HOSTS corrupted!?

[Teaplease]

Pretty much always clean scans with MBAM & never a problem with Avira but for the hell of it I did a scan with Dr Web Cureit which 'found' corrupted DFH.HOSTS.Clicked to remove,thinking it would just remove the corrupted part but it reduced my Hosts file to Nil Hostnames & only realized when I started seeing stacks of ads. etc. Anyway I readded MVPS,hpHosts,Cameleon & Malware Domain Lists etc. with HostsMan because I didn't want the ads. Is there anything to worry about by reinstalling those sources again? Thanks.

Here's the part of cureit log showing the corrupt detail:

C:\Windows\system32\drivers\etc\hosts - probably infected with DFH.HOSTS.corrupted
C:\Windows\system32\drivers\etc\hosts - infectedProcess :0 - read errorProcess System:4 - read errorProcess
C:\Windows\System32\smss.exe:308 - OkProcess
C:\Windows\System32\csrss.exe:504 - OkProcess
C:\Windows\System32\csrss.exe:604 - OkProcess
C:\Windows\System32\wininit.exe:612 - OkProcess
C:\Windows\System32\winlogon.exe:660 - OkProcess
C:\Windows\System32\services.exe:708 - OkProcess
C:\Windows\System32\lsass.exe:724 - OkProcess
C:\Windows\System32\lsm.exe:732 - OkProcess
C:\Windows\System32\svchost.exe:832 - OkProcess
C:\Windows\System32\svchost.exe:920 - OkProcess
C:\Windows\System32\svchost.exe:1016 - OkProcess
C:\Windows\System32\svchost.exe:348 - OkProcess
C:\Windows\System32\svchost.exe:524 - OkProcess
C:\Windows\System32\svchost.exe:444 - OkProcess
C:\Windows\UnsignedThemesSvc.exe:416 - OkProcess
C:\Windows\System32\wlanext.exe:1232 - OkProcess
C:\Windows\System32\conhost.exe:1240 - OkProcess
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe:1272 - OkProcess
C:\Windows\System32\svchost.exe:1324 - OkProcess
C:\Windows\System32\svchost.exe:1448 - Ok


Did put it in paragraphs but not appearing.

 

[Corrine]

Hi, Teaplease.

In order to assist you, we will need to see some logs. Please follow the instructions in the Malware Removal Posting Instructions topic and copy the requested logs as a reply.

With Notepad open, be sure that Word wrap is unchecked under Format.

Thank you.

 

[Teaplease]

OK,sorry about that.Missed those instructions.
As requested,txt files.Thanks.

Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Malwarebytes Anti-Malware version 1.75.0.1200
Wise Disk Cleaner 7.79
Wise Registry Cleaner 7.67
Java 7 Update 17
Adobe Flash Player 11.7.700.170
````````Process Check: objlist.exe by Laurent````````
WinPatrol winpatrol.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: BrowserJavaVersion: 10.17.2
Run by David at 15:46:03 on 2013-04-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8108.6013 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\UnsignedThemesSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Users\David\Dropbox\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe
C:\Users\David\Dropbox\Portable BFilter\bfilter.exe
C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Users\David\Dropbox\KMPlayerPortable\App\KMPlayer\KMPlayer.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Users\David\Dropbox\chrome-win32\chrome.exe
C:\Users\David\Dropbox\chrome-win32\chrome.exe
C:\Users\David\Dropbox\chrome-win32\chrome.exe
C:\Users\David\Dropbox\chrome-win32\chrome.exe
C:\Users\David\Dropbox\chrome-win32\chrome.exe
C:\Users\David\Dropbox\Rainmeter\Rainmeter.exe
C:\Users\David\Dropbox\chrome-win32\chrome.exe
C:\Users\David\Dropbox\chrome-win32\chrome.exe
C:\Users\David\Dropbox\chrome-win32\chrome.exe
C:\Users\David\Dropbox\chrome-win32\chrome.exe
C:\Users\David\Dropbox\chrome-win32\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://encrypted.google.com/
uProxyServer = hxxp=127.0.0.1:8080
uRun: [SystemTray Clock Utility for Windows x64 Editions] C:\Users\David\Dropbox\T-Clock 2010 (build X - Release to DC)\x64\Clock.exe
uRun: [bfilter] C:\Users\David\Dropbox\Portable BFilter\bfilter.exe
uRun: [Rainmeter] C:\Users\David\Dropbox\Rainmeter\Rainmeter.exe
uRun: [BoxCryptor] C:\Program Files (x86)\BoxCryptor\BoxCryptor.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{2D515586-1FAC-4159-AC9B-0DAC9157F997} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{2D515586-1FAC-4159-AC9B-0DAC9157F997} : DHCPNameServer = 10.10.0.1
TCP: Interfaces\{4FAFA63E-44EB-4CF7-BF8C-6D81BDB3BC2E} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{6C80F5CC-CADA-4E01-AAD9-77CF5E30453C} : NameServer = 208.67.220.220,208.67.222.222
TCP: Interfaces\{C18E44C1-89A7-4C26-8306-462C614CAFC7} : NameServer = 208.67.222.222,208.67.220.220,192.168.1.1
TCP: Interfaces\{F8281672-D8B8-4E12-A384-0C228EEEFE8F} : NameServer = 208.67.220.220,208.67.222.222
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
SSODL: EldosMountNotificator-cbfs4 - {B3CBD3EC-BDF4-499A-A66F-2AB0A2D076E5} - C:\Windows\SysWOW64\cbfsMntNtf4.dll
SSODL: EldosMountNotificator-cbfs4-0 - {2E4BF1FE-962C-4228-9F5E-DA190ABB7BA4} - C:\Program Files (x86)\Common Files\CBFS\WOW64\cbfsMntNtf4.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {B3CBD3EC-BDF4-499A-A66F-2AB0A2D076E5} - C:\Windows\SysWOW64\cbfsMntNtf4.dll
STS: Virtual Storage Mount Notification - {2E4BF1FE-962C-4228-9F5E-DA190ABB7BA4} - C:\Program Files (x86)\Common Files\CBFS\WOW64\cbfsMntNtf4.dll
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-SSODL: EldosMountNotificator-cbfs4 - {B3CBD3EC-BDF4-499A-A66F-2AB0A2D076E5} - C:\Windows\System32\cbfsMntNtf4.dll
x64-SSODL: EldosMountNotificator-cbfs4-0 - {2E4BF1FE-962C-4228-9F5E-DA190ABB7BA4} - C:\Program Files (x86)\Common Files\CBFS\cbfsMntNtf4.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {B3CBD3EC-BDF4-499A-A66F-2AB0A2D076E5} - C:\Windows\System32\cbfsMntNtf4.dll
x64-STS: Virtual Storage Mount Notification - {2E4BF1FE-962C-4228-9F5E-DA190ABB7BA4} - C:\Program Files (x86)\Common Files\CBFS\cbfsMntNtf4.dll
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 directads.mcafee.com
Hosts: 127.0.0.1 metrics.bitdefender.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-5 56208]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-3-21 28600]
R1 cbfs4-0;cbfs4-0;C:\Program Files (x86)\Common Files\CBFS\cbfs4.sys [2013-3-31 385728]
R1 cbfs4;cbfs4;C:\Windows\System32\drivers\cbfs4.sys [2013-1-4 375640]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;C:\Windows\System32\drivers\HWiNFO64A.SYS [2013-3-29 30112]
R1 ProtectorDriver;ZeroVulnerabilityLabs ExploitShield;C:\Program Files\ZeroVulnerabilityLabs\ExploitShield\ExploitShield64.sys [2012-9-29 63704]
R2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-4-21 1136640]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-9-27 86752]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-9-27 110816]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-3-21 100712]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-4-21 134928]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-8 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-8 2375168]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2013-2-28 302200]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-8 2656536]
