Hi all,
I'm a total newbie on virus removal and posting and could really do with some help (on the virus removal, at least).
A couple of days ago AVG suddenly discovered 50 or more DLL files in the C:\Windows\System32 registry, infected with Trojan horse Generic27.PN, plus 10 files infected with ZeroAccess.dr.gen.d - all of which it moved to the virus vault. However the first to come up on the list was a Trojan Horse Hider.PHL, which was listed as C:\Windows\System32\drivers\netbt.sys and says that it cannot be deleted as it is white-listed.
In an attempt to solve the problem I have tried a couple of things, and have made things worse. The main problem, I think, is that I ran ComboFix without uninstalling AVG 2012. Consequently the offending file is still there, but now some processes don't work, such as the Cisco Network Magic, also iTunes doesn't realise when the iPhone is connected to the computer. Of course I'm not sure exactly of the cause-effect relationships between the symptoms andthe problems.
······························································································
Here is my Malwarebytes log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.01.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX1 [administrator]
01/03/2012 22:45:01
mbam-log-2012-03-01 (22-45-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224876
Time elapsed: 16 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\Users\Alex\AppData\Local\Temp\EE6E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\rf21D4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Windows\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
(end)
·······························································································
This is the GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-02 00:42:34
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916082 rev.3.AL
Running: iqegc7xy.exe; Driver: C:\Users\Alex\AppData\Local\Temp\pxldrpog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
---- EOF - GMER 1.0.15 ----
··································································································
DDS.txt log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Alex at 23:38:10 on 2012-03-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.2046.1108 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\realplayer\Update\realsched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Alex\Desktop\iqegc7xy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.club-vaio.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Epson Stylus SX420W(Red)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigce.exe /fu "c:\windows\temp\E_S4AE6.tmp" /EF "HKCU"
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [<NO NAME>]
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\PPLive.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\HMIPCore.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: Interfaces\{15448C3D-5D86-4B6C-830E-B4CE2A799D7E} : DhcpNameServer = 212.166.132.110 212.73.32.67
TCP: Interfaces\{ADC11338-86D6-4FA2-AEE2-7F464DC59742} : NameServer = 80.58.61.250,80.58.61.254
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\tpjz0gz9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.es
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=es_ES&apn_uid=2de66ec4-efc9-44ec-948f-537ffdd02f3d&apn_ptnrs=PV&apn_sauid=D915F3F0-03C6-479F-A3F7-384768212BA1&apn_dtid=YYYYYYYYES&&q=
FF - component: c:\program files\avg\avg2012\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\tpjz0gz9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\tpjz0gz9.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\alex\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 48138bdb-ed0c-42cc-a799-0ee5a9d9103a
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-1-17 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 38616]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2012-2-25 20376]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
R2 FontCache;Servicio de caché de fuentes de Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-5 21504]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-7-11 632792]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-25 1153368]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-3-5 5189992]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\hide my ip 2009\HideMyIpSrv.exe [2011-8-6 2396464]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-5-10 74240]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-5-10 43904]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2010-9-8 31848]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-5-10 31104]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-23 812544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DivisCTP;DKbFltr;c:\windows\system32\svchost.exe -k netsvcs [2008-9-5 21504]
S2 gupdate1ca56c196461217;Servicio Google Update (gupdate1ca56c196461217);c:\program files\google\update\GoogleUpdate.exe [2009-10-27 133104]
S2 mcproxy;NIPALK;c:\windows\system32\svchost.exe -k netsvcs [2008-9-5 21504]
S2 pav_security;Svchost;c:\windows\system32\svchost.exe -k netsvcs [2008-9-5 21504]
S2 pavatscheduler;GoToAssist;c:\windows\system32\svchost.exe -k netsvcs [2008-9-5 21504]
S2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;"c:\program files\symantec\liveupdate\aluschedulersvc.exe" --> c:\program files\symantec\liveupdate\ALUSchedulerSvc.exe [?]
