/07/21 09:41:43 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2011/07/21 09:41:43 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
    [2011/07/21 09:41:43 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
    [2011/07/21 09:41:43 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
    [2011/07/21 09:41:43 | 000,001,225 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
    [2011/07/21 09:41:43 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
    [2011/07/21 09:41:43 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
    [2011/07/21 09:41:43 | 000,001,025 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
    [2011/07/21 09:41:43 | 000,000,988 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO データリストアツール (Data restore tool) .lnk
    [2011/07/21 09:41:43 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    [2011/07/21 09:33:39 | 000,684,297 | ---- | C] () -- C:\Users\Owner\Desktop\unhide.exe
    [2011/07/20 08:41:18 | 056,039,816 | ---- | C] () -- C:\Users\Owner\Desktop\avira_antivir_personal_en.exe
    [2011/07/20 08:41:18 | 000,302,592 | ---- | C] () -- C:\Users\Owner\Desktop\4dygtqcz.exe
    [2011/07/11 06:00:07 | 000,000,000 | ---- | C] () -- C:\Users\Owner\Desktop\新しいビットマップ イメージ (New bitmap image).bmp
    [2011/07/05 15:44:42 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/07/05 15:44:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/07/05 12:56:44 | 000,000,240 | ---- | C] () -- C:\ProgramData\~37150456
    [2011/07/05 12:56:44 | 000,000,176 | ---- | C] () -- C:\ProgramData\~37150456r
    [2011/07/05 12:56:17 | 000,000,631 | ---- | C] () -- C:\Users\Owner\Desktop\Windows 7 Repair.lnk
    [2011/07/05 12:55:56 | 000,000,336 | ---- | C] () -- C:\ProgramData\37150456
    [2010/09/15 20:58:50 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
    [2010/08/11 14:31:00 | 000,000,056 | ---- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
    [2010/08/08 15:42:28 | 001,240,322 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/05/20 23:08:37 | 000,000,803 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
    [2010/05/20 22:48:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2010/04/07 16:43:12 | 000,001,105 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
    [2009/07/14 14:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/14 11:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/14 11:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/14 09:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/14 08:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/14 06:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/11 06:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2007/10/26 12:00:00 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\VSPpg8.dll

    ========== LOP Check ==========

    [2011/07/17 08:53:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
    [2010/11/28 21:27:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer
    [2011/04/26 07:48:38 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
     
  11. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Report malware

    Here`s part 2 of OLT.txt....

    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/08/26 08:43:17 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
    [2011/07/21 11:18:35 | 000,017,427 | ---- | M] () -- C:\ComboFix.txt
    [2011/07/22 07:37:49 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
    [2011/07/22 07:37:52 | 1873,698,816 | -HS- | M] () -- C:\pagefile.sys
    [2010/05/20 22:41:26 | 000,002,877 | ---- | M] () -- C:\RHDSetup.log
    [2011/06/13 07:22:41 | 000,683,847 | ---- | M] () -- C:\test.xml
    [2010/05/20 23:40:16 | 000,424,146 | ---- | M] () -- C:\vcredist_x86.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 14:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 14:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 14:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 14:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/11 05:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 13:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/07/05 15:52:42 | 000,000,221 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/07/19 19:33:52 | 000,302,592 | ---- | M] () -- C:\Users\Owner\Desktop\4dygtqcz.exe
    [2011/07/19 19:31:14 | 056,039,816 | ---- | M] () -- C:\Users\Owner\Desktop\avira_antivir_personal_en.exe
    [2011/07/21 10:00:27 | 004,151,535 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2011/07/19 19:24:26 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup.exe
    [2011/07/22 07:42:13 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2011/07/21 09:33:00 | 000,684,297 | ---- | M] () -- C:\Users\Owner\Desktop\unhide.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 06:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/10 16:44:05 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/07/05 12:55:56 | 000,000,336 | ---- | M] () -- C:\ProgramData\37150456
    [2010/10/29 10:40:30 | 000,000,952 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
    [2011/07/05 12:56:44 | 000,000,240 | ---- | M] () -- C:\ProgramData\~37150456
    [2011/07/05 12:56:44 | 000,000,176 | ---- | M] () -- C:\ProgramData\~37150456r

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
     
  12. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Report malware

    Here`s the log from Extras.txt..... I added English translation in "()".

