Jump to content

anm81

Honorary Members
 View Profile  See their activity

  • Posts

    34

  • Joined

  • Last visited

 Content Type 

Everything posted by anm81

  1. anm81
    System-wise, everything is running smoothly. It's an old machine so I'd expect some wear & tear when it comes to performance. No more malware problems. As for my poor web access, that's another issue that I'll just have to wait for my ISP to resolve. Thanks for all of your assistance.
  2. anm81
    OK. I just found out that the reason for my lousy download speeds is likely due to ISP issues and nothing on home network's end. Nevertheless, I went ahead and did the Combofix scan since I am already familiar with the program and the risks involved. Attached is the log generated after the scan. Other than my poor Internet service at the current moment, my PC seems to be running as normally prior to the malware infection. ComboFix.txt
  3. anm81
    Web browsing is now extremely slow -- no matter which browser I use. There doesn't appear to be any issues with router/network since I have no issues browsing with other Internet-enabled devices.
  4. anm81
    Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader XI Google Chrome 16.0.912.75 Google Chrome 25.0.1364.97 ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` CheckResults.txt
  5. anm81
    Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.08.14.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anthony :: ANTHONY-VAIO [administrator] 8/14/2013 6:12:15 PM mbam-log-2013-08-14 (18-12-15).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 868714 Time elapsed: 3 hour(s), 23 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VAIO Satisfaction Survey.3.0 (PUP.Optional.Surf) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files (x86)\Sony\VAIO Survey\uninstall.exe (PUP.Optional.Surf) -> Quarantined and deleted successfully. (end) DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16502 BrowserJavaVersion: 10.25.2 Run by Anthony at 22:04:06 on 2013-08-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.6242 [GMT -6:00] . AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\WUDFHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Microsoft Device Center\ipoint.exe C:\Program Files\Microsoft Device Center\itype.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\Apvfb.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Bar = Preserve BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll TB: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2656C6B696E6E2732683 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\564786F63747275616D6F507F6F6C6 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\84F4D454D234535323 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\B497C65637B496E67637 : DHCPNameServer = 192.168.2.1 Notify: VESWinlogon - VESWinlogon.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-3 55856] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504] R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368] R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-19 13336] R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-16 14112] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-9-3 19968] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-8-18 139264] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29016] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29528] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-18 11392] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-8-18 393216] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136] S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\System32\drivers\hcw72ADFilter.sys [2010-4-23 38656] S3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\System32\drivers\hcw72ATV.sys [2010-4-23 1631488] S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\System32\drivers\hcw72DTV.sys [2010-4-23 1634176] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-28 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-29 1255736] S4 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-5-21 401920] S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840] S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992] S4 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-10-5 259192] S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe --> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [?] S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104] S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952] S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304] S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048] S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432] S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960] S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496] S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920] S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264] S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672] S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888] S4 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-5 44736] S4 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2012-10-5 1223024] . =============== File Associations =============== . ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1" . =============== Created Last 30 ================ . 2013-08-14 02:17:47 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2013-08-09 02:56:06 -------- d-----w- C:\Program Files (x86)\Microsoft Corporation 2013-08-08 17:28:43 -------- d-sh--w- C:\$RECYCLE.BIN 2013-08-08 14:53:09 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys.bak 2013-08-08 14:53:07 42496 ----a-w- C:\Windows\System32\drivers\watchdog.sys.bak 2013-08-08 14:52:13 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys.bak 2013-08-08 14:51:59 55856 ----a-w- C:\Windows\System32\drivers\PxHlpa64.sys.bak 2013-08-08 14:51:35 32320 ----a-w- C:\Windows\System32\drivers\mssmbios.sys.bak 2013-08-08 14:51:11 33280 ----a-w- C:\Windows\System32\drivers\kbdhid.sys.bak 2013-08-08 14:51:10 50768 ----a-w- C:\Windows\System32\drivers\kbdclass.sys.bak 2013-08-08 14:50:57 30208 ----a-w- C:\Windows\System32\drivers\hidusb.sys.bak 2013-08-08 14:50:19 740864 ----a-w- C:\Windows\System32\drivers\CAX_CNXT.sys.bak 2013-08-08 14:50:12 286720 ----a-w- C:\Windows\System32\drivers\BrSerId.sys.bak 2013-08-08 08:48:02 -------- d-----w- C:\FRST 2013-08-08 03:14:20 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-08 03:08:45 39424 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys.bak 2013-08-08 03:08:13 44544 ----a-w- C:\Windows\System32\drivers\netbios.sys.bak 2013-08-08 03:04:01 -------- d-----w- C:\Windows\ERUNT 2013-08-07 04:54:52 -------- d-----w- C:\Users\Anthony\AppData\Local\temp 2013-08-05 21:31:21 -------- d-----w- C:\ProgramData\Sophos 2013-08-05 21:29:55 -------- d-----w- C:\Program Files (x86)\Sophos 2013-08-05 02:27:07 -------- d-----w- C:\Program Files (x86)\ESET 2013-08-02 21:33:59 -------- d-----w- C:\Windows\WindowsMobile 2013-07-17 02:44:31 -------- d-----w- C:\Windows\System32\MRT . ==================== Find3M ==================== . 2013-08-06 04:21:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-06 04:21:13 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-07-25 03:37:25 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-07-25 03:30:49 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-07-25 03:29:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-07-25 03:28:46 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-07-25 03:28:31 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-07-25 03:27:20 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-07-25 02:32:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-07-25 02:26:10 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-07-25 02:25:30 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-07-25 02:23:59 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-07-25 02:23:58 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-07-25 02:22:35 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll 2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll 2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll 2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll 2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll 2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll 2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll 2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll 2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-06-25 02:57:16 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe 2013-06-23 07:51:21 972712 ----a-w- C:\Windows\System32\deployJava1.dll 2013-06-23 07:51:21 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-06-23 07:51:21 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-23 07:48:07 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-23 07:48:06 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-23 07:48:06 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-18 14:27:58 54368 ----a-w- C:\Windows\System32\drivers\kltdi.sys 2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-06-03 04:07:15 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys 2013-06-03 04:07:13 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys . ============= FINISH: 22:08:37.78 =============== DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 11/1/2009 8:04:48 PM System Uptime: 8/14/2013 9:37:43 PM (1 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | N/A | 2200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 290 GiB total, 135.149 GiB free. E: is Removable F: is Removable G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP451: 8/8/2013 11:24:25 AM - ComboFix created restore point RP452: 8/8/2013 1:04:25 PM - Removed Bing HRS Toolbar RP453: 8/8/2013 6:38:58 PM - Windows Update RP454: 8/8/2013 8:55:38 PM - Installed Bing HRS Toolbar RP455: 8/13/2013 8:20:51 PM - Windows Update . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.01) Adobe Shockwave Player 11.5 Alps Pointing-device for VAIO Amazon Games & Software Downloader Apple Application Support Apple Software Update Atheros Client Installation Program AURA Fate of the Ages Bing HRS Toolbar Citrix Online Launcher Compatibility Pack for the 2007 Office system Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dragonsphere eMusic Download Manager 6 ERUNT 1.1j ESET Online Scanner v3 File Uploader Free M4a to MP3 Converter 6.2 Free WAV To MP3 Converter 2.1 Free WMA to MP3 Converter 1.16 Google Chrome Google Earth Google Update Helper HP Update Intel® Graphics Media Accelerator Driver Intel® Rapid Storage Technology Java 7 Update 25 Java 7 Update 25 (64-bit) Java Auto Updater Java SE Development Kit 6 Update 15 (64-bit) Kaspersky Internet Security 2013 Malwarebytes Anti-Malware version 1.75.0.1300 MATLAB R2013a Student Version (32-bit) MediaMonkey 4.0 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Mouse and Keyboard Center Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Move Media Player MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB2758694) MSXML 4.0 SP3 Parser (KB973685) Nikon Message Center Nikon Transfer NVIDIA PhysX Opera 12.16 PlayReady PC Runtime amd64 QuickTime RarZilla Free Unrar realMyst Realtek High Definition Audio Driver Regi Risen Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Sophos Virus Removal Tool Text Twist 2 1.00 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition VAIO Care VAIO Update VAIO Update 4 VD64Inst VU5x86 Wav to Mp3 Winamp Winamp Detector Plug-in Windows Mobile Device Center Windows Mobile Device Center Driver Update Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 8/8/2013 10:57:50 AM, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s). 8/8/2013 10:57:50 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/8/2013 10:57:50 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/8/2013 10:57:50 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/8/2013 10:57:50 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/8/2013 10:57:50 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/8/2013 10:57:50 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/8/2013 10:57:49 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/8/2013 10:57:49 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/8/2013 10:57:49 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service. 8/8/2013 10:57:49 AM, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 8/8/2013 10:57:49 AM, Error: Service Control Manager [7031] - The HomeGroup Listener service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 8/14/2013 9:38:07 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 8/14/2013 9:38:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect. 8/14/2013 9:38:06 PM, Error: Service Control Manager [7000] - The HsfXAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 8/12/2013 11:57:13 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3. 8/10/2013 5:39:23 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0x0000000000000000, 0x0000000000000000, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\081013-29733-01.dmp. Report Id: 081013-29733-01. . ==== End Of File ===========================
  6. anm81
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-08-2013 Ran by Anthony at 2013-08-14 00:22:05 Run:3 Running from C:\Users\Anthony\Desktop Boot Mode: Normal ============================================== Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll Winsock: Catalog5-x64 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully. HKU\Me\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully. HKU\Me\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully. HKU\Work\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => Value deleted successfully. HKU\Work\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => Value deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully. C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll => Moved successfully. 46689277 => Service deleted successfully. 80222058 => Service deleted successfully. ==== End of Fixlog ====
  7. anm81
