tqh

Pando Software Possible Malware

17 posts in this topic

I apologize in advance for the long post and hyperlinks.

I already started another topic on here, but did not use the GMER scan. I also did not use the defogger. There are different instructions based on whether you go here: http://forums.malwarebytes.org/index.php?showtopic=81385 or here: http://forums.malwarebytes.org/index.php?showtopic=9573

I was referred to the former on this topic: http://forums.malwarebytes.org/index.php?showtopic=111098&hl=&fromsearch=1

I guess the first topic should be ignored and maybe deleted since I did not post the correct logs. This is a different issue, but could be related. I want to remove Pando Media Booster and permanantly kill the related process being run constantly on my computer. I also want to get rid of the Pando Web Installer Plugin on Firefox. I have exhausted all uninstall options via the web and cannot get rid of anything related to Pando. There is no option in Programs/Features; there is no uninstall executable in the program folder. Nothing. I tried to use Revo - it does not show up there either.

AVAST found Win32:BogEnt in the file (with directory): C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb.

Bitdefender found Trojan.Heur.FU.hqX@aKgUU3i (unknown location).

I posted an inquiry on the AVAST forum here: http://forum.avast.com/index.php?topic=99545.0

Bottom line is that it seems to be related to Pando so I just want to get rid of it. I also would like to get rid of any infection. Thanks in advance for your help.

Here are the requsted logs:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.14.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

iop :: FLOYD00 [administrator]

6/13/2012 10:40:29 PM

mbam-log-2012-06-13 (22-40-29).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 262427

Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_32

Run by iop at 22:58:37 on 2012-06-13

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2454 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Windows\system32\pnusbvirtualhubwssrv.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Windows\SysWOW64\PNUSBCLITRAY.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\SysWOW64\PNTray.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\System32\vds.exe

C:\Program Files\Sony\VAIO Care\Admload.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Pando Media Booster] "C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [pnusbclitray] pnusbclitray.exe

mRun: [<NO NAME>]

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjE0MDg2MzM2LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll

Trusted Zone: tamu.edu\voal

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{1B4C9337-1350-489A-8601-C7E07B94A658} : DhcpNameServer = 208.180.42.100 208.180.42.68

TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\2456C6B696E6F5560336231683 : DhcpNameServer = 172.16.0.1

TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\24572776562702B496E676 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\64C6F69746D277962756C6563737 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\65562796A7F6E602D494649443531303C4024413130302355636572756 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\65562796A7F6E602D496649623230303023323032402355636572756 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}\841677275656 : DhcpNameServer = 192.168.2.1

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [pnusbclitray] pnusbclitray.exe

mRun-x64: [(Default)]

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNjE0MDg2MzM2LUZQOSs2LUJBUjlHKzEtVEI5KzItRkwrOS1GMTBNKzUtUUlYMSs0LVgyMDEwKzItRjEwTTEwRCsxLUxJQys3Ny1GTDEwKzEtU1AxKzEtU1VEKzEtUzFJKzEtU1UzKzEtVFVHKzMtRERUKzA"&"prod=90"&"ver=10.0.1390

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\iop\AppData\Roaming\Mozilla\Firefox\Profiles\6oc1p2vb.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.kbtx.com/

FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4cbb85fe&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\iop\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-3-8 44768]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-13 654408]

R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 pnpnptool;Quest RDP PnP Driver;\??\C:\Windows\system32\Drivers\pnpnptool.sys --> C:\Windows\system32\Drivers\pnpnptool.sys [?]

R2 pnusbvirtualhubwssrv;Quest USB Hub Client Service;C:\Windows\system32\pnusbvirtualhubwssrv.exe --> C:\Windows\system32\pnusbvirtualhubwssrv.exe [?]

R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-17 11032]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-11-25 189984]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-5-16 259192]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-11-25 104960]

R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 pnusbd;Quest RDP USB Driver;\??\C:\Windows\system32\Drivers\pnusbd.sys --> C:\Windows\system32\Drivers\pnusbd.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]

R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-11-25 571248]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-5-16 44736]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 129976]

S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]

S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-11-25 120104]

S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-11-25 70952]

S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-11-25 427304]

S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-11-25 75048]

S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-11-25 91432]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-11-25 480624]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-11-25 361840]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-11-25 110960]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]

S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]

.

=============== Created Last 30 ================

.

.

==================== Find3M ====================

.