    I see IE windows pop-ups once in a while and direct me to Google accounts (phishing site?). I always "X" out of IE when this occur, could this be eliminated?

    OTL Extras logfile created on: 2011/07/22 (金) 7:51:16 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Owner\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000411 | Country: 日本 (Japan) | Language: JPN | Date Format: yyyy/MM/dd' ('ddd')'

    1.75 Gb Total Physical Memory | 0.70 Gb Available Physical Memory | 40.21% Memory free
    3.49 Gb Paging File | 2.03 Gb Available in Paging File | 58.18% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.50 Gb Total Space | 246.15 Gb Free Space | 85.92% Space Free | Partition Type: NTFS

    Computer Name: OWNER-VAIO | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

    [HKEY_USERS\S-1-5-21-4226158196-507302392-1261982788-1000\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery MergeModules x64
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{393A9268-A428-4F5A-9B20-BD753309A98E}" = Click to Disc MergeModules x64
    "{3BF2C0A8-2C44-4A36-AA96-3BD6FB7BB01F}" = Windows Live Remote Client Resources
    "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{54C5B89F-0A8C-4C07-A51D-7380974DA459}" = Windows Live Remote Service Resources
    "{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VMp MergeModule x64
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{748C6213-E824-45E1-9FD2-82884263935C}" = Windows Live Family Safety
    "{90140000-0028-0411-1000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0411-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Japanese) 2010
    "{93D17967-5683-C13A-618A-B3450604C49F}" = ccc-utility64
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-011C-0411-1000-0000000FF1CE}" = Microsoft Office ナビ (Navi) 2010
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{9F1F4E90-5808-3CA8-8FF6-A5B0E60AF268}" = Microsoft .NET Framework 4 Client Profile JPN Language Pack
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
    "{C37B6246-7D4A-4E5C-BFB4-11C8660BDC99}" = VAIO Movie Story MergeModules x64
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA57D9DF-BE05-416A-96E4-2BB4884308E7}" = MSI_SPF_x64
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FED99701-A3A5-CE6B-4D04-DECF94784B89}" = ATI Catalyst Install Manager
    "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    "930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile JPN Language Pack" = Microsoft .NET Framework 4 Client Profile Language Pack - 日本語 (Japanese)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00721C5E-5B17-494C-95E5-208415864F62}" =
    "{03FCC0F4-0999-4D8A-BA8D-CC1CB87FCD9B}" = VAIO Care
    "{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
    "{06104EB1-967F-B7FB-0462-7412FC41FCB7}" = CCC Help Greek
    "{07441A52-E208-478A-92B7-5C337CA8C131}" = リモートプレイ (Remote Play) with PlayStation 3
    "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0B8A74C0-67FF-955F-8875-0D3BFB3212B2}" = Catalyst Control Center Localization All
    "{0E0CA282-7F32-4B0D-B427-78B9A3CBC42F}" = Messenger Companion
    "{0F3EF57F-D82E-4668-A199-6E7D13E85413}" = 筆ぐるめ (Fude Gurume) Ver.17
    "{10AB1F40-BDEC-4A8D-B427-30F9429378B0}" = Windows Live Movie Maker
    "{10E402DF-BF76-F1D8-FE5D-34BD0E3583C3}" = CCC Help Finnish
    "{127C8955-B5C5-4682-9428-B8243EC4E6AE}" = Remote Play with PlayStation 3
    "{135F66BD-34FD-42A9-D673-81222A0894A3}" = CCC Help Japanese
    "{15D95497-8F76-41E5-8894-EDDB59E39BD9}" = Windows Live メール (Mail)
    "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
    "{1DDCE98D-822A-70D5-E4C7-856EF821C7DA}" = CCC Help Czech
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{21D1464A-1C54-451E-B780-3ECB3DF8BD4E}" = VAIO Content Monitoring Settings
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO コンテンツ監視の設定 (Setup Contents Monitoring)