    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 Ran by Anthony (administrator) on 13-08-2013 23:12:31 Running from C:\Users\Anthony\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Opera Software) C:\Program Files (x86)\Opera\opera.exe (Sony Corporation) C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-23] (Realtek Semiconductor) HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-23] (Realtek Semiconductor Corp.) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.) HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation) HKLM\...\Run: [intelliType Pro] - c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKCU\...\Policies\system: [LogonHoursAction] 2 HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKLM-x32\...\Run: [smartWiHelper] - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [79872 2009-08-26] (Sony Electronics Corporation) HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-06-02] (Kaspersky Lab ZAO) HKU\Me\...\Policies\system: [LogonHoursAction] 2 HKU\Me\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Work\...\Policies\system: [LogonHoursAction] 2 HKU\Work\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Microsoft.Search.HRSToolBar.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775d} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM-x32 - Bing HRS Toolbar - {c9a6357b-25cc-4bcf-96c1-78736985d414} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - No File Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Move Streaming Media Player) - C:\Users\Anthony\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Kaspersky URL Advisor) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0 CHR Extension: (Safe Money) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0 CHR Extension: (Content Blocker) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0 CHR Extension: (Virtual Keyboard) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0 CHR Extension: (Anti-Banner) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0 CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx ==================== Services (Whitelisted) ================= S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-06-02] (Kaspersky Lab ZAO) S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions) S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-09-02] (Realtek Semiconductor) S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation) S4 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation) S4 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation) S4 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.) S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation) S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation) S4 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation) S4 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1223024 2010-06-09] (Sony Corporation) S4 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation) S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x] ==================== Drivers (Whitelisted) ==================== R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-06-16] () S3 hcw72ADFilter; C:\Windows\System32\DRIVERS\hcw72ADFilter.sys [38656 2010-04-23] (Hauppauge Computer Works, Inc.) S3 hcw72ATV; C:\Windows\System32\DRIVERS\hcw72ATV.sys [1631488 2010-04-23] (Hauppauge Computer Works, Inc.) S3 hcw72DTV; C:\Windows\System32\DRIVERS\hcw72DTV.sys [1634176 2010-04-23] (Hauppauge Computer Works, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-06-02] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-06-02] (Kaspersky Lab ZAO) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-06-16] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC) S3 46689277; system32\drivers\40553321.sys [x] S3 80222058; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-13 20:21 - 2013-07-24 21:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-13 20:21 - 2013-07-24 21:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-13 20:21 - 2013-07-24 21:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-13 20:21 - 2013-07-24 21:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-13 20:21 - 2013-07-24 21:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-13 20:21 - 2013-07-24 21:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-08-13 20:21 - 2013-07-24 21:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-08-13 20:21 - 2013-07-24 21:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-13 20:21 - 2013-07-24 21:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-13 20:21 - 2013-07-24 21:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-13 20:21 - 2013-07-24 21:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-13 20:21 - 2013-07-24 21:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-08-13 20:21 - 2013-07-24 21:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-08-13 20:21 - 2013-07-24 21:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-13 20:21 - 2013-07-24 21:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-08-13 20:21 - 2013-07-24 21:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-13 20:21 - 2013-07-24 20:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-13 20:21 - 2013-07-24 20:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-13 20:21 - 2013-07-24 20:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-13 20:21 - 2013-07-24 20:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-13 20:21 - 2013-07-24 20:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-13 20:21 - 2013-07-24 20:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-08-13 20:21 - 2013-07-24 20:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-08-13 20:21 - 2013-07-24 20:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-13 20:21 - 2013-07-24 20:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-13 20:21 - 2013-07-24 20:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-13 20:21 - 2013-07-24 20:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-13 20:21 - 2013-07-24 20:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-08-13 20:21 - 2013-07-24 20:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-08-13 20:21 - 2013-07-24 20:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-13 20:21 - 2013-07-24 20:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-13 20:21 - 2013-07-24 20:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-08-13 20:17 - 2013-07-25 03:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-13 20:17 - 2013-07-25 02:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-13 20:17 - 2013-07-18 19:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-13 20:17 - 2013-07-18 19:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-13 20:17 - 2013-07-09 00:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-13 20:17 - 2013-07-08 23:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-13 20:17 - 2013-07-08 23:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-13 20:17 - 2013-07-08 23:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-13 20:17 - 2013-07-08 23:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-13 20:17 - 2013-07-08 23:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-13 20:17 - 2013-07-08 23:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-13 20:17 - 2013-07-08 23:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-13 20:17 - 2013-07-08 23:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-13 20:17 - 2013-07-08 23:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-13 20:17 - 2013-07-08 22:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-13 20:17 - 2013-07-08 22:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-13 20:17 - 2013-07-08 22:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-13 20:17 - 2013-07-08 22:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-13 20:17 - 2013-07-08 22:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-13 20:17 - 2013-07-08 22:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-13 20:17 - 2013-07-08 22:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-13 20:17 - 2013-07-08 20:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-13 20:17 - 2013-07-08 20:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-13 20:17 - 2013-07-08 20:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-13 20:17 - 2013-07-08 20:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-13 20:17 - 2013-07-06 00:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-13 20:17 - 2013-06-14 22:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-13 20:14 - 2013-08-13 20:14 - 00760937 _____ (Farbar) C:\Users\Anthony\Desktop\MiniToolBox.exe 2013-08-12 16:18 - 2013-08-12 16:18 - 00000000 ____D C:\Users\Me\Desktop\Diageo_Training 2013-08-10 16:14 - 2013-08-10 16:14 - 00891115 _____ C:\Users\Anthony\Desktop\SecurityCheck.exe 2013-08-09 23:39 - 2013-08-09 23:39 - 00448512 _____ (OldTimer Tools) C:\Users\Anthony\Desktop\TFC.exe 2013-08-09 23:34 - 2013-08-13 23:11 - 01575544 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe 2013-08-09 09:59 - 2013-08-09 10:59 - 00000000 ____D C:\Users\Work\AppData\Roaming\Winamp 2013-08-09 00:39 - 2013-08-09 00:39 - 00000000 ____D C:\Users\Work\Desktop\My Mobile 2013-08-08 22:24 - 2013-08-08 22:24 - 00000000 ____D C:\Users\Work\AppData\Roaming\Yahoo! 2013-08-08 21:58 - 2013-08-13 22:13 - 00000000 ____D C:\Users\Work\AppData\Local\Google 2013-08-08 21:16 - 2013-08-08 21:16 - 00000000 ____D C:\Users\Work\AppData\Roaming\Opera 2013-08-08 21:16 - 2013-08-08 21:16 - 00000000 ____D C:\Users\Work\AppData\Local\Opera 2013-08-08 21:15 - 2013-08-08 21:15 - 00000000 ____D C:\Users\Work\AppData\Local\Adobe 2013-08-08 20:56 - 2013-08-08 20:56 - 00003047 _____ C:\Users\Work\Desktop\Bing HRS Toolbar.lnk 2013-08-08 20:56 - 2013-08-08 20:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Corporation 2013-08-08 20:55 - 2013-08-08 20:55 - 00000000 ____D C:\Users\Work\Desktop\hrstoolbar 2013-08-08 20:55 - 2013-08-08 20:55 - 00000000 ____D C:\Users\Work\AppData\Roaming\Macromedia 2013-08-08 20:49 - 2013-08-08 21:15 - 00000000 ____D C:\Users\Work\AppData\Roaming\Adobe 2013-08-08 20:42 - 2013-08-08 22:24 - 00000000 ____D C:\Users\Work\AppData\Local\VirtualStore 2013-08-08 20:42 - 2013-08-08 20:42 - 00130704 _____ C:\Users\Work\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-08 20:42 - 2013-08-08 20:42 - 00002340 _____ C:\Users\Work\Desktop\Safe Money.lnk 2013-08-08 20:42 - 2013-08-08 20:42 - 00000632 __RSH C:\Users\Work\ntuser.pol 2013-08-08 20:42 - 2013-08-08 20:42 - 00000020 ___SH C:\Users\Work\ntuser.ini 2013-08-08 20:42 - 2013-08-08 20:42 - 00000000 ____D C:\Users\Work\AppData\Roaming\Intel Corporation 2013-08-08 20:42 - 2013-08-08 20:42 - 00000000 ____D C:\Users\Work 2013-08-08 20:42 - 2009-12-20 23:16 - 00000000 ____D C:\Users\Work\AppData\Local\Microsoft Help 2013-08-08 18:23 - 2013-08-08 18:23 - 00000000 ____D C:\Users\Anthony\Desktop\mbar-1.06.0.1004 2013-08-08 10:57 - 2013-08-08 10:57 - 00262144 _____ C:\Windows\system32\config\elam 2013-08-08 10:15 - 2013-08-08 10:16 - 00001481 _____ C:\AdwCleaner[s2].txt 2013-08-08 10:14 - 2013-08-08 10:15 - 00001421 _____ C:\AdwCleaner[R2].txt 2013-08-08 08:53 - 2013-08-08 08:53 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak 2013-08-08 08:53 - 2013-08-08 08:53 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak 2013-08-08 08:52 - 2013-08-08 08:52 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00055856 _____ (Sonic Solutions) C:\Windows\system32\Drivers\PxHlpa64.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak 2013-08-08 08:50 - 2013-08-08 08:50 - 00740864 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\CAX_CNXT.sys.bak 2013-08-08 08:50 - 2013-08-08 08:50 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak 2013-08-08 08:50 - 2013-08-08 08:50 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak 2013-08-08 02:48 - 2013-08-08 02:48 - 00000000 ____D C:\FRST 2013-08-07 21:43 - 2013-08-07 21:44 - 00004341 _____ C:\AdwCleaner[s1].txt 2013-08-07 21:43 - 2013-08-07 21:43 - 00004215 _____ C:\AdwCleaner[R1].txt 2013-08-07 21:14 - 2013-08-08 09:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-07 21:08 - 2013-08-08 08:52 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak 2013-08-07 21:08 - 2013-08-08 08:51 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak 2013-08-07 21:04 - 2013-08-07 21:34 - 00000000 ____D C:\Windows\ERUNT 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Me\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Guest\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Anthony\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000803 _____ C:\Users\Me\Desktop\ERUNT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000803 _____ C:\Users\Guest\Desktop\ERUNT.lnk 2013-08-06 22:54 - 2013-08-06 22:54 - 00023389 _____ C:\ComboFix.txt 2013-08-06 22:05 - 2013-08-06 22:05 - 00377856 _____ C:\Users\Me\Desktop\qwt7x50r.exe 2013-08-06 21:29 - 2013-08-06 21:29 - 00000000 ____D C:\Users\Me\AppData\Roaming\Sony Corporation 2013-08-05 22:21 - 2013-08-05 22:21 - 00000000 ____D C:\ProgramData\McAfee 2013-08-05 15:31 - 2013-08-05 15:31 - 00000000 ____D C:\ProgramData\Sophos 2013-08-05 15:29 - 2013-08-05 15:29 - 00003191 _____ C:\Users\Me\Desktop\Sophos Virus Removal Tool.lnk 2013-08-05 15:29 - 2013-08-05 15:29 - 00000000 ____D C:\Program Files (x86)\Sophos 2013-08-04 20:27 - 2013-08-04 20:27 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-04 09:50 - 2013-08-04 09:50 - 00000000 ____D C:\Users\Me\Desktop\My Mobile 2013-08-02 23:41 - 2013-08-02 23:41 - 00009655 _____ C:\Users\Me\Desktop\AnthonyMoreno.suggestedAdditionalRoutes.xlsx 2013-08-02 23:40 - 2013-08-02 23:40 - 00019769 _____ C:\Users\Me\Desktop\RED BULL UNCOVERED 8-2 AnthonyM.xlsx 2013-08-02 15:42 - 2013-08-02 15:42 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf 2013-08-02 15:33 - 2013-08-02 15:36 - 00000000 ____D C:\Windows\WindowsMobile 2013-08-02 15:31 - 2013-08-02 15:40 - 12989580 _____ C:\Users\Me\Downloads\drvupdate-amd64.zip 2013-08-01 15:30 - 2013-08-02 23:26 - 00000366 _____ C:\Users\Me\Desktop\schedule.txt 2013-07-28 13:40 - 2013-07-28 13:42 - 00000000 ____D C:\Users\Me\Desktop\Crossmark 2013-07-17 14:51 - 2013-07-17 14:51 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Nikon 2013-07-16 20:44 - 2013-08-13 20:23 - 00000000 ____D C:\Windows\system32\MRT ==================== One Month Modified Files and Folders ======= 2013-08-13 23:11 - 2013-08-09 23:34 - 01575544 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe 2013-08-13 23:10 - 2013-06-25 22:58 - 00000596 _____ C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job 2013-08-13 23:10 - 2013-06-02 21:36 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-08-13 23:08 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF 2013-08-13 22:13 - 2013-08-08 21:58 - 00000000 ____D C:\Users\Work\AppData\Local\Google 2013-08-13 21:44 - 2009-09-10 01:35 - 01275295 _____ C:\Windows\WindowsUpdate.log 2013-08-13 21:37 - 2009-07-13 23:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-13 21:37 - 2009-07-13 22:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-13 21:37 - 2009-07-13 22:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-13 21:29 - 2013-06-21 22:11 - 00011742 _____ C:\Windows\setupact.log 2013-08-13 21:29 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-13 20:25 - 2010-01-30 12:47 - 00000039 _____ C:\Windows\vbaddin.ini 2013-08-13 20:25 - 2009-09-03 02:36 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-13 20:24 - 2013-07-16 20:44 - 00000000 ____D C:\Windows\system32\MRT 2013-08-13 20:23 - 2009-11-04 18:44 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-13 20:14 - 2013-08-13 20:14 - 00760937 _____ (Farbar) C:\Users\Anthony\Desktop\MiniToolBox.exe 2013-08-12 23:52 - 2012-01-09 21:30 - 00007584 _____ C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg 2013-08-12 16:18 - 2013-08-12 16:18 - 00000000 ____D C:\Users\Me\Desktop\Diageo_Training 2013-08-11 22:47 - 2012-01-29 11:37 - 00000000 ____D C:\Users\Anthony\AppData\Local\TempImages 2013-08-10 16:14 - 2013-08-10 16:14 - 00891115 _____ C:\Users\Anthony\Desktop\SecurityCheck.exe 2013-08-10 07:55 - 2013-01-01 12:49 - 00151140 _____ C:\Windows\PFRO.log 2013-08-10 05:39 - 2011-04-07 11:52 - 00000000 ____D C:\Windows\Minidump 2013-08-10 05:39 - 2009-11-01 18:53 - 00279193 ____N C:\Windows\Minidump\081013-29733-01.dmp 2013-08-09 23:39 - 2013-08-09 23:39 - 00448512 _____ (OldTimer Tools) C:\Users\Anthony\Desktop\TFC.exe 2013-08-09 10:59 - 2013-08-09 09:59 - 00000000 ____D C:\Users\Work\AppData\Roaming\Winamp 2013-08-09 00:39 - 2013-08-09 00:39 - 00000000 ____D C:\Users\Work\Desktop\My Mobile 2013-08-08 22:24 - 2013-08-08 22:24 - 00000000 ____D C:\Users\Work\AppData\Roaming\Yahoo! 2013-08-08 22:24 - 2013-08-08 20:42 - 00000000 ____D C:\Users\Work\AppData\Local\VirtualStore 2013-08-08 21:16 - 2013-08-08 21:16 - 00000000 ____D C:\Users\Work\AppData\Roaming\Opera 2013-08-08 21:16 - 2013-08-08 21:16 - 00000000 ____D C:\Users\Work\AppData\Local\Opera 2013-08-08 21:15 - 2013-08-08 21:15 - 00000000 ____D C:\Users\Work\AppData\Local\Adobe 2013-08-08 21:15 - 2013-08-08 20:49 - 00000000 ____D C:\Users\Work\AppData\Roaming\Adobe 2013-08-08 20:56 - 2013-08-08 20:56 - 00003047 _____ C:\Users\Work\Desktop\Bing HRS Toolbar.lnk 2013-08-08 20:56 - 2013-08-08 20:56 - 00000000 ____D C:\Program Files (x86)\Microsoft Corporation 2013-08-08 20:55 - 2013-08-08 20:55 - 00000000 ____D C:\Users\Work\Desktop\hrstoolbar 2013-08-08 20:55 - 2013-08-08 20:55 - 00000000 ____D C:\Users\Work\AppData\Roaming\Macromedia 2013-08-08 20:42 - 2013-08-08 20:42 - 00130704 _____ C:\Users\Work\AppData\Local\GDIPFONTCACHEV1.DAT 2013-08-08 20:42 - 2013-08-08 20:42 - 00002340 _____ C:\Users\Work\Desktop\Safe Money.lnk 2013-08-08 20:42 - 2013-08-08 20:42 - 00000632 __RSH C:\Users\Work\ntuser.pol 2013-08-08 20:42 - 2013-08-08 20:42 - 00000020 ___SH C:\Users\Work\ntuser.ini 2013-08-08 20:42 - 2013-08-08 20:42 - 00000000 ____D C:\Users\Work\AppData\Roaming\Intel Corporation 2013-08-08 20:42 - 2013-08-08 20:42 - 00000000 ____D C:\Users\Work 2013-08-08 18:23 - 2013-08-08 18:23 - 00000000 ____D C:\Users\Anthony\Desktop\mbar-1.06.0.1004 2013-08-08 13:06 - 2009-11-01 20:04 - 00000000 ____D C:\Users\Anthony 2013-08-08 11:24 - 2012-02-06 14:42 - 00000000 ____D C:\Windows\ERDNT 2013-08-08 10:57 - 2013-08-08 10:57 - 00262144 _____ C:\Windows\system32\config\elam 2013-08-08 10:16 - 2013-08-08 10:15 - 00001481 _____ C:\AdwCleaner[s2].txt 2013-08-08 10:15 - 2013-08-08 10:14 - 00001421 _____ C:\AdwCleaner[R2].txt 2013-08-08 10:15 - 2013-07-02 10:10 - 00000084 _____ C:\Users\Anthony\Desktop\KasperskyCode.txt 2013-08-08 09:13 - 2013-08-07 21:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-08 08:53 - 2013-08-08 08:53 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak 2013-08-08 08:53 - 2013-08-08 08:53 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak 2013-08-08 08:52 - 2013-08-08 08:52 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak 2013-08-08 08:52 - 2013-08-07 21:08 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00055856 _____ (Sonic Solutions) C:\Windows\system32\Drivers\PxHlpa64.