R2 UnsignedThemes;Unsigned Themes;C:\Windows\UnsignedThemesSvc.exe [2009-7-13 24168]
R2 uxpatch;uxpatch;C:\Windows\System32\drivers\uxpatch.sys [2009-7-13 30568]
R3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-5-26 19968]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\drivers\cbfs3.sys [2012-5-1 352008]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-20 317440]
R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2011-7-20 12230912]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-14 87552]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-14 207872]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-3-8 425064]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-2 12032]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-6-30 1380480]
R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2011-6-21 42392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-4-21 294912]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2011-1-27 894240]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-7-6 52736]
S3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-7-6 274944]
S3 DFX11_0;DFX Audio Enhancer 11;C:\Windows\System32\drivers\dfx11_0x64.sys [2012-8-16 28008]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-8 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-7-6 59904]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-8 337512]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-3-8 1255736]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-7-20 204288]
S4 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-7-12 923984]
S4 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-7-12 1321296]
S4 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-7-12 1001808]
S4 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-7-22 259512]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S4 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-3-8 552584]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
S4 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-8-12 54408]
S4 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-3-8 969352]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2013-04-07 05:28:30 -------- d-----w- C:\ProgramData\abelhadigital.com
2013-04-06 16:35:24 -------- d-----w- C:\Users\David\Doctor Web
2013-04-05 05:57:33 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E52227E8-F1BA-40DD-92AC-EDDCD58DCDF1}\mpengine.dll
2013-03-31 07:20:27 -------- d-----w- C:\Program Files (x86)\Common Files\CBFS
2013-03-29 19:11:25 -------- d-----w- C:\Program Files (x86)\Belarc
2013-03-29 16:07:37 -------- d-----w- C:\Program Files (x86)\WinPcap
2013-03-29 08:25:43 30112 ----a-w- C:\Windows\System32\drivers\HWiNFO64A.SYS
2013-03-27 17:30:20 -------- d-----w- C:\Users\David\AppData\Local\Paint.NET
2013-03-23 22:05:45 -------- d-----w- C:\Users\David\AppData\Local\Macromedia
2013-03-21 12:35:04 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-03-21 12:35:04 100712 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-03-21 07:04:40 -------- d-----w- C:\Users\David\AppData\Local\Daum
2013-03-19 17:26:05 -------- d-----w- C:\Users\David\AppData\Local\Programs
2013-03-19 13:41:25 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2013-03-19 06:13:06 -------- d-----w- C:\Users\David\AppData\Roaming\Avira
2013-03-19 06:08:31 -------- d-----w- C:\Windows\SysWow64\wbem\Logs
2013-03-19 06:06:04 -------- d-----w- C:\Windows\System32\wbem\MOF\good
2013-03-19 06:06:04 -------- d-----w- C:\Windows\System32\wbem\MOF\bad
2013-03-19 06:06:04 -------- d-----w- C:\Windows\System32\wbem\MOF
2013-03-18 22:13:15 -------- d-----w- C:\Windows\System32\wbem\Logs
2013-03-18 19:40:25 -------- d-----w- C:\Users\David\AppData\Roaming\Malwarebytes
2013-03-13 11:12:29 -------- d-----w- C:\Users\David\AppData\Local\Adobe
2013-03-13 06:09:31 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-11 07:01:42 -------- d-----w- C:\Program Files (x86)\SpeedFan
.
==================== Find3M ====================
.
2013-04-03 11:19:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-03 11:19:10 691592 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-01 09:56:44 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-12 00:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-05 17:42:03 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-05 17:42:02 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2013-03-05 17:42:02 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-01 16:19:58 9064 ----a-w- C:\Windows\System32\elevtmsg.dll