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
    "{28407C82-2730-D107-606C-EAC5AB783EEA}" = Catalyst Control Center Graphics Full New
    "{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
    "{2BDD5DFD-9F1F-4754-8BEB-A780D49E8C73}" = Sony Home Network Library
    "{31CE8192-EA0D-64FE-44A6-40D734E38EEC}" = CCC Help Chinese Traditional
    "{33339326-BC0E-7C60-A791-12B4AB2A0400}" = CCC Help Dutch
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{35A752A8-0944-187D-6EFD-39EE0C55D72A}" = Catalyst Control Center Graphics Previews Common
    "{35D112C4-9AB9-61DB-E0A4-F710F8D5325B}" = CCC Help Danish
    "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
    "{3F9CFC1F-6F82-EB76-D329-AA36B1B5B7D6}" = CCC Help English
    "{44E0DB64-566D-4126-82E6-206B4D76E902}" = VAIO Original Function Settings
    "{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
    "{5114A61F-F081-D40E-1C46-ECF0EF28A447}" = ccc-core-static
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO データリストアツール (Data Restore Tool)
    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
    "{5A59F3D7-4958-BA8C-452C-0C24EE70E9BB}" = CCC Help Hungarian
    "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
    "{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD
    "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO お引越サポート (Moving Support)
    "{641DD10E-47E0-4A1D-B858-EF507F948C50}" = VAIO Hardware Diagnostics
    "{653B181B-1A7E-E83B-6F1C-E1857FF871E4}" = CCC Help Norwegian
    "{675D8E1E-2388-4718-902C-E5FC4888AC0E}" = Windows Live Essentials
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
    "{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
    "{6C3F8916-D6A5-4A31-9DA8-80C973CE437F}" = Windows Live Writer
    "{6D423AE8-0E7D-4703-8EF7-500C5D36FD7F}" = Sony Home Network Library
    "{6F6D8BC6-CE36-493B-996F-04CD8CCC35A8}" = Bing Bar
    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7134EF35-DA07-41F8-A71F-66709E194BB5}" = Windows Live Mesh
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO の設定 (Setup VAIO)
    "{73552E64-2A9B-860C-1230-BD49FC5302A8}" = Catalyst Control Center Core Implementation
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7D0CA2AD-3A7D-AAC4-9485-C4A9CDEB9AA2}" = CCC Help Italian
    "{7D556460-6E5A-4C53-BCDD-7A7EAEBC169A}" = VAIO Entertainment Platform
    "{7FC5979A-DE2B-0000-DFE6-0B423C151F5B}" = CCC Help Russian
    "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO 省電力設定 (Power Management setup)
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84FFB317-A08A-4AEE-95EA-7FBA69A3F924}" = VAIO Entertainment Platform
    "{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = VAIO One Touch Startup Tool
    "{8594B956-55D6-DAA0-405D-A84D92198CBA}" = CCC Help Turkish
    "{884498F9-3430-A5AD-E518-6CDBD1E2C2C6}" = CCC Help Thai
    "{88A686A9-D687-4295-B633-50D8A4B88371}" = Windows Live Writer Resources
    "{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A66A2C8-0032-4949-8D99-C293A3EACF79}" = Windows Live Photo Common
    "{8C2BF804-A884-4C52-8C3B-2A71A808AA98}" = i-フィルター 5.0 )i-Filter 5.0)
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8D59BE38-3A4F-4525-AD0D-8980E9E31EFA}" = Windows Live フォト ギャラリー(Photo Gallery)
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
    "{90140000-0016-0411-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Japanese) 2010
    "{90140000-001A-0411-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Japanese) 2010
    "{90140000-001B-0411-0000-0000000FF1CE}" = Microsoft Office Word MUI (Japanese) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0411-0000-0000000FF1CE}" = Microsoft Office Proof (Japanese) 2010
    "{90140000-0028-0411-0000-0000000FF1CE}" = Microsoft Office IME (Japanese) 2010
    "{90140000-002C-0411-0000-0000000FF1CE}" = Microsoft Office Proofing (Japanese) 2010