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak 2013-08-08 08:51 - 2013-08-07 21:08 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak 2013-08-08 08:50 - 2013-08-08 08:50 - 00740864 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\CAX_CNXT.sys.bak 2013-08-08 08:50 - 2013-08-08 08:50 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak 2013-08-08 08:50 - 2013-08-08 08:50 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak 2013-08-08 02:48 - 2013-08-08 02:48 - 00000000 ____D C:\FRST 2013-08-07 21:44 - 2013-08-07 21:43 - 00004341 _____ C:\AdwCleaner[s1].txt 2013-08-07 21:43 - 2013-08-07 21:43 - 00004215 _____ C:\AdwCleaner[R1].txt 2013-08-07 21:34 - 2013-08-07 21:04 - 00000000 ____D C:\Windows\ERUNT 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Me\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Guest\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Anthony\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000803 _____ C:\Users\Me\Desktop\ERUNT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000803 _____ C:\Users\Guest\Desktop\ERUNT.lnk 2013-08-07 08:53 - 2009-11-01 18:53 - 00287649 ____N C:\Windows\Minidump\080713-22167-01.dmp 2013-08-07 08:27 - 2012-12-18 14:19 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Anthony\Desktop\tdsskiller.exe 2013-08-06 22:54 - 2013-08-06 22:54 - 00023389 _____ C:\ComboFix.txt 2013-08-06 22:50 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini 2013-08-06 22:05 - 2013-08-06 22:05 - 00377856 _____ C:\Users\Me\Desktop\qwt7x50r.exe 2013-08-06 21:29 - 2013-08-06 21:29 - 00000000 ____D C:\Users\Me\AppData\Roaming\Sony Corporation 2013-08-05 22:43 - 2009-07-13 20:34 - 00000513 _____ C:\Windows\win.ini 2013-08-05 22:21 - 2013-08-05 22:21 - 00000000 ____D C:\ProgramData\McAfee 2013-08-05 22:21 - 2012-03-31 07:31 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-05 22:21 - 2011-06-16 00:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-05 22:20 - 2013-06-23 09:42 - 00000000 ____D C:\Users\Me\AppData\Local\Adobe 2013-08-05 20:54 - 2013-03-29 12:04 - 00000000 ____D C:\Users\Public\Downloads\Roberto Pulido 2013-08-05 15:31 - 2013-08-05 15:31 - 00000000 ____D C:\ProgramData\Sophos 2013-08-05 15:29 - 2013-08-05 15:29 - 00003191 _____ C:\Users\Me\Desktop\Sophos Virus Removal Tool.lnk 2013-08-05 15:29 - 2013-08-05 15:29 - 00000000 ____D C:\Program Files (x86)\Sophos 2013-08-04 20:27 - 2013-08-04 20:27 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-04 09:50 - 2013-08-04 09:50 - 00000000 ____D C:\Users\Me\Desktop\My Mobile 2013-08-02 23:41 - 2013-08-02 23:41 - 00009655 _____ C:\Users\Me\Desktop\AnthonyMoreno.suggestedAdditionalRoutes.xlsx 2013-08-02 23:40 - 2013-08-02 23:40 - 00019769 _____ C:\Users\Me\Desktop\RED BULL UNCOVERED 8-2 AnthonyM.xlsx 2013-08-02 23:26 - 2013-08-01 15:30 - 00000366 _____ C:\Users\Me\Desktop\schedule.txt 2013-08-02 15:42 - 2013-08-02 15:42 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf 2013-08-02 15:40 - 2013-08-02 15:31 - 12989580 _____ C:\Users\Me\Downloads\drvupdate-amd64.zip 2013-08-02 15:36 - 2013-08-02 15:33 - 00000000 ____D C:\Windows\WindowsMobile 2013-07-28 13:42 - 2013-07-28 13:40 - 00000000 ____D C:\Users\Me\Desktop\Crossmark 2013-07-25 03:25 - 2013-08-13 20:17 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-25 02:57 - 2013-08-13 20:17 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-24 21:54 - 2013-08-13 20:21 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-24 21:45 - 2013-06-23 09:11 - 00000000 ____D C:\Users\Me\AppData\Local\Google 2013-07-24 21:37 - 2013-08-13 20:21 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-24 21:35 - 2013-08-13 20:21 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-24 21:31 - 2013-08-13 20:21 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-24 21:30 - 2013-08-13 20:21 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-24 21:29 - 2013-08-13 20:21 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-24 21:29 - 2013-08-13 20:21 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-24 21:29 - 2013-08-13 20:21 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-24 21:28 - 2013-08-13 20:21 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-24 21:28 - 2013-08-13 20:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-24 21:28 - 2013-08-13 20:21 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-24 21:28 - 2013-08-13 20:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-24 21:28 - 2013-08-13 20:21 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-24 21:27 - 2013-08-13 20:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-24 21:27 - 2013-08-13 20:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-24 21:26 - 2013-08-13 20:21 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-24 20:40 - 2013-08-13 20:21 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-24 20:32 - 2013-08-13 20:21 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-24 20:30 - 2013-08-13 20:21 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-24 20:26 - 2013-08-13 20:21 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-24 20:26 - 2013-08-13 20:21 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-24 20:25 - 2013-08-13 20:21 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-07-24 20:24 - 2013-08-13 20:21 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-07-24 20:24 - 2013-08-13 20:21 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-24 20:23 - 2013-08-13 20:21 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-24 20:23 - 2013-08-13 20:21 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-24 20:23 - 2013-08-13 20:21 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-24 20:23 - 2013-08-13 20:21 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-07-24 20:23 - 2013-08-13 20:21 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-07-24 20:22 - 2013-08-13 20:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-24 20:22 - 2013-08-13 20:21 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-24 20:22 - 2013-08-13 20:21 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-07-18 19:58 - 2013-08-13 20:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-07-18 19:41 - 2013-08-13 20:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-07-17 23:42 - 2013-07-17 14:46 - 00000000 ____D C:\Users\Public\Downloads\Pimsleur French III 2013-07-17 22:43 - 2013-07-17 22:43 - 00001284 _____ C:\Users\Me\Desktop\Public Downloads - Shortcut.lnk 2013-07-17 14:53 - 2010-03-13 08:09 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT 2013-07-17 14:51 - 2013-07-17 14:51 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Nikon 2013-07-17 00:14 - 2013-06-26 07:10 - 00000000 ____D C:\Users\Me\Documents\MATLAB 2013-07-14 18:06 - 2013-06-22 18:41 - 00000000 ____D C:\Program Files (x86)\Opera Files to move or delete: ==================== C:\ProgramData\SMRResults311.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-12 00:46 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-08-2013 Ran by Anthony at 2013-08-13 23:13:04 Running from C:\Users\Anthony\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 64 Bit HP CIO Components Installer (Version: 6.2.1) Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.146) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.01) (x32 Version: 11.0.01) Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620) Alps Pointing-device for VAIO Amazon Games & Software Downloader (x32 Version: 2.0.2.0) Apple Application Support (x32 Version: 2.3.4) Apple Software Update (x32 Version: 2.1.3.127) Atheros Client Installation Program (x32 Version: 7.0) AURA Fate of the Ages (x32) Bing HRS Toolbar (x32 Version: 3.15.0) Citrix Online Launcher (x32 Version: 1.0.110) Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dragonsphere (x32) el® Graphics Media Accelerator Driver (Version: 8.15.10.1872) eMusic Download Manager 6 (x32 Version: 6.0.3) ERUNT 1.1j (x32) ESET Online Scanner v3 (x32) File Uploader (x32 Version: 1.1.1) Free M4a to MP3 Converter 6.2 (x32) Free WAV To MP3 Converter 2.1 (x32 Version: 2.1) Free WMA to MP3 Converter 1.16 (x32) Google Chrome (x32 Version: 25.0.1364.97) Google Earth (x32 Version: 6.1.0.5001) Google Update Helper (x32 Version: 1.3.21.79) HP Update (x32 Version: 4.000.011.006) Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Java SE Development Kit 6 Update 15 (64-bit) (Version: 1.6.0.150) Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) MATLAB R2013a Student Version (32-bit) (x32 Version: 8.1) MediaMonkey 4.0 (x32 Version: 4.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Mouse and Keyboard Center (Version: 1.1.500.0) Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000) Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Outlook Connector (x32 Version: 14.0.6123.5001) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Move Media Player (HKCU) MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) Nikon Message Center (x32 Version: 0.92.000) Nikon Transfer (x32 Version: 1.3.0) NVIDIA PhysX (x32 Version: 9.09.0203) Opera 12.16 (x32 Version: 12.16.1860) PlayReady PC Runtime amd64 (Version: 1.3.0) QuickTime (x32 Version: 7.74.80.86) RarZilla Free Unrar (x32 Version: 2.59) realMyst (x32) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5886) Regi (Version: 1.00.0000) Risen (x32 Version: 1.00.0000) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32) Sophos Virus Removal Tool (x32 Version: 2.4) Text Twist 2 1.00 (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2494150) (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) VAIO Care (x32 Version: 6.4.2.11150) VAIO Satisfaction Survey. (x32 Version: 3.0) VAIO Update (x32 Version: 5.1.1.06090) VAIO Update 4 (x32 Version: 4.2.0.07300) VD64Inst (Version: 1.00.0000) VU5x86 (x32 Version: 1.0.0) Wav to Mp3 (x32) Winamp (x32 Version: 5.63 ) Winamp Detector Plug-in (HKCU Version: 1.0.0.1) Windows Mobile Device Center (Version: 6.1.6965.0) Windows Mobile Device Center Driver Update (Version: 6.1.6965.0) Yahoo! Messenger (x32) ==================== Restore Points ========================= 08-08-2013 17:24:25 ComboFix created restore point 08-08-2013 19:04:25 Removed Bing HRS Toolbar 09-08-2013 00:38:58 Windows Update 09-08-2013 02:55:38 Installed Bing HRS Toolbar 14-08-2013 02:20:51 Windows Update ==================== Hosts content: ========================== 2009-07-13 20:34 - 2013-04-11 08:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0125A216-768D-4430-9B6A-A628A5A90C01} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft) Task: {01BD90B4-8544-42E3-8444-2D6189736107} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03] (Google Inc.) Task: {0B8B093F-5E7E-4EDC-8D2D-2456CEB9A802} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03] (Google Inc.) Task: {157094CC-52A9-489C-A7A4-39E16AC9EB2D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation) Task: {1EBDA005-D59A-4381-85B9-0529C6BC1702} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation) Task: {4B60D3D2-62EB-4067-83B6-B9CE7C532DFB} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation) Task: {6F57DBB5-BB26-49CD-9FD3-5D6328FEF314} - System32\Tasks\{68A5572C-C5E7-4811-A901-4C033D0CAE0B} => C:\Program Files (x86)\GOG.com\realMyst\realMystStart.exe [2010-01-04] () Task: {7E684F9C-D428-4588-8195-41D168EB5547} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation) Task: {8116B324-88B7-4CEB-AFB3-810B246ADDFE} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe No File Task: {94A2BD72-46AC-4B37-AA8C-E9AB0E148223} - System32\Tasks\VAIO Care Service => C:\Program Files\Sony\VAIO Care\VAIOCareService.exe [2009-12-04] (Sony Corporation) Task: {98501C74-9A17-4233-9711-0FBC8FB56EE3} - System32\Tasks\{00BE88FD-20CF-4283-9F0D-A83F7F390056} => C:\Program Files (x86)\GOG.com\realMyst\realMystStart.exe [2010-01-04] () Task: {98DFA9F8-71B9-4BD7-B421-01BC57937E74} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {9D2C8839-7250-4942-BACF-32272C9622DC} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe No File Task: {CA4726F5-CEAC-494A-AC2C-51CB21063EE9} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe No File Task: {D6136BA3-5B6C-4CBF-8F30-3FD88559212D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe No File Task: {F2DDDEEB-6804-4905-B06C-024FC63F728D} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2013a Student\bin\win32\MATLABStartupAccelerator.exe [2013-01-16] () Task: {F7153265-85F8-4F22-B956-5521E50FC87F} - System32\Tasks\Sony\VAIO Mini Program => C:\Program Files\Sony\First Experience\Miniprogram.exe [2009-08-26] () Task: {F9882F40-3C65-4659-8EA3-97A367829069} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe No File Task: {FAC36AC7-EC90-45E4-8D26-E35C3205BCF3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe No File Task: {FCB51C76-3C7F-4E12-A217-D33793719AFF} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation) Task: {FDE8DEF4-7D90-4362-9581-1FD4572D977E} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2009-07-30] (Sony Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2013a Student\bin\win32\MATLABStartupAccelerator.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/13/2013 10:44:40 AM) (Source: RapiMgr) (User: ) Description: Windows Mobile-based device failed to connect due to communication (0x80072745) failure (see data for failure code). Error: (08/13/2013 09:26:07 AM) (Source: RapiMgr) (User: ) Description: Windows Mobile-based device failed to connect due to communication (0x80072745) failure (see data for failure code). Error: (08/12/2013 04:51:09 PM) (Source: RapiMgr) (User: ) Description: Windows Mobile-based device failed to connect due to communication (0x80072745) failure (see data for failure code). Error: (08/12/2013 00:10:15 PM) (Source: RapiMgr) (User: ) Description: Windows Mobile-based device failed to connect due to communication (0x80072745) failure (see data for failure code). Error: (08/12/2013 10:30:57 AM) (Source: RapiMgr) (User: ) Description: Windows Mobile-based device failed to connect due to communication (0x80072745) failure (see data for failure code). Error: (08/12/2013 00:38:24 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/12/2013 00:37:04 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (08/11/2013 07:11:11 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/11/2013 07:11:07 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/11/2013 01:57:08 PM) (Source: Application Hang) (User: ) Description: The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1220 Start Time: 01ce96ca1777313e Termination Time: 17 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 2f44c45c-02c0-11e3-8fc9-0024be3ae726 System errors: ============= Error: (08/13/2013 09:29:45 PM) (Source: Service Control Manager) (User: ) Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Error: (08/13/2013 09:29:45 PM) (Source: Service Control Manager) (User: ) Description: The HsfXAudioService service failed to start due to the following error: %%1053 Error: (08/13/2013 09:29:45 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect. Error: (08/13/2013 09:12:26 AM) (Source: Service Control Manager) (User: ) Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Error: (08/13/2013 09:12:26 AM) (Source: Service Control Manager) (User: ) Description: The HsfXAudioService service failed to start due to the following error: %%1053 Error: (08/13/2013 09:12:26 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect. Error: (08/12/2013 11:57:13 AM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (08/12/2013 11:57:12 AM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (08/12/2013 11:57:11 AM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (08/11/2013 10:58:57 PM) (Source: Service Control Manager) (User: ) Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-12 00:38:55.342 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-12 00:38:55.332 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-12 00:38:55.332 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-12 00:38:55.322 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-12 00:38:55.322 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-12 00:38:55.312 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-11 00:31:40.456 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-11 00:31:40.456 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-11 00:31:40.456 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-11 00:31:40.440 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 22% Total physical RAM: 8031.02 MB Available physical RAM: 6194.16 MB Total Pagefile: 8045.2 MB Available Pagefile: 6060.34 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:290.09 GB) (Free:135.53 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A2EB41AF) Partition 1: (Not Active) - (Size=8 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  8. anm81