S2 symantecantibotdriver;Nv4;c:\windows\system32\svchost.exe -k netsvcs [2008-9-5 21504]
S2 symantecantibotfilter;Sqlserveragent;c:\windows\system32\svchost.exe -k netsvcs [2008-9-5 21504]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-27 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-1 40776]
S3 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2009-5-28 28224]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2010-9-8 31848]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-5-19 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-5-19 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-5-19 1089536]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;Soporte de impresión WSD a través de UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-9-5 16896]
S3 WSDScan;Compatibilidad con digitalización de WSD a través de UMB;c:\windows\system32\drivers\WSDScan.sys [2008-9-5 19968]
.
=============== Created Last 30 ================
.
2012-03-01 21:43:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-01 21:43:02 -------- d-----w- c:\users\alex\appdata\roaming\Malwarebytes
2012-03-01 21:42:47 -------- d-----w- c:\programdata\Malwarebytes
2012-03-01 21:42:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 21:42:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-01 04:34:22 -------- d-----w- c:\program files\Pure Networks
2012-03-01 04:30:02 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
2012-03-01 04:26:47 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
2012-02-29 22:22:24 -------- d-----w- c:\users\alex\appdata\local\ElevatedDiagnostics
2012-02-29 22:18:26 -------- d-----w- C:\MATS
2012-02-29 21:47:00 -------- d-----w- c:\users\alex\appdata\local\{F593320D-EEF6-43E0-AB98-49F8C2331379}
2012-02-29 06:16:41 -------- d-----w- c:\users\alex\appdata\local\{2ED913C6-D08D-4340-A84D-696886EFB76D}
2012-02-29 06:16:39 -------- d-----w- c:\users\alex\appdata\local\{5E093480-2754-40D4-8F6B-7C38230A89D7}
2012-02-29 02:37:03 -------- d-s---w- C:\ComboFix
2012-02-29 01:31:37 518144 ----a-w- c:\windows\SWREG.exe
2012-02-29 01:31:37 256000 ----a-w- c:\windows\PEV.exe
2012-02-29 01:31:37 208896 ----a-w- c:\windows\MBR.exe
2012-02-29 01:31:36 98816 ----a-w- c:\windows\sed.exe
2012-02-29 01:02:35 -------- d-----w- c:\users\alex\appdata\local\{C8C65D31-2596-4BA9-B210-893FE5B9A2E5}
2012-02-29 00:42:07 -------- d-----w- c:\users\alex\appdata\local\{23AD7B5E-E160-4F30-972E-633037E6DAA9}
2012-02-29 00:41:59 -------- d-----w- c:\users\alex\appdata\local\{9E118399-76D7-4B01-A6E9-1AF55306457A}
2012-02-29 00:41:01 -------- d-----w- c:\programdata\CPA_VA
2012-02-28 23:30:01 -------- d-----w- c:\programdata\Comodo
2012-02-28 23:29:34 -------- d-----w- c:\program files\Comodo
2012-02-28 23:29:25 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-02-28 21:45:50 -------- d-----w- c:\users\alex\appdata\local\{2DE96566-4A5C-45C3-A84B-9E65F6BECD59}
2012-02-28 19:39:24 -------- d--h--w- C:\$AVG
2012-02-28 19:34:57 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-28 12:58:33 -------- d-sh--w- c:\users\alex\appdata\local\784db967
2012-02-28 07:48:21 -------- d-----w- c:\users\alex\appdata\local\{A954444E-9975-48CE-927C-68EC66877FDE}
2012-02-28 07:48:01 -------- d-----w- c:\users\alex\appdata\local\{FB506D39-0D68-4370-A4EE-0C103E9C6341}
2012-02-26 19:25:18 -------- d-----w- c:\users\alex\appdata\local\{4FAFA812-F776-45FC-8672-D50D09663773}
2012-02-26 19:24:58 -------- d-----w- c:\users\alex\appdata\local\{59FFEBCF-7949-432D-8033-1987AB8A0177}
2012-02-26 00:51:13 -------- d-----w- c:\programdata\AVG2012
2012-02-26 00:40:49 -------- d-----w- c:\users\alex\appdata\local\{8141EBDD-C803-4730-ACF9-C39697BD4167}
