Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How to remove thodjovc.exe?

05 Jun 2012   #11
liferockss

Windows 7 Home Premium 64bit.
 
 

Hi Corrine,

Thanks a ton again, following is the log

NOTE:- My MacFee was expired and did not find any option to disable it, so I uninstalled it.
Also, I am in UK timezone, so kindly accept the dealy in my next response.
==========================
ComboFix 12-06-05.03 - lifeRockss 06/06/2012 0:54.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2980.1399 [GMT 1:00]
Running from: c:\users\lifeRockss\Desktop\ComboFix.exe
Command switches used :: c:\users\lifeRockss\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\lifeRockss\AppData\Local\lewqylml
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-05-06 to 2012-06-06 )))))))))))))))))))))))))))))))
.
.
2012-06-06 00:04 . 2012-06-06 00:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-05 21:19 . 2012-05-08 09:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E2507CD2-0679-40D2-BB42-53BC5CFFC495}\mpengine.dll
2012-06-04 12:31 . 2012-06-05 20:32 -------- d-----w- c:\programdata\boost_interprocess
2012-06-04 12:30 . 2012-06-04 12:30 -------- d-----w- c:\users\Guest
2012-06-04 09:23 . 2012-05-08 09:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-03 22:36 . 2012-06-03 22:36 -------- d-----w- c:\users\lifeRockss\AppData\Roaming\Malwarebytes
2012-06-03 22:33 . 2012-06-03 22:33 -------- d-----w- c:\programdata\Malwarebytes
2012-06-03 22:33 . 2012-06-03 22:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-03 22:33 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-03 08:49 . 2012-06-03 08:49 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{78FD9AC8-32CE-4832-BCAB-63B78579596C}\gapaengine.dll
2012-06-03 08:48 . 2012-06-03 08:48 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-06-03 08:48 . 2012-06-03 08:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-03 07:34 . 2012-06-03 07:34 -------- d-----w- c:\program files (x86)\ERUNT
2012-06-02 22:03 . 2012-06-03 07:18 -------- d-----w- C:\s&d
2012-06-02 21:55 . 2012-06-04 19:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-02 21:55 . 2012-06-02 21:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-06-02 20:07 . 2012-06-02 20:07 -------- d-----w- C:\Sharekhan
2012-06-02 15:42 . 2012-06-02 15:42 -------- d-----w- c:\users\lifeRockss\AppData\Roaming\Macrovision
2012-06-02 15:41 . 2012-06-02 15:41 -------- d-----w- c:\users\lifeRockss\AppData\Roaming\Roxio Burn
2012-05-29 17:49 . 2012-05-29 17:49 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-27 14:25 . 2012-05-27 14:25 -------- d-----w- c:\users\lifeRockss\AppData\Local\blekkotb
2012-05-27 13:30 . 2012-05-27 13:30 -------- d-----w- c:\users\lifeRockss\AppData\Roaming\Roxio Log Files
2012-05-15 02:00 . 2012-05-15 02:00 -------- d-----w- c:\program files\Microsoft Silverlight
2012-05-15 02:00 . 2012-05-15 02:00 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-05-14 18:25 . 2012-05-14 18:25 -------- d-----w- c:\programdata\InstallShield
2012-05-14 18:25 . 2012-05-14 18:25 -------- d-----w- c:\program files (x86)\NOW
2012-05-14 18:25 . 2004-04-16 10:24 61440 ----a-w- c:\windows\SysWow64\ISUSPM.cpl
2012-05-14 18:25 . 2004-04-17 11:40 385024 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2012-05-14 18:25 . 2004-04-17 11:41 196608 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2012-05-14 18:25 . 2004-04-13 05:07 69632 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2012-05-14 18:25 . 2004-04-13 05:06 368640 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2012-05-14 18:25 . 2004-04-23 18:03 446464 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-05-14 18:25 . 2004-04-13 05:03 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2012-05-14 18:23 . 2004-04-18 22:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll
2012-05-14 18:23 . 2004-04-18 22:39 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll
2012-05-14 18:23 . 2004-04-18 22:39 172032 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll
2012-05-14 18:23 . 2004-04-18 22:42 733184 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll
2012-05-14 18:23 . 2004-04-18 22:39 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe
2012-05-14 18:23 . 2012-05-14 18:23 303236 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll
2012-05-14 18:23 . 2012-05-14 18:23 180356 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll
2012-05-11 17:02 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-11 17:02 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-11 17:02 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:02 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-11 17:02 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-11 17:02 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-11 17:02 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-11 17:02 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-11 17:02 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-11 17:02 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 17:02 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-11 17:02 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-11 17:01 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-24 11:48 . 2011-11-04 11:58 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-18 16:12 . 2012-04-18 16:12 0 ----a-w- c:\windows\SysWow64\shoFA1E.tmp
2012-03-20 19:44 . 2012-03-20 19:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 19:44 . 2012-03-20 19:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-04_02.11.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-05 20:32 . 2012-06-05 20:32 13366 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-06-04 00:46 . 2012-06-04 00:46 13366 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-06-05 20:36 53944 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-05 20:36 44124 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-02 15:21 . 2012-06-05 20:36 15416 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3553815003-590717795-807720870-1000_UserData.bin