2012-06-11 01:23:30 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-11 01:23:30 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-11 01:12:08 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-06-11 01:12:07 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

.

============= FINISH: 22:59:35.67 ===============

I'm also posting the defogger log:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 22:57 on 13/06/2012 (iop)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Attach.zip

Share this post


Link to post
Share on other sites

Hello tqh! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Pando Media Booster is a tiny UI-less client that enables you to cost effectively stream full-screen HD video. It is legitimate application. What you get as results from VirusTotal are false positives, including Avast.

Take a look at their official web page:

http://pandonetworks.com/pando-media-booster-support-faq (Is this Spyware, Malware, Adware, Virus or SPAM? Can this be used to deliver such harmful files to my computer?)

If you still want it, tell me.

Share this post


Link to post
Share on other sites

Hey thanks Maniac. I really don't want the software on the machine. At minimum it is using up RAM. I don't use it to my knowledge. Any suggestions on how to uninstall it? I have exhausted all possible optioins mentioned on the web, including the Pando website.

What about the result of the BitDefender scan? It found: Trojan.Heur.FU.hqX@aKgUU3i (unknown location). I posted another topic on the 10th describing a potentially related problem. My computer was streaming a show from Crackle and I woke up and found a screen that read, "Cannot locate operating system". I rebooted and haven't had the problem occur since. However, I did get a blue screen crash the other day. Something about a memory dump. These are relatively new problems. I don't have a history of crashes.

Appreciate all your help.

Share this post


Link to post
Share on other sites
What about the result of the BitDefender scan?

Usually due to vulnerabilities in Adobe Flash Player, but it is possible to be wrong, because this detection is realized by heuristic technology that is not absolutely precise errors are possible. We will take a look.

I posted another topic on the 10th describing a potentially related problem. My computer was streaming a show from Crackle and I woke up and found a screen that read, "Cannot locate operating system". I rebooted and haven't had the problem occur since. However, I did get a blue screen crash the other day. Something about a memory dump. These are relatively new problems. I don't have a history of crashes.

That is from the same system, right?

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Step 2

Please download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply, post the following log files:

  • OTL log with Extras.txt
  • SecurityCheck log

Share this post


Link to post
Share on other sites

Hey thanks for the reply. I think I may have made some kind of mistake. I ran OTL and had both the OTL and Extras files. I realized that I ended the Pando process earlier in the day, so I wanted to do a scan with that process running. Unfortunately I deleted the files completely. I ran the scan again and did not get the Extras log. I tried a few more times and could not get it to produce the Extras file. Any idea what happened? Here are the OTL and Checkup logs. Appreciate the help.

OTL logfile created on: 6/16/2012 2:58:21 PM - Run 6

OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\iop\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 61.41% Memory free

7.68 Gb Paging File | 5.78 Gb Available in Paging File | 75.22% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286.76 Gb Total Space | 222.35 Gb Free Space | 77.54% Space Free | Partition Type: NTFS

Computer Name: FLOYD00 | User Name: iop | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/16 14:56:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\iop\Desktop\OTL.exe

PRC - [2012/05/20 04:07:02 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2012/04/16 17:01:47 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/02/09 20:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/08/29 17:43:24 | 001,209,288 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe

PRC - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe

PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe

PRC - [2010/12/08 19:28:48 | 000,067,560 | ---- | M] (Quest Software) -- C:\Windows\SysWOW64\PNUSBCLITRAY.exe

PRC - [2010/12/08 19:28:30 | 000,104,424 | ---- | M] (Quest Software) -- C:\Windows\SysWOW64\pntray.exe

PRC - [2010/05/28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

PRC - [2010/03/29 15:49:03 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

PRC - [2009/11/04 21:32:12 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

PRC - [2009/10/24 06:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

PRC - [2009/10/24 06:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

PRC - [2009/10/05 16:57:46 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

PRC - [2009/10/05 16:42:48 | 000,161,080 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

PRC - [2009/10/05 16:42:48 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

PRC - [2009/10/05 16:42:46 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

PRC - [2009/09/14 22:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

PRC - [2009/09/14 21:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

PRC - [2009/08/26 22:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

PRC - [2009/06/04 22:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

PRC - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/13 21:17:24 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll

MOD - [2012/06/13 21:17:11 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll

MOD - [2012/06/13 21:16:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/13 21:16:48 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/06/13 21:16:42 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll

MOD - [2012/05/20 04:07:00 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll

MOD - [2012/05/20 04:06:51 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll

MOD - [2012/05/20 04:06:48 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll

MOD - [2012/05/20 04:06:46 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll

MOD - [2012/05/20 04:06:44 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll

MOD - [2012/05/12 05:45:06 | 000,888,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\4d73a7649876bb6e54a01ccbf235919b\System.DirectoryServices.AccountManagement.ni.dll

MOD - [2012/05/12 05:44:53 | 002,516,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\2fe1658f05b0a96fe25c956a31d27b06\System.Data.Linq.ni.dll

MOD - [2012/05/12 05:44:53 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll

MOD - [2012/05/12 05:43:27 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll

MOD - [2012/05/12 05:42:49 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll

MOD - [2012/05/12 05:41:03 | 000,766,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlServ#\4647d9c682e5cae623ac7a7178f16fe9\System.Data.SqlServerCe.ni.dll

MOD - [2012/05/12 05:39:12 | 000,634,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\a90ec436f1d2c5cb0133a53c2e47d61a\System.AddIn.ni.dll

MOD - [2012/05/12 05:39:12 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\f34410ab8e82063735d876533db26c49\System.AddIn.Contract.ni.dll

MOD - [2012/05/12 05:38:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll

MOD - [2012/05/12 05:38:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

MOD - [2012/05/12 05:38:39 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll

MOD - [2012/05/12 05:38:39 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll

MOD - [2012/05/12 05:38:38 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll

MOD - [2012/05/12 05:37:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/12 05:37:49 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll

MOD - [2012/05/12 05:37:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/12 05:37:42 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/12 05:37:41 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/12 05:37:35 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2012/04/23 17:35:09 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2012/03/21 17:32:36 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2012/01/03 21:51:03 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2010/11/04 20:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2010/11/04 20:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2010/11/04 20:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2010/03/29 15:49:03 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MOD - [2009/10/05 16:57:46 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

MOD - [2009/10/05 16:42:50 | 000,121,856 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll

MOD - [2009/10/05 16:42:50 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll

MOD - [2009/10/05 16:42:50 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll

MOD - [2009/10/05 16:42:50 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll

MOD - [2009/10/05 16:42:50 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll

MOD - [2009/10/05 16:42:48 | 000,161,080 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

MOD - [2009/10/05 16:42:48 | 000,107,008 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll

MOD - [2009/10/05 16:42:48 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

MOD - [2009/10/05 16:42:48 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll

MOD - [2009/10/05 16:42:48 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll

MOD - [2009/10/05 16:42:48 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll

MOD - [2009/10/05 16:42:48 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll

MOD - [2009/10/05 16:42:48 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll

MOD - [2009/10/05 16:42:48 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll

MOD - [2009/10/05 16:42:46 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

MOD - [2009/10/05 16:42:46 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll

MOD - [2009/10/05 16:42:46 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll

MOD - [2009/10/05 16:42:46 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll

MOD - [2009/10/05 16:42:46 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SystemPowerDLL.dll

MOD - [2009/06/10 16:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)

SRV:64bit: - [2011/07/11 16:09:04 | 000,477,000 | ---- | M] (Quest Software) [Auto | Stopped] -- C:\Windows\SysNative\pnusbvirtualhubwssrv.exe -- (pnusbvirtualhubwssrv)

SRV:64bit: - [2011/05/04 12:55:09 | 000,128,384 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)

SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)

SRV:64bit: - [2009/11/18 20:27:36 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)

SRV:64bit: - [2009/09/16 20:14:58 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)

SRV:64bit: - [2009/09/16 16:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV:64bit: - [2009/09/08 21:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)

SRV:64bit: - [2009/09/04 16:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/09/02 00:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/05/20 04:07:02 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/05/05 18:06:43 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/02/09 20:40:16 | 000,053,248 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)

SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2010/05/28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/10/24 06:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)

SRV - [2009/10/15 19:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)

SRV - [2009/10/15 19:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)

SRV - [2009/10/15 19:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)

SRV - [2009/10/15 19:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)

SRV - [2009/10/15 19:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)

SRV - [2009/09/14 22:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

SRV - [2009/09/14 22:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

SRV - [2009/09/14 21:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)

SRV - [2009/08/31 04:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)

SRV - [2009/08/31 04:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 22:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2009/02/06 20:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)