2012-02-26 00:01:52 -------- d-----w- c:\users\alex\appdata\local\{88F79FF9-D064-4DF5-B911-1BFA9E3F5438}
2012-02-26 00:01:42 -------- d-----w- c:\users\alex\appdata\local\{D80E769F-FC79-4C6B-80F2-F9AFA48F8682}
2012-02-25 23:32:08 -------- d-----w- c:\users\alex\appdata\local\{6ADBBDF9-C208-4B8C-B778-23E8A8135C62}
2012-02-25 23:31:37 -------- d-----w- c:\users\alex\appdata\local\{C73A60B8-45A1-495A-90D7-E007758A540C}
2012-02-25 23:09:30 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{005bcc3e-5a25-437d-a91b-61ac26a4a573}\mpengine.dll
2012-02-25 22:42:45 -------- d-----w- c:\users\alex\appdata\local\{66CC1A27-3490-41DC-B43F-95EC64E97836}
2012-02-25 22:20:55 -------- d-----w- c:\users\alex\appdata\local\{88D2767A-6FE7-45D8-8450-562039C2A909}
2012-02-25 22:20:33 -------- d-----w- c:\users\alex\appdata\local\{32AB2642-DB5E-4A62-8768-CB806D177981}
2012-02-25 21:24:21 -------- d-----w- c:\users\alex\appdata\local\{A0ED7053-E390-45E5-9009-495AA8C85C81}
2012-02-25 21:24:02 -------- d-----w- c:\users\alex\appdata\local\{C2E1EA9E-C816-4495-A2FF-80F06D6F9A6B}
2012-02-25 16:10:05 -------- d-----w- c:\users\alex\appdata\local\{15AA8A03-7E69-4502-8346-BBBBE59E0B79}
2012-02-25 16:09:30 -------- d-----w- c:\users\alex\appdata\local\{6A9263FF-D1CE-47CF-930F-EAF61C9DBA44}
2012-02-25 11:24:48 -------- d-----w- c:\users\alex\appdata\local\{7D9B443E-E5F2-43D4-8324-0D9F45A71DA1}
2012-02-25 11:16:25 -------- d-----w- c:\program files\Linksys
2012-02-25 11:06:33 -------- d-----w- c:\users\alex\appdata\local\{6FEE4590-E53C-48BC-8A53-0B8D4EF97126}
2012-02-25 10:36:20 76184 ----a-w- c:\windows\system32\atsckernel.exe
2012-02-25 10:36:11 20376 ----a-w- c:\windows\system32\atashost.exe
2012-02-25 10:35:42 -------- d-----w- c:\programdata\webex
2012-02-25 10:33:59 8892928 ----a-w- c:\programdata\atscie.msi
2012-02-25 10:29:45 -------- d-----w- c:\program files\common files\Pure Networks Shared
2012-02-25 10:28:57 -------- d-----w- c:\programdata\Pure Networks
2012-02-25 10:25:53 -------- d-----w- c:\users\alex\appdata\local\{D8AB69F3-A6D9-4595-A98B-64A33605A736}
2012-02-23 06:13:49 -------- d-----w- c:\users\alex\appdata\local\{B56E4FCC-84F8-4A5A-947D-5324C0688AF9}
2012-02-23 06:13:38 -------- d-----w- c:\users\alex\appdata\local\{5625D403-FE33-4996-826C-A2E4D0ED6F2A}
2012-02-15 06:05:42 -------- d-----w- c:\users\alex\appdata\local\{516E1273-AFCD-4AB3-BEE9-F8BF06457136}
2012-02-15 05:42:14 -------- d-----w- c:\users\alex\appdata\local\{FFAF98B4-ADD5-4BAF-B23B-6C4BFD6C4023}
2012-02-14 21:25:12 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:22:01 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 21:22:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-13 21:21:54 -------- d-----w- c:\users\alex\appdata\local\{B97D186F-F691-4998-AFA1-FD6F50D6AB94}
2012-02-13 21:21:02 -------- d-----w- c:\users\alex\appdata\local\{88FACDBD-5293-4E49-A585-E08F367125D8}
2012-02-08 19:59:51 -------- d-----w- c:\users\alex\appdata\local\{C57E4485-B618-47A2-9C86-3F6443FE0073}
2012-02-07 17:09:06 -------- d-----w- c:\users\alex\appdata\local\{BEA32A92-C12F-400E-B317-596FC82F0D1B}
2012-02-07 17:08:21 -------- d-----w- c:\users\alex\appdata\local\{77FED599-A32F-4B8E-B1D9-CB6800F79875}
2012-02-07 12:37:20 -------- d-----w- c:\users\alex\appdata\local\{D766FBE8-130F-4E31-9024-7001C8381781}
2012-02-02 21:02:21 -------- d-----w- c:\users\alex\appdata\local\{B7144D6B-78BE-40F7-A5B9-3F88D278FFFD}
2012-02-01 04:35:32 -------- d-----w- c:\users\alex\appdata\local\{8830844A-7D23-4343-8B52-FF911D31159A}
2012-02-01 04:35:01 -------- d-----w- c:\users\alex\appdata\local\{83B54E48-F548-49A5-8E05-E2C1A55457F7}
.