    "{90140000-006E-0411-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Japanese) 2010
    "{91140000-0033-0000-0000-0000000FF1CE}" = Microsoft Office Personal 2010
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{94167E23-CADF-A30C-2962-C769FCAFCA00}" = CCC Help Korean
    "{95140000-007A-0411-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
    "{961B89D8-D2AA-4A5F-935D-B43159AF6DA6}" = VAIO オンラインカスタマー登録 (Online Customer Registration)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
    "{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
    "{98F2FA0E-923A-48C2-8EC7-62BD97E38FC0}" = VAIO Data Restore Tool
    "{9A86CB6C-B3AE-D212-7310-711CC4B72DE3}" = Catalyst Control Center Graphics Full Existing
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
    "{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
    "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO オリジナル機能の設定 (Setup Original Functions)
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A8A4A406-4127-CCB2-7249-7E84F27B59E6}" = CCC Help Portuguese
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9556859-D269-424A-BF4A-549C90352FB4}" = VAIO Media plus デジタル放送プラグイン (Digital Broadcast Plugin)
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AC76BA86-7AD7-1041-7B44-A93000000001}" = Adobe Reader 9.3.3 - Japanese
    "{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
    "{B05B64BA-D9C8-47B9-A2CB-A1F8E796C843}" = Windows Live Messenger
    "{B22615EE-2963-CB47-E043-B0BCC322A628}" = CCC Help Spanish
    "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
    "{B4320558-EC97-3860-9C25-E8E2E9D490C8}" = CCC Help French
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
    "{BAF0CA91-4642-46C8-9BCD-C93B61508701}" = リモート接続用の Windows Live Mesh ActiveX コントロール(Control for Remote Assistance connection) (日本語/Japanese)
    "{C416CBB4-00BA-4E78-878A-590C5FD4A7A1}" = VAIO Media plus
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
    "{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{CCCB84FD-C8EC-ECA1-70C3-A429CBD1E64E}" = Catalyst Control Center Graphics Previews Vista
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF214A6D-3290-1EAC-C33D-2CB0C867F551}" = CCC Help Swedish
    "{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
    "{DD2781E9-C64C-EC9D-3147-9D19495BDFD4}" = CCC Help Polish
    "{DD6033FA-AA60-D93A-3E24-1787707C681B}" = Catalyst Control Center InstallProxy
    "{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
    "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E4D0AD3B-0496-68DC-B093-2DF506988E99}" = CCC Help Chinese Standard
    "{E9FE79DA-E79B-A2DB-1178-74C6881C6521}" = CCC Help German
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{EE408577-9C0E-4E5F-BCB2-DB5B3A220958}" = Windows Live UX Platform Language Pack
    "{EFBA1469-E0DA-4825-96AB-12B2988E9A28}" = Media Gallery
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F32B1F08-4042-08A6-DA31-FD3CF56F2A77}" = Catalyst Control Center Graphics Light
    "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
    "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
    "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "Google Chrome" = Google Chrome
    "InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
    "InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
    "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
    "InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
    "InstallShield_{A9556859-D269-424A-BF4A-549C90352FB4}" = VAIO Media plus デジタル放送プラグイン (Digital Broadcast Plugin)
    "InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Office14.PERSONALR" = Microsoft Office 2010
    "PremElem80" = Adobe Premiere Elements 8.0
    "VAIO限定特典ブロードバンド・モバイルご紹介 (Introduction to Mobile Broadband for VAIO)" = VAIO限定特典ブロードバンド・モバイルご紹介 (Introduction to Mobile Broadband for VAIO)
    "WinLiveSuite" = Windows Live Essentials