    MiniToolBox by Farbar Version: 13-07-2013 Ran by Anthony (administrator) on 13-08-2013 at 20:16:23 Running from "C:\Users\Anthony\Desktop" Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected) Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller = Local Area Connection (Media disconnected) Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global icmpredirects=enabled popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Anthony-VAIO Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : 06-26-5E-F4-4B-54 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter Physical Address. . . . . . . . . : 00-26-5E-F4-4B-54 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::886d:4c2a:720b:30f5%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.7(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Tuesday, August 13, 2013 6:11:17 PM Lease Expires . . . . . . . . . . : Wednesday, August 14, 2013 8:12:40 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 218111802 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-3A-63-9F-00-24-BE-3A-E7-26 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Belkin Description . . . . . . . . . . . : Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller Physical Address. . . . . . . . . : 00-24-BE-3A-E7-26 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{BBD6C13F-71A1-4691-8E91-5C597A5734BC}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter 6TO4 Adapter: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Server: UnKnown Address: 192.168.1.1 Name: google.com Addresses: 2607:f8b0:400b:80b::1002 208.117.232.121 208.117.232.120 208.117.232.122 208.117.232.119 208.117.232.123 208.117.232.116 208.117.232.117 208.117.232.118 Pinging google.com [208.117.232.87] with 32 bytes of data: Reply from 208.117.232.87: bytes=32 time=18ms TTL=57 Reply from 208.117.232.87: bytes=32 time=19ms TTL=57 Ping statistics for 208.117.232.87: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 18ms, Maximum = 19ms, Average = 18ms Server: UnKnown Address: 192.168.1.1 Name: yahoo.com Addresses: 98.138.253.109 206.190.36.45 98.139.183.24 Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=41ms TTL=51 Reply from 206.190.36.45: bytes=32 time=64ms TTL=51 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 41ms, Maximum = 64ms, Average = 52ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 14...06 26 5e f4 4b 54 ......Microsoft Virtual WiFi Miniport Adapter 11...00 26 5e f4 4b 54 ......Atheros AR9285 Wireless Network Adapter 10...00 24 be 3a e7 26 ......Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller 1...........................Software Loopback Interface 1 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.7 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.7 281 192.168.1.7 255.255.255.255 On-link 192.168.1.7 281 192.168.1.255 255.255.255.255 On-link 192.168.1.7 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.7 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.7 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 11 281 fe80::/64 On-link 11 281 fe80::886d:4c2a:720b:30f5/128 On-link 1 306 ff00::/8 On-link 11 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (08/13/2013 10:44:40 AM) (Source: RapiMgr) (User: ) Description: Windows Mobile-based device failed to connect due to communication (0x80072745) failure (see data for failure code). Error: (08/13/2013 09:26:07 AM) (Source: RapiMgr) (User: ) Description: Windows Mobile-based device failed to connect due to communication (0x80072745) failure (see data for failure code). Error: (08/12/2013 04:51:09 PM) (Source: RapiMgr) (User: ) Description: Windows Mobile-based device failed to connect due to communication (0x80072745) failure (see data for failure code). Error: (08/12/2013 00:10:15 PM) (Source: RapiMgr) (User: ) Description: Windows Mobile-based device failed to connect due to communication (0x80072745) failure (see data for failure code). Error: (08/12/2013 10:30:57 AM) (Source: RapiMgr) (User: ) Description: Windows Mobile-based device failed to connect due to communication (0x80072745) failure (see data for failure code). Error: (08/12/2013 00:38:24 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/12/2013 00:37:04 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3. Component identity found in manifest does not match the identity of the component requested. Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use sxstrace.exe for detailed diagnosis. Error: (08/11/2013 07:11:11 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/11/2013 07:11:07 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (08/11/2013 01:57:08 PM) (Source: Application Hang) (User: ) Description: The program iexplore.exe version 9.0.8112.16496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1220 Start Time: 01ce96ca1777313e Termination Time: 17 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: 2f44c45c-02c0-11e3-8fc9-0024be3ae726 System errors: ============= Error: (08/13/2013 09:12:26 AM) (Source: Service Control Manager) (User: ) Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Error: (08/13/2013 09:12:26 AM) (Source: Service Control Manager) (User: ) Description: The HsfXAudioService service failed to start due to the following error: %%1053 Error: (08/13/2013 09:12:26 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect. Error: (08/12/2013 11:57:13 AM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (08/12/2013 11:57:12 AM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (08/12/2013 11:57:11 AM) (Source: Disk) (User: ) Description: The driver detected a controller error on \Device\Harddisk3\DR3. Error: (08/11/2013 10:58:57 PM) (Source: Service Control Manager) (User: ) Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Error: (08/11/2013 10:58:57 PM) (Source: Service Control Manager) (User: ) Description: The HsfXAudioService service failed to start due to the following error: %%1053 Error: (08/11/2013 10:58:57 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect. Error: (08/10/2013 10:40:47 PM) (Source: Service Control Manager) (User: ) Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-12 00:38:55.342 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-12 00:38:55.332 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-12 00:38:55.332 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-12 00:38:55.322 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-12 00:38:55.322 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-12 00:38:55.312 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-11 00:31:40.456 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-11 00:31:40.456 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-11 00:31:40.456 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-11 00:31:40.440 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. =========================== Installed Programs ============================ 64 Bit HP CIO Components Installer (Version: 6.2.1) Adobe Flash Player 11 ActiveX (Version: 11.5.502.146) Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Reader XI (11.0.01) (Version: 11.0.01) Adobe Shockwave Player 11.5 (Version: 11.5.9.620) Alps Pointing-device for VAIO Amazon Games & Software Downloader (Version: 2.0.2.0) Apple Application Support (Version: 2.3.4) Apple Software Update (Version: 2.1.3.127) Atheros Client Installation Program (Version: 7.0) AURA Fate of the Ages Bing HRS Toolbar (Version: 3.15.0) Citrix Online Launcher (Version: 1.0.110) Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dragonsphere eMusic Download Manager 6 (Version: 6.0.3) ERUNT 1.1j ESET Online Scanner v3 File Uploader (Version: 1.1.1) Free M4a to MP3 Converter 6.2 Free WAV To MP3 Converter 2.1 (Version: 2.1) Free WMA to MP3 Converter 1.16 Google Chrome (Version: 25.0.1364.97) Google Earth (Version: 6.1.0.5001) Google Update Helper (Version: 1.3.21.79) HP Update (Version: 4.000.011.006) Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1872) Intel® Rapid Storage Technology (Version: 9.6.0.1014) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Java SE Development Kit 6 Update 15 (64-bit) (Version: 1.6.0.150) Kaspersky Internet Security 2013 (Version: 13.0.1.4190) Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300) MATLAB R2013a Student Version (32-bit) (Version: 8.1) MediaMonkey 4.0 (Version: 4.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Mouse and Keyboard Center (Version: 1.1.500.0) Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Outlook Connector (Version: 14.0.6123.5001) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Professional 2010 (Version: 14.0.7015.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Single Image 2010 (Version: 14.0.7015.1000) Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000) Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Move Media Player MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) Nikon Message Center (Version: 0.92.000) Nikon Transfer (Version: 1.3.0) NVIDIA PhysX (Version: 9.09.0203) Opera 12.16 (Version: 12.16.1860) PlayReady PC Runtime amd64 (Version: 1.3.0) QuickTime (Version: 7.74.80.86) RarZilla Free Unrar (Version: 2.59) realMyst Realtek High Definition Audio Driver (Version: 6.0.1.5886) Regi (Version: 1.00.0000) Risen (Version: 1.00.0000) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition Sophos Virus Removal Tool (Version: 2.4) Text Twist 2 1.00 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition VAIO Care (Version: 6.4.2.11150) VAIO Satisfaction Survey. (Version: 3.0) VAIO Update (Version: 5.1.1.06090) VAIO Update 4 (Version: 4.2.0.07300) VD64Inst (Version: 1.00.0000) VU5x86 (Version: 1.0.0) Wav to Mp3 Winamp (Version: 5.63 ) Winamp Detector Plug-in (Version: 1.0.0.1) Windows Mobile Device Center (Version: 6.1.6965.0) Windows Mobile Device Center Driver Update (Version: 6.1.6965.0) Yahoo! Messenger ========================= Devices: ================================ Name: Composite Bus Enumerator Description: Composite Bus Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: CompositeBus Name: Intel® 82801 PCI Bridge - 2448 Description: Intel® 82801 PCI Bridge - 2448 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Name: Intel® ICH9 Family USB Universal Host Controller - 2938 Description: Intel® ICH9 Family USB Universal Host Controller - 2938 Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbuhci Name: LDDM Graphics Subsystem Description: LDDM Graphics Subsystem Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: DXGKrnl Name: Mobile Intel® 4 Series Chipset Processor to DRAM Controller - 2A40 Description: Mobile Intel® 4 Series Chipset Processor to DRAM Controller - 2A40 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: XAudio Description: XAudio Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: XAudio Name: PCI bus Description: PCI bus Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: pci Name: Generic volume Description: Generic volume Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: Generic volume Description: Generic volume Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: QoS Packet Scheduler Description: QoS Packet Scheduler Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Psched Name: UMBus Enumerator Description: UMBus Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: umbus Name: Microsoft Composite Battery Description: Microsoft Composite Battery Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a} Manufacturer: Microsoft Service: Compbatt Name: Optiarc BD ROM BC-5500S4 Description: CD-ROM Drive Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard CD-ROM drives) Service: cdrom Name: System CMOS/real time clock Description: System CMOS/real time clock Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Microsoft System Management BIOS Driver Description: Microsoft System Management BIOS Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: mssmbios Name: Bitlocker Drive Encryption Filter Driver Description: Bitlocker Drive Encryption Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: fvevol Name: Generic volume shadow copy Description: Generic volume shadow copy Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: WAN Miniport (IKEv2) Description: WAN Miniport (IKEv2) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RasAgileVpn Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: Motherboard resources Description: Motherboard resources Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: HTTP Description: HTTP Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: HTTP Name: Intel® ICH9M LPC Interface Controller - 2919 Description: Intel® ICH9M LPC Interface Controller - 2919 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: msisadrv Name: Intel® ICH9 Family USB Universal Host Controller - 2939 Description: Intel® ICH9 Family USB Universal Host Controller - 2939 Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbuhci Name: Intel® High Definition Audio HDMI Description: Intel® High Definition Audio HDMI Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Intel® Corporation Service: IntcHdmiAddService Name: RDPCDD Description: RDPCDD Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: RDPCDD Name: Mobile Intel® 4 Series Express Chipset Family Description: Mobile Intel® 4 Series Express Chipset Family Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: igfx Name: msisadrv Description: msisadrv Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: msisadrv Name: Motherboard resources Description: Motherboard resources Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: Hardware Policy Driver Description: Hardware Policy Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: hwpolicy Name: WAN Miniport (L2TP) Description: WAN Miniport (L2TP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: Rasl2tp Name: Generic volume Description: Generic volume Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: Generic volume shadow copy Description: Generic volume shadow copy Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: RDP Encoder Mirror Driver Description: RDP Encoder Mirror Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: RDPENCDD Name: Numeric data processor Description: Numeric data processor Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: F:\ Description: R5C592 Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Microsoft Service: WUDFRd Name: SAMSUNG HM320II Description: Disk drive Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard disk drives) Service: disk Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: WAN Miniport (Network Monitor) Description: WAN Miniport (Network Monitor) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Name: Reflector Display Driver used to gain access to graphics data Description: Reflector Display Driver used to gain access to graphics data Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: RDPREFMP Name: Microsoft ACPI-Compliant Embedded Controller Description: Microsoft ACPI-Compliant Embedded Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Microsoft AC Adapter Description: Microsoft AC Adapter Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a} Manufacturer: Microsoft Service: CmBatt Name: NativeWiFi Filter Description: NativeWiFi Filter Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NativeWifiP Name: Intel® ICH9M-E/M SATA AHCI Controller Description: Intel® ICH9M-E/M SATA AHCI Controller Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: iaStor Name: Intel® ICH9 Family USB2 Enhanced Host Controller - 293A Description: Intel® ICH9 Family USB2 Enhanced Host Controller - 293A Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbehci Name: Mobile Intel® 4 Series Express Chipset Family Description: Mobile Intel® 4 Series Express Chipset Family Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Corporation Service: igfx Name: TCP/IP Protocol Driver Description: TCP/IP Protocol Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Tcpip Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: WAN Miniport (IP) Description: WAN Miniport (IP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Name: kl1 Description: kl1 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: kl1 Name: HID Non-User Input Data Filter (KB 911895) Description: HID Non-User Input Data Filter (KB 911895) Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: Microsoft Service: Name: regi Description: regi Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: regi Name: Microsoft ACPI-Compliant Control Method Battery Description: Microsoft ACPI-Compliant Control Method Battery Class Guid: {72631e54-78a4-11d0-bcf7-00aa00b7b32a} Manufacturer: Microsoft Service: CmBatt Name: Intel® Core2 Duo CPU T6600 @ 2.20GHz Description: Intel Processor Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: Generic volume Description: Generic volume Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: TCP/IP Registry Compatibility Description: TCP/IP Registry Compatibility Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: tcpipreg Name: WAN Miniport (IPv6) Description: WAN Miniport (IPv6) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: ACPI Power Button Description: ACPI Power Button Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Link-Layer Topology Discovery Responder Description: Link-Layer Topology Discovery Responder Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: rspndr Name: Ricoh Memory Stick Host Controller Description: Ricoh Memory Stick Host Controller Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: Ricoh Company Service: rimsptsk Name: Kaspersky Anti-Virus NDIS 6 Filter Description: Kaspersky Anti-Virus NDIS 6 Filter Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: KLIM6 Name: NetIO Legacy TDI Support Driver Description: NetIO Legacy TDI Support Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: tdx Name: Intel® ICH9 Family SMBus Controller - 2930 Description: Intel® ICH9 Family SMBus Controller - 2930 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: WAN Miniport (PPPOE) Description: WAN Miniport (PPPOE) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RasPppoe Name: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C Description: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbehci Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: Ricoh Memory Stick Disk Device Description: Disk drive Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard disk drives) Service: disk Name: ACPI Lid Description: ACPI Lid Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Security Driver Description: Security Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: secdrv Name: USB Composite Device Description: USB Composite Device Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbccgp Name: NDIS System Driver Description: NDIS System Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NDIS Name: kltdi Description: kltdi Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: kltdi Name: E:\ Description: R5C822 Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Microsoft Service: WUDFRd Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: WAN Miniport (PPTP) Description: WAN Miniport (PPTP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: PptpMiniport Name: Sony Firmware Extension Parser Device Description: Sony Firmware Extension Parser Device Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: Sony Corporation Service: SFEP Name: Ancillary Function Driver for Winsock Description: Ancillary Function Driver for Winsock Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: AFD Name: NDIS Usermode I/O Protocol Description: NDIS Usermode I/O Protocol Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Ndisuio Name: kneps Description: kneps Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: kneps Name: Sony Visual Communication Camera Description: USB Video Device Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: usbvideo Name: Ricoh SD Host Controller Description: Ricoh SD Host Controller Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318} Manufacturer: Ricoh Company Service: risdptsk Name: WAN Miniport (SSTP) Description: WAN Miniport (SSTP) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: RasSstp Name: Alps Pointing-device for VAIO Description: Alps Pointing-device for VAIO Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Alps Electric Service: i8042prt Name: Intel® Core2 Duo CPU T6600 @ 2.20GHz Description: Intel Processor Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65} Manufacturer: Intel Service: intelppm Name: USB Root Hub Description: USB Root Hub Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: (Standard USB Host Controller) Service: usbhub Name: atksgt Description: atksgt Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: atksgt Name: Intel® ICH9 Family USB Universal Host Controller - 2934 Description: Intel® ICH9 Family USB Universal Host Controller - 2934 Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbuhci Name: High Definition Audio Controller Description: High Definition Audio Controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: HDAudBus Name: Ricoh SD/MMC Disk Device Description: Disk drive Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard disk drives) Service: disk Name: NDProxy Description: NDProxy Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NDProxy Name: KSecDD Description: KSecDD Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: KSecDD Name: VgaSave Description: VgaSave Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: VgaSave Name: Terminal Server Keyboard Driver Description: Terminal Server Keyboard Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: TermDD Name: ACPI Thermal Zone Description: ACPI Thermal Zone Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Beep Description: Beep Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Beep Name: Microsoft USB Wireless Mouse (Mouse and Keyboard Center) Description: Microsoft USB Wireless Mouse (Mouse and Keyboard Center) Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: mouhid Name: KSecPkg Description: KSecPkg Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: KSecPkg Name: Dynamic Volume Manager Description: Dynamic Volume Manager Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: volmgrx Name: Terminal Server Mouse Driver Description: Terminal Server Mouse Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: TermDD Name: ACPI Thermal Zone Description: ACPI Thermal Zone Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Generic volume shadow copy Description: Generic volume shadow copy Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: Ricoh 1394 OHCI Compliant Host Controller Description: Ricoh 1394 OHCI Compliant Host Controller Class Guid: {6bdd1fc1-810f-11d0-bec7-08002be2092f} Manufacturer: Ricoh Service: 1394ohci Name: Plug and Play Software Device Enumerator Description: Plug and Play Software Device Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: swenum Name: NETBT Description: NETBT Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: NetBT Name: lirsgt Description: lirsgt Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: lirsgt Name: Intel® ICH9 Family USB Universal Host Controller - 2935 Description: Intel® ICH9 Family USB Universal Host Controller - 2935 Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbuhci Name: Microsoft 6to4 Adapter Description: Microsoft 6to4 Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Intel® ICH9 Family PCI Express Root Port 1 - 2940 Description: Intel® ICH9 Family PCI Express Root Port 1 - 2940 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Name: Storage volumes Description: Storage volumes Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: volsnap Name: Microsoft Virtual WiFi Miniport Adapter Description: Microsoft Virtual WiFi Miniport Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Name: Microsoft ACPI-Compliant System Description: Microsoft ACPI-Compliant System Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: ACPI Name: Security Processor Loader Driver Description: Security Processor Loader Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: spldr Name: UMBus Root Bus Enumerator Description: UMBus Root Bus Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: umbus Name: Link-Layer Topology Discovery Mapper I/O Driver Description: Link-Layer Topology Discovery Mapper I/O Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: lltdio Name: Generic volume shadow copy Description: Generic volume shadow copy Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf} Manufacturer: Microsoft Service: Name: Virtual WiFi Filter Driver Description: Virtual WiFi Filter Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: vwififlt Name: Intel® 82802 Firmware Hub Device Description: Intel® 82802 Firmware Hub Device Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: Name: Microsoft Virtual Drive Enumerator Driver Description: Microsoft Virtual Drive Enumerator Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: vdrvroot Name: Microsoft ISATAP Adapter Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: NSI proxy service driver. Description: NSI proxy service driver. Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: nsiproxy Name: Volume Manager Description: Volume Manager Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: volmgr Name: Remote Access IPv6 ARP Driver Description: Remote Access IPv6 ARP Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Wanarpv6 Name: Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller Description: Marvell Yukon 88E8057 PCI-E Gigabit Ethernet Controller Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Marvell Service: yukonw7 Name: Microsoft ISATAP Adapter #2 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Programmable interrupt controller Description: Programmable interrupt controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Intel® ICH9 Family USB Universal Host Controller - 2936 Description: Intel® ICH9 Family USB Universal Host Controller - 2936 Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbuhci Name: Intel® ICH9 Family PCI Express Root Port 2 - 2942 Description: Intel® ICH9 Family PCI Express Root Port 2 - 2942 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Name: Mount Point Manager Description: Mount Point Manager Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mountmgr Name: Generic volume Description: Generic volume Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f} Manufacturer: Microsoft Service: volsnap Name: Microsoft ISATAP Adapter #3 Description: Microsoft ISATAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Name: Kernel Mode Driver Frameworks service Description: Kernel Mode Driver Frameworks service Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Wdf01000 Name: System timer Description: System timer Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Common Log (CLFS) Description: Common Log (CLFS) Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: CLFS Name: Microsoft Hardware USB Wireless Mouse Description: Microsoft Hardware USB Wireless Mouse Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da} Manufacturer: Microsoft Service: HidUsb Name: Null Description: Null Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: Null Name: Windows Firewall Authorization Driver Description: Windows Firewall Authorization Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: mpsdrv Name: 80222058 Description: 80222058 Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: 80222058 Name: WFP Lightweight Filter Description: WFP Lightweight Filter Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: WfpLwf Name: UMBus Enumerator Description: UMBus Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: umbus Name: CNG Description: CNG Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: CNG Name: High precision event timer Description: High precision event timer Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: Atheros AR9285 Wireless Network Adapter Description: Atheros AR9285 Wireless Network Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Atheros Communications Inc. Service: athr Name: Performance Counters for Windows Driver Description: Performance Counters for Windows Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: pcw Name: Intel® ICH9 Family USB Universal Host Controller - 2937 Description: Intel® ICH9 Family USB Universal Host Controller - 2937 Class Guid: {36fc9e60-c465-11cf-8056-444553540000} Manufacturer: Intel Service: usbuhci Name: Intel® ICH9 Family PCI Express Root Port 3 - 2944 Description: Intel® ICH9 Family PCI Express Root Port 3 - 2944 Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Intel Service: pci Name: Generic PnP Monitor Description: Generic PnP Monitor Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard monitor types) Service: monitor Name: Winsock IFS Driver Description: Winsock IFS Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ws2ifsl Name: ACPI x64-based PC Description: ACPI x64-based PC Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard computers) Service: \Driver\ACPI_HAL Name: Direct memory access controller Description: Direct memory access controller Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard system devices) Service: Name: PEAUTH Description: PEAUTH Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: PEAUTH Name: UMBus Enumerator Description: UMBus Enumerator Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: umbus Name: File as Volume Driver Description: File as Volume Driver Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: blbdrive Name: System Attribute Cache Description: System Attribute Cache Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: discache Name: User Mode Driver Frameworks Platform Driver Description: User Mode Driver Frameworks Platform Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: WudfPf Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Name: Realtek High Definition Audio Description: Realtek High Definition Audio Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: IntcAzAudAddService ========================= Memory info: =================================== Percentage of memory in use: 27% Total physical RAM: 8031.02 MB Available physical RAM: 5856.84 MB Total Pagefile: 8045.2 MB Available Pagefile: 5906.88 MB Total Virtual: 4095.88 MB Available Virtual: 3967.87 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:290.09 GB) (Free:136.4 GB) NTFS ========================= Users: ======================================== User accounts for \\ANTHONY-VAIO Administrator Anthony Guest Me Work ========================= Minidump Files ================================== No minidump file found **** End of log ****
  9. anm81
    Well, web browsing in particular is a pain, though I wonder whether or not it's due to some browser cache issues or Flash is acting up (again). Web pages take forever to load, although, interestingly, I have no trouble uploading/downloading files. However, since there does not appear to be any more signs of malware, I suppose this thread is finished. I appreciate the assistance.