2013-03-01 01:49:40 98040 ----a-w- C:\Windows\SysWow64\Packet.dll
2013-03-01 01:49:36 107768 ----a-w- C:\Windows\System32\Packet.dll
2013-03-01 01:49:22 370424 ----a-w- C:\Windows\System32\wpcap.dll
2013-03-01 01:49:12 36600 ----a-w- C:\Windows\System32\drivers\npf.sys
2013-03-01 01:49:08 282360 ----a-w- C:\Windows\SysWow64\wpcap.dll
2013-03-01 01:47:36 53299 ----a-w- C:\Windows\SysWow64\pthreadVC.dll
2013-02-28 18:12:06 13944 ----a-w- C:\Windows\System32\drivers\PSVolAcc.sys
2013-02-28 18:11:42 57976 ----a-w- C:\Windows\System32\drivers\psmounterex.sys
2013-02-13 10:25:59 26505 ----a-w- C:\ProgramData\1360751144.bdinstall.bin
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-02-09 10:47:48 14823424 ----a-w- C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
.
============= FINISH: 15:46:20.45 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 08/03/2012 15:57:25
System Uptime: 07/04/2013 06:04:57 (9 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz | N/A | 2801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 577 GiB total, 513.407 GiB free.
D: is CDROM ()
Z: is FIXED (FAT32) - 577 GiB total, 513.407 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP760: 06/04/2013 22:47:00 - 6/4
RP761: 07/04/2013 08:14:43 - Created by Wise Disk Cleaner
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 directads.mcafee.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ox-d.majorgeeks.com
Hosts: 127.0.0.1 sdc.mcafee.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
Hosts: 127.0.0.1 rad.microsoft.com
Hosts: 127.0.0.1 smetrics.mcafee.com
.
==== Installed Programs ======================
.
????? Windows Live
?????? Windows Live
???????? ?????????? Windows Live
??????????
?????????? (????????????? ??????)
???????????
????????????
7-Zip 9.30 (x64 edition)
Adobe Flash Player 11 Plugin
Alps Pointing-device for VAIO
AMD APP SDK Runtime
AMD Media Foundation Decoders
ATI Catalyst Install Manager
µTorrent
AuthenTec WinBio FingerPrint Software
Avira Free Antivirus
Belarc Advisor 8.3
Bit Che
bl
BoxCryptor 1.5
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Dropbox
ffdshow v1.2.4422 [2012-04-09]
Fotótár
Fotogalerie
Fotogalleri
Fotogalleriet
Fotogaléria
Fotograf Galerisi
Galeria de Fotografias
Galeria fotografii
Galerie de photos
Galerie foto
HD Tune 2.55
ImgBurn
inSSIDer
Intel PROSet Wireless
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
Intel(R) PROSet/Wireless WiFi Software
Intel(R) Rapid Storage Technology
Intel(R) WiDi
Intel(R) Wireless Display
Java 7 Update 17
Java Auto Updater
Junk Mail filter update
Macrium Reflect Free Edition
Malwarebytes Anti-Malware version 1.75.0.1200
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Movie Maker
MRU-Blaster v1.5 (Database 3.28.04)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Paint.NET v3.5.10
ph
Photo Common
Photo Gallery
PMB VAIO Edition Plug-in
Poczta uslugi Windows Live
Podstawowe programy Windows Live
PX Profile Update
Quick Web Access
Raccolta foto
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Remote Keyboard
Remove Empty Directories version 2.2
Renesas Electronics USB 3.0 Host Controller Driver
S?????? f?t???af???
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SecurityKISS Tunnel v0.2.2
Skype™ 6.1
Sony Corporation
SopCast 3.8.2
SpeedFan (remove only)
SpywareBlaster 5.0
SSLx64
SSLx86
TClockEx
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
UxStyle Core Beta
VAIO - Remote Keyboard
VAIO Care
VAIO Control Center
VAIO CPU Fan Diagnostic
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Improvement
VAIO Improvement Validation
VAIO Manual
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VAIO Update Merge Module x64
Valokuvavalikoima
VCCx64
VCCx86
VHD
VIx64
VIx86
VPMx64
VSNx64
VSNx86
VWSTx86
Windows Automated Installation Kit
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalleri
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven peruspaketti
Windows Liven sähköposti
WinPcap 4.1.3
Wise Disk Cleaner 7.79
Wise Registry Cleaner 7.67
ZeroVulnerabilityLabs ExploitShield version 0.9.1 beta
.
==== Event Viewer Messages From Past Week ========
.
06/04/2013 10:44:22, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
.
==== End Of File ===========================

 

[Corrine]

Hi, teaplease.

I believe that the finding by Dr Web Cureit was a false/positive. That said, although with your antivirus, Malwarebytes, WinPatrol, and SpywareBlaster, you have sufficient security software there are a few disconcerting things in your logs.

Registry Cleaners

You have some rather strange entries shown in installed programs:

????? Windows Live
?????? Windows Live