==================== Find3M ====================
.
2012-02-28 19:37:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 20:00:32 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 17:59:06 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 17:59:04 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 17:58:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 17:58:56 301224 ----a-w- c:\windows\system32\guard32.dll
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 23:39:55,65 ===============
·································································································
I'm a total newbie on virus removal and posting and could really do with some help (on the virus removal, at least).
A couple of days ago AVG suddenly discovered 50 or more DLL files in the C:\Windows\System32 registry, infected with Trojan horse Generic27.PN, plus 10 files infected with ZeroAccess.dr.gen.d - all of which it moved to the virus vault. However the first to come up on the list was a Trojan Horse Hider.PHL, which was listed as C:\Windows\System32\drivers\netbt.sys and says that it cannot be deleted as it is white-listed.
In an attempt to solve the problem I have tried a couple of things, and have made things worse. The main problem, I think, is that I ran ComboFix without uninstalling AVG 2012. Consequently the offending file is still there, but now some processes don't work, such as the Cisco Network Magic, also iTunes doesn't realise when the iPhone is connected to the computer. Of course I'm not sure exactly of the cause-effect relationships between the symptoms andthe problems.
······························································································
Here is my Malwarebytes log:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Database version: v2012.03.01.07
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX1 [administrator]
01/03/2012 22:45:01
mbam-log-2012-03-01 (22-45-01).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224876
Time elapsed: 16 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 6
C:\Users\Alex\AppData\Local\Temp\EE6E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\rf21D4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Alex\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
C:\Windows\Temp\{E9C1E1AC-C9B2-4c85-94DE-9C1518918D02}.tlb (Rootkit.Zeroaccess) -> Quarantined and deleted successfully.
(end)
·······························································································
This is the GMER log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-03-02 00:42:34
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916082 rev.3.AL
Running: iqegc7xy.exe; Driver: C:\Users\Alex\AppData\Local\Temp\pxldrpog.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\tdx \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
---- EOF - GMER 1.0.15 ----
··································································································
DDS.txt log:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Alex at 23:38:10 on 2012-03-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.2046.1108 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\realplayer\Update\realsched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Alex\Desktop\iqegc7xy.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Windows\system32\WerCon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.club-vaio.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers runtime\YontooIEClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Epson Stylus SX420W(Red)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigce.exe /fu "c:\windows\temp\E_S4AE6.tmp" /EF "HKCU"
uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [VAIOCameraUtility] "c:\program files\sony\vaio camera utility\VCUServe.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [<NO NAME>]
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
StartupFolder: c:\users\alex\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {95B3F550-91C4-4627-BCC4-521288C52977} - c:\program files\pplive\PPLive.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