  10. anm81
    Yes, I ran a complete syscheck on Windows as well as TFC. Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader XI Google Chrome 16.0.912.75 Google Chrome 25.0.1364.97 ````````Process Check: objlist.exe by Laurent```````` Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  11. anm81
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-08-2013 Ran by Anthony at 2013-08-09 23:37:16 Run:2 Running from C:\Users\Anthony\Desktop Boot Mode: Normal ============================================== "C:\Program Files (x86)\Advanced Port Scanner\Advanced Port Scanner.exe" => File/Directory not found. "C:\Program Files (x86)\Safe Saver\utils.exe" => File/Directory not found. "C:\ProgramData\BrowserDefender" => File/Directory not found. "C:\Users\All Users\BrowserDefender" => File/Directory not found. "C:\Users\Darren\AppData\Local\Temp\ICReinstall_setup.exe" => File/Directory not found. "C:\Users\Darren\AppData\Local\Temp\C8237671-BAB0-7891-980E-DDF44F03E027\Latest\BExternal.dll" => File/Directory not found. "C:\Users\Darren\AppData\Local\Temp\C8237671-BAB0-7891-980E-DDF44F03E027\Latest\IEHelper.dll" => File/Directory not found. "C:\Users\Darren\AppData\Local\Temp\is1326335552\safe-saver.exe" => File/Directory not found. "C:\Users\Darren\Desktop\cbsidlm-tr1_13-HitmanPro_3_64bit-SEO-75110395.exe" => File/Directory not found. "C:\Users\Darren\Desktop\FoxitReader602.0413_enu_Setup.exe" => File/Directory not found. "C:\Users\Darren\Desktop\setup.exe" => File/Directory not found. ==== End of Fixlog ====
  12. anm81
    Here it is: ComboFix 13-08-05.03 - Anthony 08/06/2013 22:38:30.12.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.6316 [GMT -6:00] Running from: c:\users\Anthony\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-07-07 to 2013-08-07 ))))))))))))))))))))))))))))))) . . 2013-08-07 04:50 . 2013-08-07 04:50 -------- d-----w- c:\users\Work\AppData\Local\temp 2013-08-07 04:50 . 2013-08-07 04:50 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-08-07 04:50 . 2013-08-07 04:50 -------- d-----w- c:\users\Me\AppData\Local\temp 2013-08-07 03:29 . 2013-08-07 03:29 -------- d-----w- c:\users\Me\AppData\Roaming\Sony Corporation 2013-08-06 04:21 . 2013-08-06 04:21 -------- d-----w- c:\programdata\McAfee 2013-08-05 21:31 . 2013-08-05 21:31 -------- d-----w- c:\programdata\Sophos 2013-08-05 21:29 . 2013-08-05 21:29 73728 ----a-r- c:\users\Me\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2013-08-05 21:29 . 2013-08-05 21:29 73728 ----a-r- c:\users\Me\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe 2013-08-05 21:29 . 2013-08-05 21:29 73728 ----a-r- c:\users\Me\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe 2013-08-05 21:29 . 2013-08-05 21:29 -------- d-----w- c:\program files (x86)\Sophos 2013-08-05 02:27 . 2013-08-05 02:27 -------- d-----w- c:\program files (x86)\ESET 2013-08-02 21:33 . 2013-08-02 21:36 -------- d-----w- c:\windows\WindowsMobile 2013-07-17 20:51 . 2013-07-17 20:51 -------- d-----w- c:\users\Anthony\AppData\Roaming\Nikon 2013-07-17 20:51 . 2013-07-17 20:53 -------- d-----w- c:\users\Work\AppData\Roaming\Nikon 2013-07-17 02:44 . 2013-07-17 02:47 -------- d-----w- c:\windows\system32\MRT 2013-07-11 15:01 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-10 18:44 . 2013-07-10 18:44 -------- d-----w- c:\users\Work\AppData\Local\Citrix 2013-07-09 15:44 . 2013-07-09 15:44 -------- d-----w- c:\program files (x86)\MSECache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-06 04:21 . 2012-03-31 13:31 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-08-06 04:21 . 2011-06-16 06:07 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-25 02:57 . 2009-08-18 23:18 1002008 ----a-w- c:\windows\SysWow64\igxpun.exe 2013-06-24 06:57 . 2009-11-05 00:44 78277128 ----a-w- c:\windows\system32\MRT.exe 2013-06-23 07:51 . 2013-06-23 07:51 312232 ----a-w- c:\windows\system32\javaws.exe 2013-06-23 07:51 . 2013-06-23 07:51 189352 ----a-w- c:\windows\system32\javaw.exe 2013-06-23 07:51 . 2013-06-23 07:51 188840 ----a-w- c:\windows\system32\java.exe 2013-06-23 07:51 . 2013-06-23 07:51 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-06-23 07:51 . 2012-09-27 03:35 972712 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-23 07:51 . 2012-09-27 03:35 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-06-23 07:48 . 2013-06-23 07:48 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-23 07:48 . 2013-06-23 07:48 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-06-23 07:48 . 2010-04-25 19:56 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-18 14:27 . 2012-06-08 16:38 54368 ----a-w- c:\windows\system32\drivers\kltdi.sys 2013-06-03 04:07 . 2012-08-13 21:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys 2013-06-03 04:07 . 2013-06-03 03:35 620128 ----a-w- c:\windows\system32\drivers\klif.sys 2013-06-03 04:07 . 2013-06-03 03:35 90208 ----a-w- c:\windows\system32\drivers\klflt.sys 2013-05-13 05:51 . 2013-06-12 13:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 05:51 . 2013-06-12 13:50 1464320 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 05:51 . 2013-06-12 13:50 139776 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 05:50 . 2013-06-12 13:50 52224 ----a-w- c:\windows\system32\certenc.dll 2013-05-13 04:45 . 2013-06-12 13:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2013-05-13 04:45 . 2013-06-12 13:50 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll 2013-05-13 04:45 . 2013-06-12 13:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2013-05-13 03:43 . 2013-06-12 13:50 1192448 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-12 13:50 903168 ----a-w- c:\windows\SysWow64\certutil.exe 2013-05-13 03:08 . 2013-06-12 13:50 43008 ----a-w- c:\windows\SysWow64\certenc.dll 2013-05-10 05:49 . 2013-06-12 13:50 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-10 03:20 . 2013-06-12 13:50 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1d970ed5-3eda-438d-bffd-715931e2775d}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{c9a6357b-25cc-4bcf-96c1-78736985d414}"= "mscoree.dll" [2010-11-05 297808] . [HKEY_CLASSES_ROOT\clsid\{c9a6357b-25cc-4bcf-96c1-78736985d414}] [HKEY_CLASSES_ROOT\Microsoft.Search.HRSToolBar.HRSToolbar] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-08-27 79872] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-06-03 356376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] R3 46689277;46689277;c:\windows\system32\drivers\40553321.sys;c:\windows\SYSNATIVE\drivers\40553321.sys [x] R3 80222058;80222058; [x] R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys;c:\windows\SYSNATIVE\DRIVERS\hcw72ADFilter.sys [x] R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys;c:\windows\SYSNATIVE\DRIVERS\hcw72ATV.sys [x] R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys;c:\windows\SYSNATIVE\DRIVERS\hcw72DTV.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [x] R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x] R4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [x] R4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [x] R4 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x] R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x] R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x] R4 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [x] R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x] R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x] R4 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [x] R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x] R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x] R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x] R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x] R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x] R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x] R4 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x] R4 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe;c:\program files\Sony\VAIO Update 5\VUAgent.exe [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x] S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x] S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x] S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x] S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - UXTIRKOW *Deregistered* - uxtirkow . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-22 20:27 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 08:28] . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 08:28] . 2013-08-07 c:\windows\Tasks\MATLAB R2013a Startup Accelerator.job - c:\program files (x86)\MATLAB\R2013a Student\bin\win32\MATLABStartupAccelerator.exe [2013-06-26 00:37] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504] "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584] "IntelliType Pro"="c:\program files\Microsoft Device Center\itype.exe" [2012-06-27 1464928] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-19 165912] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-19 387608] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-19 365592] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mLocal Page = c:\windows\system32\blank.htm IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-54159816.sys SafeBoot-67510150.sys ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-06 22:54:50 ComboFix-quarantined-files.txt 2013-08-07 04:54 . Pre-Run: 147,018,313,728 bytes free Post-Run: 149,486,825,472 bytes free . - - End Of File - - F3CCF17D3E5D36B572027D5D1326A641 D41D8CD98F00B204E9800998ECF8427E
  13. anm81
    There doesn't appear to be any noticeable difference. PC performance is still rather sluggish. Not sure where to go from here.