SRV - [2007/07/24 14:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

SRV - [2007/01/04 22:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2011/07/11 16:09:04 | 000,052,040 | ---- | M] (Quest Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnpnptool.sys -- (pnpnptool)

DRV:64bit: - [2011/07/11 16:09:04 | 000,037,320 | ---- | M] (Quest Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pnusbd.sys -- (pnusbd)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/02/17 13:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2010/02/17 13:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2009/12/30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)

DRV:64bit: - [2009/11/05 01:30:19 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2009/11/04 02:58:42 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)

DRV:64bit: - [2009/10/22 01:09:07 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV:64bit: - [2009/10/22 01:07:45 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/10/21 15:05:38 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009/10/21 15:05:37 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009/10/21 15:05:37 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009/10/21 15:04:33 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009/09/28 00:57:13 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2009/09/23 15:03:12 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)

DRV:64bit: - [2009/09/15 15:09:20 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)

DRV:64bit: - [2009/09/10 15:04:50 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)

DRV:64bit: - [2009/08/19 15:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV:64bit: - [2009/07/31 15:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 21:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/05/26 17:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)

DRV:64bit: - [2009/05/20 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)

DRV:64bit: - [2007/04/17 14:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT

IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNNT_en

IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-506262091-4044297795-720065328-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..browser.startup.homepage: "about:home"

FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001

FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1374

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8

FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4cbb85fe&v=6.103.018.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\iop\AppData\Roaming\Move Networks\plugins\npqmp071502000008.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/16 18:23:17 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/05 18:06:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/10 20:12:16 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\iop\AppData\Roaming\Move Networks [2010/04/30 21:41:23 | 000,000,000 | ---D | M]

[2010/03/23 07:12:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iop\AppData\Roaming\Mozilla\Extensions

[2012/06/15 12:55:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\iop\AppData\Roaming\Mozilla\Firefox\Profiles\6oc1p2vb.default\extensions

[2012/06/15 12:55:44 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\iop\AppData\Roaming\Mozilla\Firefox\Profiles\6oc1p2vb.default\extensions\donottrackplus@abine.com

[2012/06/10 20:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/06/10 20:12:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

[2012/03/16 18:23:17 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2012/02/24 14:22:50 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\IOP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6OC1P2VB.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012/05/05 18:06:42 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll

[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll

[2010/03/29 15:49:03 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll

[2012/02/18 20:38:54 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/02/18 20:38:54 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [iSBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [pnusbclitray] C:\Windows\SysWow64\PNUSBCLITRAY.exe (Quest Software)

O4 - HKLM..\Run: [smartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)

O4 - HKU\S-1-5-21-506262091-4044297795-720065328-1007..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\S-1-5-21-506262091-4044297795-720065328-1007..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)

O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-506262091-4044297795-720065328-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O15 - HKU\S-1-5-21-506262091-4044297795-720065328-1007\..Trusted Domains: tamu.edu ([voal] https in Trusted sites)

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16:64bit: - DPF: {D9397163-A2DB-4A4A-B2C9-34E876AF2DFC} https://voal.tamu.edu/windows/provision/web-it/clients/vasclient32t.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B4C9337-1350-489A-8601-C7E07B94A658}: DhcpNameServer = 208.180.42.100 208.180.42.68

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75AF77AA-0AAC-44FE-B6A7-C34C198998B7}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/16 14:56:32 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\iop\Desktop\OTL.exe

[2012/06/15 16:47:00 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\iop\Desktop\Documents\OTL.exe

[2012/06/13 20:02:31 | 000,000,000 | ---D | C] -- C:\Users\iop\AppData\Local\VS Revo Group

[2012/06/13 20:02:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro

[2012/06/13 20:02:27 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\Windows\SysNative\drivers\revoflt.sys

[2012/06/13 20:02:25 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group

[2012/06/13 16:38:28 | 000,000,000 | ---D | C] -- C:\Users\iop\AppData\Roaming\f-secure

[2012/06/13 16:38:14 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

[2012/06/13 00:24:27 | 000,000,000 | ---D | C] -- C:\Users\iop\AppData\Roaming\QuickScan

[2012/06/11 15:06:07 | 000,000,000 | ---D | C] -- C:\Suspect

[2012/06/10 20:18:36 | 000,000,000 | ---D | C] -- C:\Users\iop\AppData\Local\Macromedia

[2012/06/10 00:24:23 | 000,000,000 | ---D | C] -- C:\Users\iop\AppData\Local\Adobe