LSP: c:\windows\system32\HMIPCore.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: Interfaces\{15448C3D-5D86-4B6C-830E-B4CE2A799D7E} : DhcpNameServer = 212.166.132.110 212.73.32.67
TCP: Interfaces\{ADC11338-86D6-4FA2-AEE2-7F464DC59742} : NameServer = 80.58.61.250,80.58.61.254
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\alex\appdata\roaming\mozilla\firefox\profiles\tpjz0gz9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.es
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=es_ES&apn_uid=2de66ec4-efc9-44ec-948f-537ffdd02f3d&apn_ptnrs=PV&apn_sauid=D915F3F0-03C6-479F-A3F7-384768212BA1&apn_dtid=YYYYYYYYES&&q=
FF - component: c:\program files\avg\avg2012\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff5.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff6.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff7.dll
FF - component: c:\program files\avg\avg2012\firefox4\components\avgssff8.dll
FF - component: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\tpjz0gz9.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\alex\appdata\roaming\mozilla\firefox\profiles\tpjz0gz9.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\alex\appdata\roaming\mozilla\plugins\npcoolirisplugin.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 48138bdb-ed0c-42cc-a799-0ee5a9d9103a
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-1-17 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-12-19 38616]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2012-2-25 20376]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2011-11-23 1052472]
R2 FontCache;Servicio de caché de fuentes de Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-5 21504]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-7-11 632792]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-11-25 1153368]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-3-5 5189992]
R3 HideMyIpSRV;HideMyIpSRV;c:\program files\hide my ip 2009\HideMyIpSrv.exe [2011-8-6 2396464]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-5-10 74240]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-5-10 43904]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2010-9-8 31848]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2007-5-10 31104]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-4-23 812544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DivisCTP;DKbFltr;c:\windows\system32\svchost.exe -k netsvcs [2008-9-5 21504]
S2 gupdate1ca56c196461217;Servicio Google Update (gupdate1ca56c196461217);c:\program files\google\update\GoogleUpdate.exe [2009-10-27 133104]
S2 mcproxy;NIPALK;c:\windows\system32\svchost.exe -k netsvcs [2008-9-5 21504]
S2 pav_security;Svchost;c:\windows\system32\svchost.exe -k netsvcs [2008-9-5 21504]
S2 pavatscheduler;GoToAssist;c:\windows\system32\svchost.exe -k netsvcs [2008-9-5 21504]
S2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;"c:\program files\symantec\liveupdate\aluschedulersvc.exe" --> c:\program files\symantec\liveupdate\ALUSchedulerSvc.exe [?]
S2 symantecantibotdriver;Nv4;c:\windows\system32\svchost.exe -k netsvcs [2008-9-5 21504]
S2 symantecantibotfilter;Sqlserveragent;c:\windows\system32\svchost.exe -k netsvcs [2008-9-5 21504]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-22 1493352]
S3 gupdatem;Servicio de Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-10-27 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-3-1 40776]
S3 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-5-10 18432]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\system32\drivers\PCAMp50.sys [2009-5-28 28224]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2010-9-8 31848]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-5-19 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-5-19 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-5-19 1089536]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;Soporte de impresión WSD a través de UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-9-5 16896]
S3 WSDScan;Compatibilidad con digitalización de WSD a través de UMB;c:\windows\system32\drivers\WSDScan.sys [2008-9-5 19968]
.
=============== Created Last 30 ================
.