  14. anm81
    RogueKiller V8.6.5 [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Anthony [Admin rights] Mode : Scan -- Date : 08/08/2013 08:53:21 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM320II +++++ --- User --- [MBR] aaaa1486c449d57391cef53c1ec6feaa [bSP] f96d0e4853ed529bedf60ed08daf3644 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8093 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 16576512 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 16781312 | Size: 297050 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08082013_085321.txt >> Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.08.08.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anthony :: ANTHONY-VAIO [administrator] 8/8/2013 8:56:27 AM mbar-log-2013-08-08 (08-56-27).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 327136 Time elapsed: 15 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2013 Ran by Anthony at 2013-08-08 10:23:05 Running from C:\Users\Anthony\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 64 Bit HP CIO Components Installer (Version: 6.2.1) Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.146) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.01) (x32 Version: 11.0.01) Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620) Alps Pointing-device for VAIO Amazon Games & Software Downloader (x32 Version: 2.0.2.0) Apple Application Support (x32 Version: 2.3.4) Apple Software Update (x32 Version: 2.1.3.127) Atheros Client Installation Program (x32 Version: 7.0) AURA Fate of the Ages (x32) Bing HRS Toolbar (x32 Version: 3.15.0) Citrix Online Launcher (x32 Version: 1.0.110) Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dragonsphere (x32) el® Graphics Media Accelerator Driver (Version: 8.15.10.1872) eMusic Download Manager 6 (x32 Version: 6.0.3) ERUNT 1.1j (x32) ESET Online Scanner v3 (x32) File Uploader (x32 Version: 1.1.1) Free M4a to MP3 Converter 6.2 (x32) Free WAV To MP3 Converter 2.1 (x32 Version: 2.1) Free WMA to MP3 Converter 1.16 (x32) Google Chrome (x32 Version: 25.0.1364.97) Google Earth (x32 Version: 6.1.0.5001) Google Update Helper (x32 Version: 1.3.21.79) HP Update (x32 Version: 4.000.011.006) Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Java SE Development Kit 6 Update 15 (64-bit) (Version: 1.6.0.150) Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) MATLAB R2013a Student Version (32-bit) (x32 Version: 8.1) MediaMonkey 4.0 (x32 Version: 4.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Mouse and Keyboard Center (Version: 1.1.500.0) Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000) Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Outlook Connector (x32 Version: 14.0.6123.5001) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Move Media Player (HKCU) MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) Nikon Message Center (x32 Version: 0.92.000) Nikon Transfer (x32 Version: 1.3.0) NVIDIA PhysX (x32 Version: 9.09.0203) Opera 12.16 (x32 Version: 12.16.1860) PlayReady PC Runtime amd64 (Version: 1.3.0) QuickTime (x32 Version: 7.74.80.86) RarZilla Free Unrar (x32 Version: 2.59) realMyst (x32) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5886) Regi (Version: 1.00.0000) Risen (x32 Version: 1.00.0000) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32) Sophos Virus Removal Tool (x32 Version: 2.4) Text Twist 2 1.00 (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2494150) (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) VAIO Care (x32 Version: 6.4.2.11150) VAIO Satisfaction Survey. (x32 Version: 3.0) VAIO Update (x32 Version: 5.1.1.06090) VAIO Update 4 (x32 Version: 4.2.0.07300) VD64Inst (Version: 1.00.0000) VU5x86 (x32 Version: 1.0.0) Wav to Mp3 (x32) Winamp (x32 Version: 5.63 ) Winamp Detector Plug-in (HKCU Version: 1.0.0.1) Windows Mobile Device Center (Version: 6.1.6965.0) Windows Mobile Device Center Driver Update (Version: 6.1.6965.0) Yahoo! Messenger (x32) ==================== Restore Points ========================= 08-08-2013 08:02:02 Scheduled Checkpoint ==================== Hosts content: ========================== 2009-07-13 20:34 - 2013-04-11 08:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0125A216-768D-4430-9B6A-A628A5A90C01} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft) Task: {01BD90B4-8544-42E3-8444-2D6189736107} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03] (Google Inc.) Task: {0B8B093F-5E7E-4EDC-8D2D-2456CEB9A802} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03] (Google Inc.) Task: {157094CC-52A9-489C-A7A4-39E16AC9EB2D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation) Task: {1EBDA005-D59A-4381-85B9-0529C6BC1702} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation) Task: {4B60D3D2-62EB-4067-83B6-B9CE7C532DFB} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation) Task: {6F57DBB5-BB26-49CD-9FD3-5D6328FEF314} - System32\Tasks\{68A5572C-C5E7-4811-A901-4C033D0CAE0B} => C:\Program Files (x86)\GOG.com\realMyst\realMystStart.exe [2010-01-04] () Task: {7E684F9C-D428-4588-8195-41D168EB5547} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation) Task: {8116B324-88B7-4CEB-AFB3-810B246ADDFE} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe No File Task: {94A2BD72-46AC-4B37-AA8C-E9AB0E148223} - System32\Tasks\VAIO Care Service => C:\Program Files\Sony\VAIO Care\VAIOCareService.exe [2009-12-04] (Sony Corporation) Task: {98501C74-9A17-4233-9711-0FBC8FB56EE3} - System32\Tasks\{00BE88FD-20CF-4283-9F0D-A83F7F390056} => C:\Program Files (x86)\GOG.com\realMyst\realMystStart.exe [2010-01-04] () Task: {98DFA9F8-71B9-4BD7-B421-01BC57937E74} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {9D2C8839-7250-4942-BACF-32272C9622DC} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe No File Task: {CA4726F5-CEAC-494A-AC2C-51CB21063EE9} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe No File Task: {D6136BA3-5B6C-4CBF-8F30-3FD88559212D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe No File Task: {F2DDDEEB-6804-4905-B06C-024FC63F728D} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2013a Student\bin\win32\MATLABStartupAccelerator.exe [2013-01-16] () Task: {F7153265-85F8-4F22-B956-5521E50FC87F} - System32\Tasks\Sony\VAIO Mini Program => C:\Program Files\Sony\First Experience\Miniprogram.exe [2009-08-26] () Task: {F9882F40-3C65-4659-8EA3-97A367829069} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe No File Task: {FAC36AC7-EC90-45E4-8D26-E35C3205BCF3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe No File Task: {FCB51C76-3C7F-4E12-A217-D33793719AFF} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation) Task: {FDE8DEF4-7D90-4362-9581-1FD4572D977E} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2009-07-30] (Sony Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2013a Student\bin\win32\MATLABStartupAccelerator.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (08/08/2013 10:17:05 AM) (Source: Service Control Manager) (User: ) Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Error: (08/08/2013 10:17:04 AM) (Source: Service Control Manager) (User: ) Description: The HsfXAudioService service failed to start due to the following error: %%1053 Error: (08/08/2013 10:17:04 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-08 01:56:54.255 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-08 01:56:54.255 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-08 01:56:54.255 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-08 01:56:54.239 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-08 01:56:54.239 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-08 01:56:54.239 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 19:13:52.215 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 19:13:52.215 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 19:13:52.215 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 19:13:52.200 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 8031.02 MB Available physical RAM: 6065.88 MB Total Pagefile: 8045.2 MB Available Pagefile: 6036.75 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:290.09 GB) (Free:137.32 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A2EB41AF) Partition 1: (Not Active) - (Size=8 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS) ==================== End Of Log ============================ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.3.8 (08.07.2013:4) OS: Windows 7 Home Premium x64 Ran by Anthony on Thu 08/08/2013 at 9:13:51.16 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Thu 08/08/2013 at 9:28:18.64 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.306 - Logfile created 08/08/2013 at 10:14:55 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Anthony - ANTHONY-VAIO # Boot Mode : Normal # Running from : C:\Users\Anthony\Desktop\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Google Chrome v25.0.1364.97 File : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.16.1860.0 File : C:\Users\Anthony\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. File : C:\Users\Me\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. File : C:\Users\Work\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [4215 octets] - [07/08/2013 21:43:25] AdwCleaner[R2].txt - [1232 octets] - [08/08/2013 10:14:55] AdwCleaner[s1].txt - [4341 octets] - [07/08/2013 21:43:59] ########## EOF - C:\AdwCleaner[R2].txt - [1352 octets] ########## # AdwCleaner v2.306 - Logfile created 08/08/2013 at 10:15:45 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Anthony - ANTHONY-VAIO # Boot Mode : Normal # Running from : C:\Users\Anthony\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16496 [OK] Registry is clean. -\\ Google Chrome v25.0.1364.97 File : C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Me\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.16.1860.0 File : C:\Users\Anthony\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. File : C:\Users\Me\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. File : C:\Users\Work\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[R1].txt - [4215 octets] - [07/08/2013 21:43:25] AdwCleaner[R2].txt - [1421 octets] - [08/08/2013 10:14:55] AdwCleaner[s1].txt - [4341 octets] - [07/08/2013 21:43:59] AdwCleaner[s2].txt - [1352 octets] - [08/08/2013 10:15:45] ########## EOF - C:\AdwCleaner[s2].txt - [1412 octets] ########## [results of Eset Online Scanner] ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=7e6c126505470140a6334fe77478a30a # engine=14692 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2013-08-08 07:37:36 # local_time=2013-08-08 01:37:36 (-0700, Mountain Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1286 16777213 100 98 0 29770578 0 0 # compatibility_mode=5893 16776574 100 94 2292627 127490906 0 0 # scanned=600773 # found=2 # cleaned=0 # scan_time=13480 sh=F5CEC54C9AAC59167BA95EC8077438BE381FBA3D ft=1 fh=6b9d0ee107127394 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Anthony\AppData\Local\TempImages\AskInstallChecker-1.5.0.0.exe" sh=AD44A69068930A5A5E100F7E1F14CF189842A670 ft=1 fh=7d75842fbbf8ffab vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Users\Anthony\AppData\Local\TempImages\askToolbarInstaller-1.9.1.0.exe" Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 Ran by Anthony (administrator) on 08-08-2013 10:22:08 Running from C:\Users\Anthony\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Sony Corporation) C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Device Center\itype.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe (ALPS) C:\Program Files\Apoint\Apvfb.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe (Sony Corporation) C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe () C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-23] (Realtek Semiconductor) HKLM\...\Run: [skytel] - C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-07-23] (Realtek Semiconductor Corp.) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [208384 2009-08-03] (Alps Electric Co., Ltd.) HKLM\...\Run: [intelliPoint] - c:\Program Files\Microsoft Device Center\ipoint.exe [2004584 2012-06-26] (Microsoft Corporation) HKLM\...\Run: [intelliType Pro] - c:\Program Files\Microsoft Device Center\itype.exe [1464928 2012-06-26] (Microsoft Corporation) HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKCU\...\Policies\system: [LogonHoursAction] 2 HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKLM-x32\...\Run: [smartWiHelper] - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe [79872 2009-08-26] (Sony Electronics Corporation) HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [AVP] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-06-02] (Kaspersky Lab ZAO) HKU\Me\...\Policies\system: [LogonHoursAction] 2 HKU\Me\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\Work\...\Policies\system: [LogonHoursAction] 2 HKU\Work\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Microsoft.Search.HRSToolBar.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775d} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM-x32 - Bing HRS Toolbar - {c9a6357b-25cc-4bcf-96c1-78736985d414} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll () CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\plugin/npUrlAdvisor.dll (Kaspersky Lab ZAO) CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Work\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\plugin/content_blocker_npapi.dll (Kaspersky Lab ZAO) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (YouTube) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1 CHR Extension: (Google Search) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1 CHR Extension: (Kaspersky URL Advisor) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0 CHR Extension: (AT_RatchetClank_v2) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejhfomhehcinmhgnlhdpghklkjgppdmn\3_0 CHR Extension: (Safe Money) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0 CHR Extension: (Content Blocker) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0 CHR Extension: (Virtual Keyboard) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0 CHR Extension: (Gmail) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR Extension: (Anti-Banner) - C:\Users\Anthony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0 CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-06-02] (Kaspersky Lab ZAO) S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions) S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-09-02] (Realtek Semiconductor) S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation) S4 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation) S4 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation) S4 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.) S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation) S4 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation) S4 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation) S4 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1223024 2010-06-09] (Sony Corporation) S4 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation) S4 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x] ==================== Drivers (Whitelisted) ==================== R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-06-16] () S3 hcw72ADFilter; C:\Windows\System32\DRIVERS\hcw72ADFilter.sys [38656 2010-04-23] (Hauppauge Computer Works, Inc.) S3 hcw72ATV; C:\Windows\System32\DRIVERS\hcw72ATV.sys [1631488 2010-04-23] (Hauppauge Computer Works, Inc.) S3 hcw72DTV; C:\Windows\System32\DRIVERS\hcw72DTV.sys [1634176 2010-04-23] (Hauppauge Computer Works, Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-06-02] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-18] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-06-02] (Kaspersky Lab ZAO) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-06-16] () S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited) R2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC) S3 46689277; system32\drivers\40553321.sys [x] S3 80222058; No ImagePath S3 catchme; \??