[2012/06/09 18:25:05 | 000,000,000 | ---D | C] -- C:\Users\iop\DoctorWeb

[2012/06/09 01:30:18 | 000,000,000 | ---D | C] -- C:\Users\iop\AppData\Local\28050

[2012/06/05 03:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/06/05 03:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/06/05 03:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/16 14:57:46 | 000,853,862 | ---- | M] () -- C:\Users\iop\Desktop\SecurityCheck.exe

[2012/06/16 14:56:37 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\iop\Desktop\OTL.exe

[2012/06/16 04:42:45 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/06/16 04:42:45 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/06/16 04:34:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/06/16 04:34:39 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys

[2012/06/16 03:08:38 | 000,081,396 | ---- | M] () -- C:\test.xml

[2012/06/16 03:00:39 | 000,000,037 | ---- | M] () -- C:\Users\iop\AppData\Roaming\mbam.context.scan

[2012/06/15 16:47:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\iop\Desktop\Documents\OTL.exe

[2012/06/15 13:07:57 | 000,817,776 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/06/15 13:07:57 | 000,689,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/06/15 13:07:57 | 000,130,678 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/06/14 21:46:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2012/06/13 21:12:27 | 000,376,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/06/13 20:02:28 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2012/06/13 00:44:40 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk

[2012/06/09 18:13:39 | 086,878,976 | ---- | M] () -- C:\Users\iop\Desktop\jh48a6wk.exe

[2012/06/08 22:54:32 | 422,197,023 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/06/06 20:03:38 | 000,116,596 | ---- | M] () -- C:\11773170.pdf

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/16 14:57:44 | 000,853,862 | ---- | C] () -- C:\Users\iop\Desktop\SecurityCheck.exe

[2012/06/16 03:00:39 | 000,000,037 | ---- | C] () -- C:\Users\iop\AppData\Roaming\mbam.context.scan

[2012/06/13 20:02:28 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk

[2012/06/09 18:05:36 | 086,878,976 | ---- | C] () -- C:\Users\iop\Desktop\jh48a6wk.exe

[2012/06/08 22:54:32 | 422,197,023 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2012/06/06 20:03:37 | 000,116,596 | ---- | C] () -- C:\11773170.pdf

[2012/01/29 03:13:52 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll

[2011/08/18 10:39:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2011/08/18 10:39:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2011/08/18 10:39:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/08/18 10:39:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/08/18 10:39:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/07/25 03:26:25 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat

[2011/07/25 03:26:25 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat

[2011/02/04 20:39:31 | 000,000,701 | ---- | C] () -- C:\Windows\wininit.ini

[2011/01/29 22:04:47 | 000,000,017 | ---- | C] () -- C:\Users\iop\AppData\Local\resmon.resmoncfg

[2010/12/08 19:29:30 | 000,059,368 | ---- | C] () -- C:\Windows\SysWow64\pnlteclirc.dll

[2010/12/08 19:27:38 | 000,020,560 | ---- | C] () -- C:\Windows\SysWow64\detoured.dll

========== LOP Check ==========

[2010/05/27 08:20:13 | 000,000,000 | ---D | M] -- C:\Users\iop\AppData\Roaming\Auslogics

[2012/06/13 16:38:28 | 000,000,000 | ---D | M] -- C:\Users\iop\AppData\Roaming\f-secure

[2012/06/13 00:32:37 | 000,000,000 | ---D | M] -- C:\Users\iop\AppData\Roaming\QuickScan

[2012/05/15 20:29:55 | 000,000,000 | ---D | M] -- C:\Users\J\AppData\Roaming\AusLogics

[2012/05/20 04:05:32 | 000,032,616 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Results of screen317's Security Check version 0.99.41

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.61.0.1400

Java 6 Update 32

Java version out of date!

Adobe Reader X (10.1.3)

Mozilla Firefox (12.0)