2012-03-01 21:43:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-03-01 21:43:02 -------- d-----w- c:\users\alex\appdata\roaming\Malwarebytes
2012-03-01 21:42:47 -------- d-----w- c:\programdata\Malwarebytes
2012-03-01 21:42:45 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-01 21:42:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-01 04:34:22 -------- d-----w- c:\program files\Pure Networks
2012-03-01 04:30:02 26672 ----a-w- c:\windows\system32\drivers\pnarp.sys
2012-03-01 04:26:47 27696 ----a-w- c:\windows\system32\drivers\purendis.sys
2012-02-29 22:22:24 -------- d-----w- c:\users\alex\appdata\local\ElevatedDiagnostics
2012-02-29 22:18:26 -------- d-----w- C:\MATS
2012-02-29 21:47:00 -------- d-----w- c:\users\alex\appdata\local\{F593320D-EEF6-43E0-AB98-49F8C2331379}
2012-02-29 06:16:41 -------- d-----w- c:\users\alex\appdata\local\{2ED913C6-D08D-4340-A84D-696886EFB76D}
2012-02-29 06:16:39 -------- d-----w- c:\users\alex\appdata\local\{5E093480-2754-40D4-8F6B-7C38230A89D7}
2012-02-29 02:37:03 -------- d-s---w- C:\ComboFix
2012-02-29 01:31:37 518144 ----a-w- c:\windows\SWREG.exe
2012-02-29 01:31:37 256000 ----a-w- c:\windows\PEV.exe
2012-02-29 01:31:37 208896 ----a-w- c:\windows\MBR.exe
2012-02-29 01:31:36 98816 ----a-w- c:\windows\sed.exe
2012-02-29 01:02:35 -------- d-----w- c:\users\alex\appdata\local\{C8C65D31-2596-4BA9-B210-893FE5B9A2E5}
2012-02-29 00:42:07 -------- d-----w- c:\users\alex\appdata\local\{23AD7B5E-E160-4F30-972E-633037E6DAA9}
2012-02-29 00:41:59 -------- d-----w- c:\users\alex\appdata\local\{9E118399-76D7-4B01-A6E9-1AF55306457A}
2012-02-29 00:41:01 -------- d-----w- c:\programdata\CPA_VA
2012-02-28 23:30:01 -------- d-----w- c:\programdata\Comodo
2012-02-28 23:29:34 -------- d-----w- c:\program files\Comodo
2012-02-28 23:29:25 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-02-28 21:45:50 -------- d-----w- c:\users\alex\appdata\local\{2DE96566-4A5C-45C3-A84B-9E65F6BECD59}
2012-02-28 19:39:24 -------- d--h--w- C:\$AVG
2012-02-28 19:34:57 0 --sha-w- c:\windows\system32\dds_log_trash.cmd
2012-02-28 12:58:33 -------- d-sh--w- c:\users\alex\appdata\local\784db967
2012-02-28 07:48:21 -------- d-----w- c:\users\alex\appdata\local\{A954444E-9975-48CE-927C-68EC66877FDE}
2012-02-28 07:48:01 -------- d-----w- c:\users\alex\appdata\local\{FB506D39-0D68-4370-A4EE-0C103E9C6341}
2012-02-26 19:25:18 -------- d-----w- c:\users\alex\appdata\local\{4FAFA812-F776-45FC-8672-D50D09663773}
2012-02-26 19:24:58 -------- d-----w- c:\users\alex\appdata\local\{59FFEBCF-7949-432D-8033-1987AB8A0177}
2012-02-26 00:51:13 -------- d-----w- c:\programdata\AVG2012
2012-02-26 00:40:49 -------- d-----w- c:\users\alex\appdata\local\{8141EBDD-C803-4730-ACF9-C39697BD4167}
2012-02-26 00:01:52 -------- d-----w- c:\users\alex\appdata\local\{88F79FF9-D064-4DF5-B911-1BFA9E3F5438}
2012-02-26 00:01:42 -------- d-----w- c:\users\alex\appdata\local\{D80E769F-FC79-4C6B-80F2-F9AFA48F8682}
2012-02-25 23:32:08 -------- d-----w- c:\users\alex\appdata\local\{6ADBBDF9-C208-4B8C-B778-23E8A8135C62}
2012-02-25 23:31:37 -------- d-----w- c:\users\alex\appdata\local\{C73A60B8-45A1-495A-90D7-E007758A540C}
2012-02-25 23:09:30 6552120 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{005bcc3e-5a25-437d-a91b-61ac26a4a573}\mpengine.dll
2012-02-25 22:42:45 -------- d-----w- c:\users\alex\appdata\local\{66CC1A27-3490-41DC-B43F-95EC64E97836}
2012-02-25 22:20:55 -------- d-----w- c:\users\alex\appdata\local\{88D2767A-6FE7-45D8-8450-562039C2A909}