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 2011/07/16 (土) 20:51:38 | Computer Name = Owner-VAIO | Source = SideBySide | ID = 16842785
    Description = "C:\Windows\system32\conhost.exe" のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ (Activation context generation failed. Dependent Assembly)
    Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    が見つかりませんでした(was not found)。 詳細な診断を行うには sxstrace.exe を実行してください。(To make a detailed diagnosis, please run sxstrace.exe)

    Error - 2011/07/16 (土) 20:51:50 | Computer Name = Owner-VAIO | Source = SideBySide | ID = 16842785
    Description = "C:\Windows\system32\conhost.exe" のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ (Activation context generation failed. Dependent Assembly)
    Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    が見つかりませんでした (was not found)。 詳細な診断を行うには sxstrace.exe を実行してください(To make a detailed diagnosis, please run sxstrace.exe)。

    Error - 2011/07/16 (土) 20:51:50 | Computer Name = Owner-VAIO | Source = SideBySide | ID = 16842785
    Description = "C:\Windows\system32\conhost.exe" のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ (Activation context generation failed. Dependent Assembly)
    Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    が見つかりませんでした was not found)。 詳細な診断を行うには sxstrace.exe を実行してください。(To make a detailed diagnosis, please run sxstrace.exe)

    Error - 2011/07/16 (土) 20:51:50 | Computer Name = Owner-VAIO | Source = SideBySide | ID = 16842785
    Description = "C:\Windows\system32\conhost.exe" のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ (Activation context generation failed. Dependent Assembly)
    Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    が見つかりませんでした (was not found)。 詳細な診断を行うには sxstrace.exe を実行してください。(To make a detailed diagnosis, please run sxstrace.exe)

    Error - 2011/07/16 (土) 20:54:18 | Computer Name = Owner-VAIO | Source = SideBySide | ID = 16842785
    Description = "C:\Windows\system32\conhost.exe" のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ (Activation context generation failed. Dependent Assembly)
    Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    が見つかりませんでした (was not found)。 詳細な診断を行うには sxstrace.exe を実行してください。(To make a detailed diagnosis, please run sxstrace.exe)

    Error - 2011/07/16 (土) 20:54:42 | Computer Name = Owner-VAIO | Source = SideBySide | ID = 16842785
    Description = "C:\Windows\system32\conhost.exe" のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ (Activation context generation failed. Dependent Assembly)
    Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    が見つかりませんでした (was not found)。 詳細な診断を行うには sxstrace.exe を実行してください。(To make a detailed diagnosis, please run sxstrace.exe)

    Error - 2011/07/16 (土) 20:54:43 | Computer Name = Owner-VAIO | Source = SideBySide | ID = 16842785
    Description = "C:\Windows\system32\conhost.exe" のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ (Activation context generation failed. Dependent Assembly)
    Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    が見つかりませんでした (was not found)。 詳細な診断を行うには sxstrace.exe を実行してください。(To make a detailed diagnosis, please run sxstrace.exe)

    Error - 2011/07/16 (土) 20:54:50 | Computer Name = Owner-VAIO | Source = SideBySide | ID = 16842785
    Description = "C:\Windows\system32\conhost.exe" のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ (Activation context generation failed. Dependent Assembly)
    Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    が見つかりませんでした (was not found)。 詳細な診断を行うには sxstrace.exe を実行してください。(To make a detailed diagnosis, please run sxstrace.exe)

    Error - 2011/07/16 (土) 20:54:50 | Computer Name = Owner-VAIO | Source = SideBySide | ID = 16842785
    Description = "C:\Windows\system32\conhost.exe" のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ (Activation context generation failed. Dependent Assembly)
    Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    が見つかりませんでした (was not found)。 詳細な診断を行うには sxstrace.exe を実行してください。(To make a detailed diagnosis, please run sxstrace.exe)

    Error - 2011/07/16 (土) 20:54:50 | Computer Name = Owner-VAIO | Source = SideBySide | ID = 16842785
    Description = "C:\Windows\system32\conhost.exe" のアクティブ化コンテキストの生成に失敗しました。 従属アセンブリ (Activation context generation failed. Dependent Assembly)
    Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"
    が見つかりませんでした (was not found)。 詳細な診断を行うには sxstrace.exe を実行してください。(To make a detailed diagnosis, please run sxstrace.exe)

    [ Media Center Events ]
    Error - 2010/08/10 (火) 1:33:21 | Computer Name = Owner-VAIO | Source = MCUpdate | ID = 0
    Description = 14:33:09 - インターネットの接続中にエラーが発生しました (Error occurred while connecting to the internet) 。 14:33:17 - サーバーと通信できません (Cannot communicate with the server)。.

    Error - 2010/08/10 (火) 1:34:44 | Computer Name = Owner-VAIO | Source = MCUpdate | ID = 0
    Description = 14:33:45 - インターネットの接続中にエラーが発生しました (Error occurred while connecting to the internet)。 14:33:45 - サーバーと通信できません (Cannot communicate with the server)。.