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 2%

````````````````````End of Log``````````````````````

Share this post


Link to post
Share on other sites

It is okay, don't worry.

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2010/03/29 15:49:03 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files (x86)\mozilla firefox\plugins\npPandoWebInst.dll
    MOD - [2010/03/29 15:49:03 | 002,937,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKU\S-1-5-21-506262091-4044297795-720065328-1007..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

    :files
    C:\Program Files (x86)\Pando Networks

    :Commands
    [emptytemp]
    [clearallrestorepoints]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Share this post


Link to post
Share on other sites

Thanks again. This seemed to work without a problem.

All processes killed

========== OTL ==========

C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll moved successfully.

Registry value HKEY_USERS\S-1-5-21-506262091-4044297795-720065328-1007\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully.

========== FILES ==========

C:\Program Files (x86)\Pando Networks\PandoShared folder moved successfully.

C:\Program Files (x86)\Pando Networks\Media Booster\Microsoft.VC90.CRT folder moved successfully.

C:\Program Files (x86)\Pando Networks\Media Booster folder moved successfully.

C:\Program Files (x86)\Pando Networks folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 53632 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: iop

->Temp folder emptied: 478672258 bytes

->Temporary Internet Files folder emptied: 4049896 bytes

->Java cache emptied: 29624 bytes

->FireFox cache emptied: 167677314 bytes

->Flash cache emptied: 3736 bytes

User: J

->Temp folder emptied: 21723911 bytes

->Temporary Internet Files folder emptied: 2037485 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: poi

User: Public

User: zp

->Temp folder emptied: 4250 bytes

->Temporary Internet Files folder emptied: 315656 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 49884 bytes

->Flash cache emptied: 53632 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 647 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 56358095 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 100878 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 697.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.49.0 log created on 06172012_141600

Files\Folders moved on Reboot...

C:\Users\iop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

What about the Pando Media Booster now?

Share this post


Link to post
Share on other sites

Looks like it is gone. Gone from control panel, from processes, and the plugin does not show up in firefox. There is still a file labeled "npPandoWebInst.xpt" in Program Files (x86)\Mozilla Firefox\plugins.

All other related folders appear to be in the OTL folder. Can these be deleted? Looks like this really worked well. Thanks for your help. So, you don't think there is a legitimate infection?

The file tmp.edb I mentioned previously - do you know if it is related to Pando? Location - C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb

This is the relevant information from ClamAV.

First seen by VirusTotal

2012-06-11 20:10:14 UTC ( 7 timer, 57 minutter ago )

Sigcheck

publisher................: Pando Networks

product..................: Pando Media Boster Control Panel

internal name............: PMB

copyright................: Copyright © 2008

original name............: PMB.cpl

file version.............: 1, 0, 0, 1

description..............: Pando Media Boster Control Panel

ClamAV PUA Engine

Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat.

They removed it from detection, but AVAST still identifies it as suspicious.

Share this post


Link to post
Share on other sites
Looks like it is gone. Gone from control panel, from processes, and the plugin does not show up in firefox. There is still a file labeled "npPandoWebInst.xpt" in Program Files (x86)\Mozilla Firefox\plugins.

Manually delete it.

All other related folders appear to be in the OTL folder. Can these be deleted?

After uninstall OTL, they will gone.

So, you don't think there is a legitimate infection?

There is, but this one is not this kind of application.

The file tmp.edb I mentioned previously - do you know if it is related to Pando? Location - C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb

It seems not.

They removed it from detection, but AVAST still identifies it as suspicious.

You could report them about that.

https://support.avast.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=501#idt_07

Share this post


Link to post
Share on other sites

Thanks. I manually deleted the plugin file per your instruction. I had already submitted the file as a potential false positive to AVAST. It still recognizes it as malware (suspicious). What do I need to do to get rid of the infection? Do I need to start a new topic. Are you going to send instructions on uninstalling OTL? Appreciate your help.

How can you tell there is an infection? Is it serious and why doesn't Malwarebytes and/or AVAST detect it? What is it? What file is infected and should I avoid doing much on the web?

Regards

Share this post


Link to post
Share on other sites

From three posts ago...

Quote

I wrote: So, you don't think there is a legitimate infection?

You wrote: There is, but this one is not this kind of application.

I thought "There is" suggested there is an infection on my computer.

I was asking if there is a legitimate infection, i.e., the Pando software was not a legitimate infection. Bottom line - does there appear to be malware (forgetting about the Pando software)? Thanks once again.

Share this post


Link to post
Share on other sites

Pando is legitimate application, UI-less client that enables you to cost effectively stream full-screen HD video. Your Avast is not right in this case and so that I suggest to send them a report about that. There is no infection in your system.

Share this post


Link to post
Share on other sites

So, all clear then? If so, thank you very much for all your help. You provide a great service.

Share this post


Link to post
Share on other sites

Yes, I think that is all. Glad I could help! :)

Please run OTL and then click on CleanUp. Next, manually delete SecurityCheck.

Safe surfing! :)

Share this post


Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.