2012-02-25 22:20:33 -------- d-----w- c:\users\alex\appdata\local\{32AB2642-DB5E-4A62-8768-CB806D177981}
2012-02-25 21:24:21 -------- d-----w- c:\users\alex\appdata\local\{A0ED7053-E390-45E5-9009-495AA8C85C81}
2012-02-25 21:24:02 -------- d-----w- c:\users\alex\appdata\local\{C2E1EA9E-C816-4495-A2FF-80F06D6F9A6B}
2012-02-25 16:10:05 -------- d-----w- c:\users\alex\appdata\local\{15AA8A03-7E69-4502-8346-BBBBE59E0B79}
2012-02-25 16:09:30 -------- d-----w- c:\users\alex\appdata\local\{6A9263FF-D1CE-47CF-930F-EAF61C9DBA44}
2012-02-25 11:24:48 -------- d-----w- c:\users\alex\appdata\local\{7D9B443E-E5F2-43D4-8324-0D9F45A71DA1}
2012-02-25 11:16:25 -------- d-----w- c:\program files\Linksys
2012-02-25 11:06:33 -------- d-----w- c:\users\alex\appdata\local\{6FEE4590-E53C-48BC-8A53-0B8D4EF97126}
2012-02-25 10:36:20 76184 ----a-w- c:\windows\system32\atsckernel.exe
2012-02-25 10:36:11 20376 ----a-w- c:\windows\system32\atashost.exe
2012-02-25 10:35:42 -------- d-----w- c:\programdata\webex
2012-02-25 10:33:59 8892928 ----a-w- c:\programdata\atscie.msi
2012-02-25 10:29:45 -------- d-----w- c:\program files\common files\Pure Networks Shared
2012-02-25 10:28:57 -------- d-----w- c:\programdata\Pure Networks
2012-02-25 10:25:53 -------- d-----w- c:\users\alex\appdata\local\{D8AB69F3-A6D9-4595-A98B-64A33605A736}
2012-02-23 06:13:49 -------- d-----w- c:\users\alex\appdata\local\{B56E4FCC-84F8-4A5A-947D-5324C0688AF9}
2012-02-23 06:13:38 -------- d-----w- c:\users\alex\appdata\local\{5625D403-FE33-4996-826C-A2E4D0ED6F2A}
2012-02-15 06:05:42 -------- d-----w- c:\users\alex\appdata\local\{516E1273-AFCD-4AB3-BEE9-F8BF06457136}
2012-02-15 05:42:14 -------- d-----w- c:\users\alex\appdata\local\{FFAF98B4-ADD5-4BAF-B23B-6C4BFD6C4023}
2012-02-14 21:25:12 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-14 21:22:01 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-14 21:22:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-02-13 21:21:54 -------- d-----w- c:\users\alex\appdata\local\{B97D186F-F691-4998-AFA1-FD6F50D6AB94}
2012-02-13 21:21:02 -------- d-----w- c:\users\alex\appdata\local\{88FACDBD-5293-4E49-A585-E08F367125D8}
2012-02-08 19:59:51 -------- d-----w- c:\users\alex\appdata\local\{C57E4485-B618-47A2-9C86-3F6443FE0073}
2012-02-07 17:09:06 -------- d-----w- c:\users\alex\appdata\local\{BEA32A92-C12F-400E-B317-596FC82F0D1B}
2012-02-07 17:08:21 -------- d-----w- c:\users\alex\appdata\local\{77FED599-A32F-4B8E-B1D9-CB6800F79875}
2012-02-07 12:37:20 -------- d-----w- c:\users\alex\appdata\local\{D766FBE8-130F-4E31-9024-7001C8381781}
2012-02-02 21:02:21 -------- d-----w- c:\users\alex\appdata\local\{B7144D6B-78BE-40F7-A5B9-3F88D278FFFD}
2012-02-01 04:35:32 -------- d-----w- c:\users\alex\appdata\local\{8830844A-7D23-4343-8B52-FF911D31159A}
2012-02-01 04:35:01 -------- d-----w- c:\users\alex\appdata\local\{83B54E48-F548-49A5-8E05-E2C1A55457F7}
.
==================== Find3M ====================
.
2012-02-28 19:37:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 20:00:32 491816 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2011-12-19 17:59:06 38616 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2011-12-19 17:59:04 19600 ----a-w- c:\windows\system32\drivers\cmderd.sys
2011-12-19 17:58:58 33984 ----a-w- c:\windows\system32\cmdcsr.dll
2011-12-19 17:58:56 301224 ----a-w- c:\windows\system32\guard32.dll
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 23:39:55,65 ===============
·································································································