+ 2009-07-14 05:30 . 2012-06-05 20:31 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2012-04-10 15:05 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2011-12-02 15:23 . 2012-06-05 19:19 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-02 15:23 . 2012-06-04 00:53 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-02 15:23 . 2012-06-05 19:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-02 15:23 . 2012-06-04 00:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-05 19:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
- 2009-07-14 04:54 . 2012-06-04 00:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.d at
+ 2009-07-14 04:46 . 2012-06-05 20:41 97232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache \cache.dat
- 2012-06-04 00:52 . 2012-06-04 00:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-05 20:33 . 2012-06-05 20:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-04 00:52 . 2012-06-04 00:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-05 20:33 . 2012-06-05 20:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-04 23:00 . 2012-06-04 23:00 4286 c:\windows\Installer\{3EEF7896-1F47-4FB4-92A2-8F7AEBD4B239}\_DC2BE438A759D5BF5B2514.exe
+ 2012-06-04 23:00 . 2012-06-04 23:00 4286 c:\windows\Installer\{3EEF7896-1F47-4FB4-92A2-8F7AEBD4B239}\_853F67D554F05449430E7E.exe
+ 2012-06-04 23:00 . 2012-06-04 23:00 4286 c:\windows\Installer\{3EEF7896-1F47-4FB4-92A2-8F7AEBD4B239}\_360D766D8A6E068CBDFF8D.exe
+ 2012-06-04 23:00 . 2012-06-04 23:00 4062 c:\windows\Installer\{3EEF7896-1F47-4FB4-92A2-8F7AEBD4B239}\_2B361F48AB373E9E088EB4.exe
+ 2011-12-03 22:23 . 2012-06-05 17:09 253024 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 04:45 . 2012-06-04 23:02 469968 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:30 . 2012-04-10 15:05 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-06-05 20:31 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2011-11-04 13:10 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:30 . 2012-06-05 20:31 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2012-05-07 10:54 . 2012-06-05 20:32 755208 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-06-05 20:32 429860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2012-06-05 23:59 2827688 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-05 23:59 1225090 c:\windows\system32\perfc009.dat
+ 2009-07-14 04:45 . 2012-06-05 08:20 7298510 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\token s.dat
- 2009-07-14 04:45 . 2012-05-12 02:44 7298510 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\token s.dat
- 2011-12-05 14:11 . 2012-06-04 00:31 1874688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3553815003-590717795-807720870-1000-12288.dat
+ 2011-12-05 14:11 . 2012-06-04 19:03 1874688 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3553815003-590717795-807720870-1000-12288.dat
+ 2009-07-14 02:34 . 2012-06-05 00:04 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-05-12 02:38 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-12-02 15:35 . 2012-06-05 00:03 26238372 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3553815003-590717795-807720870-1000-8192.dat
+ 2012-06-02 20:05 . 2012-06-02 20:05 21954560 c:\windows\Installer\bfe699.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-05-20 880496]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"SpybotSD TeaTimer"="c:\s&d\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-04-29 885760]
"oc4j"="c:\obiee\oc4j_bi\bin\oc4j.cmd" [2011-12-03 4983]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
.
c:\users\lifeRockss\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 116648]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Oracle BI Cluster Controller;Oracle BI Cluster Controller;c:\obiee\server\Bin\NQSClusterController.exe [2011-07-28 33792]
R3 Oracle BI Scheduler;Oracle BI Scheduler;c:\obiee\server\Bin\NQScheduler.exe [2011-07-28 122880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 Oracle BI Server;Oracle BI Server;c:\obiee\server\Bin\NQSServer.exe [2011-07-28 49152]
S2 sawjavahostsvc;Oracle BI Java Host;c:\obiee\web\bin\sawjavahostsvc.exe [2011-07-28 94208]
S2 sawsvc;Oracle BI Presentation Server;c:\obiee\web\bin\sawserver.exe [2011-07-28 86016]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-07-08 1692480]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-02 2923392]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 14:46]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27 14:46]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3553815003-590717795-807720870-1000Core.job
- c:\users\lifeRockss\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 15:05]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3553815003-590717795-807720870-1000UA.job
- c:\users\lifeRockss\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-10 15:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Stage Remote"="c:\program files (x86)\Dell\Stage Remote\StageRemote.exe" [2011-06-28 2022976]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\lifeRockss\AppData\Roaming\Mozilla\Firefox\Profiles\ns61vjua.default\
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://blekko.com/?source=c3348dd4&tbp=url&toolbarid=blekkotb&u=___userid___&q=
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-06 01:21:37
ComboFix-quarantined-files.txt 2012-06-06 00:21
ComboFix2.txt 2012-06-05 21:13
ComboFix3.txt 2012-06-04 02:51
.
Pre-Run: 125,849,993,216 bytes free
Post-Run: 125,794,697,216 bytes free
.
- - End Of File - - 8A0B785BB88D0D91FA1FBA74F6908088



My System SpecsSystem Spec
.
05 Jun 2012   #12
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Hi, liferockss.