???????? ?????????? Windows Live
??????????
?????????? (????????????? ??????)
???????????
????????????
S?????? f?t???af???

Due to the damage that programs such as Wise Disk Cleaner 7.79, Wise Registry Cleaner 7.67 and other registry-type cleaners cause, this may be the result of using those programs. Windows is a closed source system. Developers of registry cleaners do not have the core code of Windows 7 and are not working on definitive information, but rather they are going on past knowledge and experience. Automatic cleaners will usually have to do some guesswork.

Modifying registry keys incorrectly can cause Windows instability, or make Windows unbootable. No registry cleaner is completely safe and the potential is ever present to cause more problems than they claim to fix.

Registry cleaners cannot distinguish between good and bad. If you run a registry cleaner, it will delete all those keys which are obsolete and sitting idle; but in reality, those keys may well be needed by some programs or windows at a later time.

Windows 7 is much more efficient at managing the registry than previous Windows versions. If you run any other registry cleaner and do not know precisely what you are doing, you will have problems down the road. There are no gains to be had from using a registry cleaner and the risk is great.

Forget all the "wisdom" you learned about XP. Windows 7 is not XP and does not manage the registry the same as XP.

---

Beta

As a reminder, ZeroVulnerabilityLabs ExploitShield is Beta so please keep that in mind. The signature of a long-time friend:

Beta. Software undergoes beta testing shortly before it's released. Beta is Latin for 'still doesn't work.'

---

P2P Warning

Please bear with me while I provide my P2P lecture. P2P programs such as µTorrent form a direct conduit on to your computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured program.

With P2P file sharing, what means do you have of identifying or authenticating the source of the download? In addition, a file can be distributed among many hosts, and peers will provide for download the sections that they have already downloaded. This results in the distinct possibility of a distribution method in which malicious bits are mixed with with good files.

---

Event Viewer

Unless you have cleared older event viewer log entries, the following entry needs your attention:

---

Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:

Please create a fresh System Restore point, restart your computer and check that the restore point is available. It is possible that this could be a sign of a failing hard drive and something you may want to follow up on in the Hardware Forum.

 

[Teaplease]

Thanks,Corrine for comprehensive reply & resolution.Feedback:Confirmation of false positive is assuring.I've uninstalled the Reg. & Disk cleaners as advised...although I've kept portable CCleaner64.uTorrent,I don't download as much as I used to do & to be fair have never had a problem with any files(over time I guess you get accustomed to what is likely to be a potential threat intuitively).Checked restore point is available after restart.Also,I create them regularly,but considering having an SSD fitted at some stage if i do have any major problems.

 

[Corrine]

You're welcome, teaplease.

You can delete SecurityCheck from you desktop.

Since I know you follow my blog, hopefully I don't need to point this article out to you: Java, The Never-Ending Saga. :rose:

 

[Teaplease]

Absolutely.I have Java disabled under Chromium Plug-ins.Thanks again.

 

[Corrine]

Excellent! Should you find it isn't called for, consider uninstalling Java rather than dealing with the hassle of having to update it. :)

 

[LilBambi]

It looks like UAC is turned off. Am I reading that right?

If so, is it necessary to have UAC turned off?

 

[Teaplease]

Excellent! Should you find it isn't called for, consider uninstalling Java rather than dealing with the hassle of having to update it. :)

True enough,I might well do that as it sure is a hassle updating it!

 

[Teaplease]

It looks like UAC is turned off. Am I reading that right? If so, is it necessary to have UAC turned off?

Well,when I went from XP to Win 7 I read various online articles/forums etc. making various recommendations & set ups.Some advised turning it off so,rightly or wrongly,I did.Don't appear to have had any problems in doing so.

 

[Corrine]

UAC reduces the number of programs that run with elevated privileges and helps prevent malware from gaining system-wide access. Without elevation, malware can't make system-wide changes. It isn't sure-proof but is a deterrent.