    [ System Events ]
    Error - 2011/07/20 (水) 21:16:25 | Computer Name = Owner-VAIO | Source = Service Control Manager | ID = 7026
    Description = 次のブート開始ドライバーまたはシステム開始ドライバーを読み込めませんでした (Unable to read following boot initialization driver or system initialization driver): avipbb discache spldr Wanarpv6

    Error - 2011/07/20 (水) 21:16:31 | Computer Name = Owner-VAIO | Source = DCOM | ID = 10005
    Description =

    Error - 2011/07/20 (水) 21:16:40 | Computer Name = Owner-VAIO | Source = DCOM | ID = 10005
    Description =

    Error - 2011/07/20 (水) 21:16:42 | Computer Name = Owner-VAIO | Source = DCOM | ID = 10005
    Description =

    Error - 2011/07/20 (水) 21:16:42 | Computer Name = Owner-VAIO | Source = DCOM | ID = 10005
    Description =

    Error - 2011/07/20 (水) 21:20:51 | Computer Name = Owner-VAIO | Source = DCOM | ID = 10005
    Description =

    Error - 2011/07/20 (水) 21:40:55 | Computer Name = Owner-VAIO | Source = Service Control Manager | ID = 7030
    Description = PEVSystemStart サービスは、対話型サービスとしてマークされています (~ service is marked as interactive service) 。しかし、システムは対話型サービスを許可しないように構成されています (However the system is configured not to allow interactive service)。このサービスは正常に機能しない可能性があります (This service may not function properly)。

    Error - 2011/07/20 (水) 21:54:05 | Computer Name = Owner-VAIO | Source = Application Popup | ID = 1060
    Description = このシステムとの互換性がないため 、\??\C:\ComboFix\catchme.sys の読み込みはブロックされています(Loading \??\C:\ComboFix\catchme.sys is blocked due this software is not compatible with this system)。ソフトウェア
    ベンダーに連絡して、互換性があるバージョンのドライバーを入手してください (Please contact software vender to obtain compatible driver)。

    Error - 2011/07/20 (水) 21:58:22 | Computer Name = Owner-VAIO | Source = Service Control Manager | ID = 7030
    Description = PEVSystemStart サービスは、対話型サービスとしてマークされています(~ service is marked as interactive service) 。しかし、システムは対話型サービスを許可しないように構成されています(However the system is configured not to allow interactive service)。このサービスは正常に機能しない可能性があります (This service may not operate properly)。

    Error - 2011/07/21 (木) 18:40:57 | Computer Name = Owner-VAIO | Source = Service Control Manager | ID = 7009
    Description = Roxio Upnp Server 10 サービスの接続を待機中にタイムアウト (30000 ミリ秒/millisec) になりました (Roxio Upnp Server 10 service has timed out)。


    < End of report >
     
  13. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Good news :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - File not found
      O3 - HKLM\..\Toolbar: (Trend ツールバー) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - File not found
      [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Report malware

    Hi Broni,

    Thank you very much for your response.. Following is the log from implementing "Run Fix" script with OLT....

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43C6D902-A1C5-45c9-91F6-FD9E90337E18}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCAC5586-44D7-4c43-B64A-F042461A97D2} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCAC5586-44D7-4c43-B64A-F042461A97D2}\ deleted successfully.
    C:\Windows\msdownld.tmp folder deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Owner
    ->Temp folder emptied: 83331 bytes
    ->Temporary Internet Files folder emptied: 48038854 bytes
    ->Java cache emptied: 3081 bytes
    ->Google Chrome cache emptied: 16311185 bytes
    ->Flash cache emptied: 101046 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 90 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 465056 bytes
    RecycleBin emptied: 1098 bytes

    Total Files Cleaned = 62.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Owner
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.26.1 log created on 07222011_104359