Most likely the source of infection had nothing to do with the outdated Adobe software but more likely it was either the expired McAfee or uTorrent downloads.

I meant to ask you before but forgot -- why did you rename ComboFix?

The script is shown as having run from c:\users\lifeRockss\Desktop\cleanup adware\CFScript.txt but no changes were made. In checking the code, there was a extra space that didn't belong. That may have been the reason. Sorry, it was probably carried over in copy/pasting the files for removal.

Please copy the edited script from hereto your desktop (not in the cleanup folder) and run it again.
My System SpecsSystem Spec
05 Jun 2012   #13
liferockss

Windows 7 Home Premium 64bit.
 
 

Hi Corrine,

I have updated my previous reply with latest logs.

The reason I renamed ComboFix cause yesterday it was either getting delted while download or was not executing, I guess the malware was still active, so i tried to run it by renaming and it worked.

Today I downloaded it again in desktop\folder but it was giving warning Do not run ComboFix in compatable mode ..... so I ran yesterdays file in desktop.

is there a difference if file is on desktop and if its in folder?

Cheers
My System SpecsSystem Spec
.

05 Jun 2012   #14
Corrine

Windows 7 & Windows Vista Ultimate
 
 

Thanks for the explanation, liferockss. That run took care of the file I was concerned about. It must have been the strange space turned up that caused the problem.

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.

To check if your system is missing security updates or has insecure applications, install Secunia Personal Software Inspector or, alternatively, visit Free Online Computer Scan - Online Software Inspector (OSI) - Secunia . The Secunia Software Inspector runs through your browser with no installation or download required and does the following:
  • Detects insecure versions of applications installed
  • Verifies that all Microsoft patches are applied
  • Assists you in updating your system and applications


You may want to install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: SpywareBlaster® Download

My favorite security software is WinPatrol which includes the features described at WinPatrol Features. If you have questions about WinPatrol, we have a forum at LzD: WinPatrol Help & Information.

Please let us know if you have any questions.
My System SpecsSystem Spec
05 Jun 2012   #15
Corrine

Windows 7 & Windows Vista Ultimate
 
 

One more thing, liferockss, Jacee suggested that it is advisable to uninstall Google and all extentions/apps, then re-install them.
My System SpecsSystem Spec
06 Jun 2012   #16
liferockss

Windows 7 Home Premium 64bit.
 
 

Thanks Corrine and Jacee , have done all of above, will surly donate to Combofix.

Thanks a ton for your help, it was unique experience for me.

Cheers
My System SpecsSystem Spec
07 Jun 2012   #17
Corrine

Windows 7 & Windows Vista Ultimate
 
 

You're welcome. I'm glad all is well now.
My System SpecsSystem Spec
Reply

 How to remove thodjovc.exe?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
HELP me To REMOVE
Dear Friends, i installed a usb locker software named ' flashcrypt' I didn't find it useful so i uninstalled it . Now the problem is whenever i Right click on a folder an option called ''protect with flaashcrypt is still there.. PLease tell me ways to remove it.. expecting help from u...
General Discussion
Remove
I'd like to remove the text that is at the top left of a lot of windows, is that possible? ~Joshua~
Customization
How to remove win 7
I purchased 3 win 7 product keys for my computers, one of my computers a laptop has decided to die, i need to know how i can use the product key from the dead machine on to another machine.
General Discussion
Can I remove an item from safely remove hardware list?
Hi all, In the safely remove hardware menu (from clicking the icon in the task bar) I have both my internal sata hard drives listed. I'll never want to remove these so is there a way to remove them from the list? I'm guessing it might require some registry editing but I've no idea where to...
Hardware & Devices
How to remove "safety remove" button from taskbar?
Hi, after I instaled Deamon Tools, Windows starth show safety remove button in taskbar. Its possible hide this button?
Customization
Remove "Safely Remove Hardware" Icon
Does anyone know how to remove the "safely remove hardware" icon in the taskbar? I do not mean hide it. I have my icons always show in the notification area because I don't like the arrow icon either. Any ideas? Thanks.
General Discussion


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 03:11.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App