    Files\Folders moved on Reboot...
    C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF7E2C3D0501526382.TMP not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DF8A0AB561FAC5DB6D.TMP not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DFDFF8C4B6052BF2E8.TMP not found!
    File\Folder C:\Users\Owner\AppData\Local\Temp\~DFEFF41D6C3931261F.TMP not found!
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OCNN3XP9\aceUACping[1].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBCU2USO\cashaktv_mevio_com[1].htm moved successfully.
    File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBCU2USO\jeter-gets-3-000-hits[1].htm not found!
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MBCU2USO\xd_receiver[2].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M9CGAHRN\emily[3].htm moved successfully.
    File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWQ52420\login_status[1].htm not found!
    File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWQ52420\xd_receiver[1].htm not found!
    File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRQF6O2E\fw-nonplayer-banner[1].htm not found!
    File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRQF6O2E\fw-nonplayer-banner[2].htm not found!
    File\Folder C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JRQF6O2E\fw-nonplayer-banner[3].htm not found!
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADXELZ0N\iframe[1].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZXXSGIL\fw-nonplayer-banner[1].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZXXSGIL\fw-nonplayer-banner[2].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZXXSGIL\fw-nonplayer-banner[3].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4O6Y3VYA\383630834561423919[1].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4O6Y3VYA\client_restserver[1].htm moved successfully.
    C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1HJ1343P\login_status[1].htm moved successfully.

    Registry entries deleted on Reboot...
     
  15. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Report malware

    Hi Broni,

    Following is the log from Security Check.exe....

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Flash Player
    Adobe Reader 9.3.3 - Japanese
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
     
  16. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Report malware

    Hi Broni,

    Ran Temp File Cleaner (TFC) and with a glance of report, I think no infection found, since it did not offer a log file, cannot confirm.

    The system has been rebooted, currently running ESET Online Scanner.... Will post the log once completed.....
     
  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.
     
  18. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Report malware

    Hi Broni,

    Will uninstall old Adobe Reader and update to the latest version. Don't konw if the user utilize Adobe Photoshop® Album Starter Edition but will confirm tomorrow and delete is it unnecessary tomorrow. Still running ESET Online Scanner... logs will be updated upon completion...

    Thanks!
     
  19. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Adobe Photoshop doesn't bother anything.
     
  20. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Report malware

    Hi Broni..

    I just got a window prompt if I want to delete Gmail? I don't currently have a Gmail account hence I clicked "No" to the request.

    ESET Online Scanner is currentl at 88%, will update it's log once completed...
     
  21. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Report malware

    Hi Broni,

    ESET Online Scanner did NOT detect any virus and/or spyware/malicious software threats...

    Trying to update Adobe Reader... keep getting redirected to difference site; cannot update as of this moment.


    I apologise, this will be my last post for the day.... I need some rest to work tomorrow.... Will revert back tomorrow evening EST..

    Thanks!
    Ted
     
  22. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Redirecting to what site?
    What browser is in use?
     
  23. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Re: Please help... Infected to PC Performance and Stability Analysis Report malware

    Hi Broni,

    I'm back again.... I apologies for not being specific with redirecting issue. The system uses IE 9 as browser and it's redirected to site called "Adult Friend Finder". Everytime when I try to open http://get.adobe.com/ website, "ausbone.net" seem to redirect to random sites. When I try to hit "Back to" button at top left corner of the browser, "ausbone.net" seems to interfere and tries redirecting to different site. Most of the time when redirected, "Back to" button does not function (or redirects to the displayed site over and over again).

    I manually inputed http://www.adobe.co.jp/, went to downloads and installed the latest version Adobe Reader X (10.1.0) Japanese version.

    All previous versions of Adobe Reader has been uninstalled.

    I also noticed the desktop does not have Recycle bin present, which is kind of odd. Is there a setting just to remove Recycle bin from the desktop?

    I hope I provided enough information this time.

    Very much appreciate your help.

    Ted
     
  24. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    New IE window pops up

    Hi,

    I just noticed while waiting, a new IE browser window poped up out of no where (I did not initialize to open new IE browser) and displayed a website. The displayed website is redirected to different site every once in while, so far following sites has displayed:
    1. InformationWeek free subscription
    2. United Business Media LLC Privacy Notice
    3. Adobe Flash Player Help
    4. Adobe Product Security Incident Response Team (PSIRT) Blog

    And now all of a sudden this IE browser window just disappeared. Next time I'll time this if necessary and post again.

    Updated 7:43 PM EDT
     
  25. zx9rkuma

    zx9rkuma TS Rookie Topic Starter Posts: 34

    Another IE browser window pop up

    Hi,

    There it is again at 8:19PM, a new IE browser window poped up displaying Google search web page.

    8:20PM redirected for Google Images search
    8:22PM redirected to Google Advanced Image Search
    8:30PM mysteriously disappeared
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...