\C:\ComboFix\catchme.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-08 10:15 - 2013-08-08 10:16 - 00001481 _____ C:\AdwCleaner[s2].txt 2013-08-08 10:14 - 2013-08-08 10:15 - 00001421 _____ C:\AdwCleaner[R2].txt 2013-08-08 09:28 - 2013-08-08 09:28 - 00000712 _____ C:\Users\Anthony\Desktop\JRT.txt 2013-08-08 08:53 - 2013-08-08 08:53 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak 2013-08-08 08:53 - 2013-08-08 08:53 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak 2013-08-08 08:53 - 2013-08-08 08:53 - 00001843 _____ C:\Users\Anthony\Desktop\RKreport[0]_S_08082013_085321.txt 2013-08-08 08:52 - 2013-08-08 08:52 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00055856 _____ (Sonic Solutions) C:\Windows\system32\Drivers\PxHlpa64.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak 2013-08-08 08:50 - 2013-08-08 08:50 - 00740864 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\CAX_CNXT.sys.bak 2013-08-08 08:50 - 2013-08-08 08:50 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak 2013-08-08 08:50 - 2013-08-08 08:50 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak 2013-08-08 02:48 - 2013-08-08 02:48 - 00000000 ____D C:\FRST 2013-08-08 02:47 - 2013-08-08 02:47 - 01790059 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe 2013-08-08 02:45 - 2013-08-08 02:45 - 00000250 _____ C:\Users\Anthony\Desktop\eset.txt 2013-08-07 21:43 - 2013-08-07 21:44 - 00004341 _____ C:\AdwCleaner[s1].txt 2013-08-07 21:43 - 2013-08-07 21:43 - 00004215 _____ C:\AdwCleaner[R1].txt 2013-08-07 21:42 - 2013-08-07 21:42 - 00666633 _____ C:\Users\Anthony\Desktop\AdwCleaner.exe 2013-08-07 21:32 - 2013-08-07 21:33 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\Anthony\Desktop\JRT.exe 2013-08-07 21:14 - 2013-08-08 09:13 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-07 21:13 - 2013-08-07 21:13 - 13399154 _____ C:\Users\Anthony\Desktop\mbar-1.06.0.1004.zip 2013-08-07 21:13 - 2013-08-07 21:13 - 00000000 ____D C:\Users\Anthony\Desktop\mbar-1.06.0.1004 2013-08-07 21:08 - 2013-08-08 08:52 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak 2013-08-07 21:08 - 2013-08-08 08:51 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak 2013-08-07 21:05 - 2013-08-07 21:09 - 00000000 ____D C:\Users\Anthony\Desktop\RK_Quarantine 2013-08-07 21:05 - 2013-08-07 21:05 - 00920576 _____ C:\Users\Anthony\Desktop\RogueKiller.exe 2013-08-07 21:04 - 2013-08-07 21:34 - 00000000 ____D C:\Windows\ERUNT 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Work\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Me\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Guest\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Anthony\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000803 _____ C:\Users\Work\Desktop\ERUNT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000803 _____ C:\Users\Me\Desktop\ERUNT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000803 _____ C:\Users\Guest\Desktop\ERUNT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000803 _____ C:\Users\Anthony\Desktop\ERUNT.lnk 2013-08-06 23:35 - 2013-08-06 23:35 - 00688992 ____R (Swearware) C:\Users\Anthony\Desktop\dds.com 2013-08-06 22:25 - 2011-06-26 00:45 - 00256000 _____ C:\Windows\PEV.exe 2013-08-06 22:25 - 2010-11-07 11:20 - 00208896 _____ C:\Windows\MBR.exe 2013-08-06 22:25 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-08-06 22:25 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-08-06 22:25 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-08-06 22:25 - 2000-08-30 18:00 - 00098816 _____ C:\Windows\sed.exe 2013-08-06 22:25 - 2000-08-30 18:00 - 00080412 _____ C:\Windows\grep.exe 2013-08-06 22:25 - 2000-08-30 18:00 - 00068096 _____ C:\Windows\zip.exe 2013-08-06 21:29 - 2013-08-06 21:29 - 00000000 ____D C:\Users\Me\AppData\Roaming\Sony Corporation 2013-08-05 22:21 - 2013-08-05 22:21 - 00000000 ____D C:\ProgramData\McAfee 2013-08-05 15:31 - 2013-08-05 15:31 - 00000000 ____D C:\ProgramData\Sophos 2013-08-05 15:29 - 2013-08-05 15:29 - 00003191 _____ C:\Users\Me\Desktop\Sophos Virus Removal Tool.lnk 2013-08-05 15:29 - 2013-08-05 15:29 - 00000000 ____D C:\Program Files (x86)\Sophos 2013-08-04 20:27 - 2013-08-04 20:27 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-04 09:50 - 2013-08-04 09:50 - 00000000 ____D C:\Users\Me\Desktop\My Mobile 2013-08-02 15:42 - 2013-08-02 15:42 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf 2013-08-02 15:33 - 2013-08-02 15:36 - 00000000 ____D C:\Windows\WindowsMobile 2013-07-17 22:43 - 2013-07-17 22:43 - 00001284 _____ C:\Users\Me\Desktop\Public Downloads - Shortcut.lnk 2013-07-17 14:51 - 2013-07-17 14:53 - 00000000 ____D C:\Users\Work\AppData\Roaming\Nikon 2013-07-17 14:51 - 2013-07-17 14:51 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Nikon 2013-07-16 20:44 - 2013-07-16 20:47 - 00000000 ____D C:\Windows\system32\MRT 2013-07-11 12:38 - 2013-05-29 00:15 - 17829376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-11 12:38 - 2013-05-28 23:50 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-11 12:38 - 2013-05-28 23:43 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-11 12:38 - 2013-05-28 23:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-11 12:38 - 2013-05-28 23:35 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-11 12:38 - 2013-05-28 23:34 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-11 12:38 - 2013-05-28 23:33 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-11 12:38 - 2013-05-28 23:31 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-11 12:38 - 2013-05-28 23:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-11 12:38 - 2013-05-28 23:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-11 12:38 - 2013-05-28 23:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-11 12:38 - 2013-05-28 23:27 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-11 12:38 - 2013-05-28 23:27 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-11 12:38 - 2013-05-28 23:25 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-11 12:38 - 2013-05-28 23:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-11 12:38 - 2013-05-28 23:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-11 12:38 - 2013-05-28 19:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-11 12:38 - 2013-05-28 19:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-11 12:38 - 2013-05-28 19:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-11 12:38 - 2013-05-28 19:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-07-11 12:38 - 2013-05-28 19:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-11 12:38 - 2013-05-28 19:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-11 12:38 - 2013-05-28 19:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-07-11 12:38 - 2013-05-28 19:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-07-11 12:38 - 2013-05-28 19:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-07-11 12:38 - 2013-05-28 19:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-07-11 12:38 - 2013-05-28 19:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-11 12:38 - 2013-05-28 19:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-11 12:38 - 2013-05-28 19:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-07-11 12:38 - 2013-05-28 19:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-11 12:38 - 2013-05-28 19:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-07-11 12:38 - 2013-05-28 19:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-07-11 09:01 - 2013-06-04 21:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 09:01 - 2013-06-04 00:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 09:01 - 2013-06-03 22:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-11 09:01 - 2013-05-06 00:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 09:01 - 2013-05-05 22:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-11 09:01 - 2013-04-09 17:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-11 09:01 - 2013-04-02 16:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-10 12:44 - 2013-07-10 12:44 - 00000000 ____D C:\Users\Work\AppData\Local\Citrix 2013-07-09 13:49 - 2013-07-09 13:49 - 00000046 _____ C:\Users\Me\Desktop\books2013.txt 2013-07-09 09:44 - 2013-07-09 09:44 - 00000000 ____D C:\Program Files (x86)\MSECache 154 ==================== One Month Modified Files and Folders ======= 2013-08-08 10:20 - 2009-09-10 01:35 - 01885652 _____ C:\Windows\WindowsUpdate.log 2013-08-08 10:19 - 2013-06-02 21:36 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2013-08-08 10:17 - 2013-06-25 22:58 - 00000596 _____ C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job 2013-08-08 10:17 - 2013-06-21 22:11 - 00009754 _____ C:\Windows\setupact.log 2013-08-08 10:17 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-08 10:16 - 2013-08-08 10:15 - 00001481 _____ C:\AdwCleaner[s2].txt 2013-08-08 10:16 - 2013-01-01 12:49 - 00150656 _____ C:\Windows\PFRO.log 2013-08-08 10:15 - 2013-08-08 10:14 - 00001421 _____ C:\AdwCleaner[R2].txt 2013-08-08 10:15 - 2013-07-02 10:10 - 00000084 _____ C:\Users\Anthony\Desktop\KasperskyCode.txt 2013-08-08 09:28 - 2013-08-08 09:28 - 00000712 _____ C:\Users\Anthony\Desktop\JRT.txt 2013-08-08 09:13 - 2013-08-07 21:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-08 08:59 - 2009-07-13 22:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-08 08:59 - 2009-07-13 22:45 - 00014144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-08 08:53 - 2013-08-08 08:53 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys.bak 2013-08-08 08:53 - 2013-08-08 08:53 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys.bak 2013-08-08 08:53 - 2013-08-08 08:53 - 00001843 _____ C:\Users\Anthony\Desktop\RKreport[0]_S_08082013_085321.txt 2013-08-08 08:52 - 2013-08-08 08:52 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys.bak 2013-08-08 08:52 - 2013-08-07 21:08 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00055856 _____ (Sonic Solutions) C:\Windows\system32\Drivers\PxHlpa64.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00050768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys.bak 2013-08-08 08:51 - 2013-08-08 08:51 - 00032320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mssmbios.sys.bak 2013-08-08 08:51 - 2013-08-07 21:08 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbios.sys.bak 2013-08-08 08:50 - 2013-08-08 08:50 - 00740864 _____ (Conexant Systems, Inc.) C:\Windows\system32\Drivers\CAX_CNXT.sys.bak 2013-08-08 08:50 - 2013-08-08 08:50 - 00286720 _____ (Brother Industries Ltd.) C:\Windows\system32\Drivers\BrSerId.sys.bak 2013-08-08 08:50 - 2013-08-08 08:50 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys.bak 2013-08-08 02:48 - 2013-08-08 02:48 - 00000000 ____D C:\FRST 2013-08-08 02:47 - 2013-08-08 02:47 - 01790059 _____ (Farbar) C:\Users\Anthony\Desktop\FRST64.exe 2013-08-08 02:45 - 2013-08-08 02:45 - 00000250 _____ C:\Users\Anthony\Desktop\eset.txt 2013-08-07 21:44 - 2013-08-07 21:43 - 00004341 _____ C:\AdwCleaner[s1].txt 2013-08-07 21:43 - 2013-08-07 21:43 - 00004215 _____ C:\AdwCleaner[R1].txt 2013-08-07 21:42 - 2013-08-07 21:42 - 00666633 _____ C:\Users\Anthony\Desktop\AdwCleaner.exe 2013-08-07 21:34 - 2013-08-07 21:04 - 00000000 ____D C:\Windows\ERUNT 2013-08-07 21:33 - 2013-08-07 21:32 - 00957230 _____ (Oleg N. Scherbakov) C:\Users\Anthony\Desktop\JRT.exe 2013-08-07 21:13 - 2013-08-07 21:13 - 13399154 _____ C:\Users\Anthony\Desktop\mbar-1.06.0.1004.zip 2013-08-07 21:13 - 2013-08-07 21:13 - 00000000 ____D C:\Users\Anthony\Desktop\mbar-1.06.0.1004 2013-08-07 21:09 - 2013-08-07 21:05 - 00000000 ____D C:\Users\Anthony\Desktop\RK_Quarantine 2013-08-07 21:05 - 2013-08-07 21:05 - 00920576 _____ C:\Users\Anthony\Desktop\RogueKiller.exe 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Work\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Me\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Guest\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000822 _____ C:\Users\Anthony\Desktop\NTREGOPT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000803 _____ C:\Users\Work\Desktop\ERUNT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000803 _____ C:\Users\Me\Desktop\ERUNT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000803 _____ C:\Users\Guest\Desktop\ERUNT.lnk 2013-08-07 21:04 - 2013-08-07 21:04 - 00000803 _____ C:\Users\Anthony\Desktop\ERUNT.lnk 2013-08-07 21:04 - 2012-02-06 14:42 - 00000000 ____D C:\Windows\ERDNT 2013-08-07 08:53 - 2011-04-07 11:52 - 00000000 ____D C:\Windows\Minidump 2013-08-07 08:53 - 2009-11-01 18:53 - 00287649 ____N C:\Windows\Minidump\080713-22167-01.dmp 2013-08-07 08:27 - 2012-12-18 14:19 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Anthony\Desktop\tdsskiller.exe 2013-08-06 23:35 - 2013-08-06 23:35 - 00688992 ____R (Swearware) C:\Users\Anthony\Desktop\dds.com 2013-08-06 22:54 - 2013-08-06 22:54 - 00023389 _____ C:\ComboFix.txt 2013-08-06 22:54 - 2013-08-06 22:25 - 00000000 ____D C:\Qoobox 2013-08-06 22:50 - 2009-07-13 20:34 - 00000215 _____ C:\Windows\system.ini 2013-08-06 22:23 - 2013-08-06 22:23 - 05100695 ____R (Swearware) C:\Users\Anthony\Desktop\ComboFix.exe 2013-08-06 22:05 - 2013-08-06 22:05 - 00377856 _____ C:\Users\Me\Desktop\qwt7x50r.exe 2013-08-06 21:29 - 2013-08-06 21:29 - 00000000 ____D C:\Users\Me\AppData\Roaming\Sony Corporation 2013-08-06 20:29 - 2009-07-13 23:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-05 22:43 - 2009-09-03 02:36 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-05 22:43 - 2009-07-13 20:34 - 00000513 _____ C:\Windows\win.ini 2013-08-05 22:21 - 2013-08-05 22:21 - 00000000 ____D C:\ProgramData\McAfee 2013-08-05 22:21 - 2012-03-31 07:31 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-05 22:21 - 2011-06-16 00:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-05 22:20 - 2013-06-23 09:42 - 00000000 ____D C:\Users\Me\AppData\Local\Adobe 2013-08-05 22:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\system32\NDF 2013-08-05 20:54 - 2013-03-29 12:04 - 00000000 ____D C:\Users\Public\Downloads\Roberto Pulido 2013-08-05 15:31 - 2013-08-05 15:31 - 00000000 ____D C:\ProgramData\Sophos 2013-08-05 15:29 - 2013-08-05 15:29 - 00003191 _____ C:\Users\Me\Desktop\Sophos Virus Removal Tool.lnk 2013-08-05 15:29 - 2013-08-05 15:29 - 00000000 ____D C:\Program Files (x86)\Sophos 2013-08-05 01:05 - 2012-01-09 21:30 - 00007584 _____ C:\Users\Anthony\AppData\Local\Resmon.ResmonCfg 2013-08-04 20:27 - 2013-08-04 20:27 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-04 09:50 - 2013-08-04 09:50 - 00000000 ____D C:\Users\Me\Desktop\My Mobile 2013-08-02 23:41 - 2013-08-02 23:41 - 00009655 _____ C:\Users\Me\Desktop\AnthonyMoreno.suggestedAdditionalRoutes.xlsx 2013-08-02 23:40 - 2013-08-02 23:40 - 00019769 _____ C:\Users\Me\Desktop\RED BULL UNCOVERED 8-2 AnthonyM.xlsx 2013-08-02 23:26 - 2013-08-01 15:30 - 00000366 _____ C:\Users\Me\Desktop\schedule.txt 2013-08-02 15:42 - 2013-08-02 15:42 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf 2013-08-02 15:40 - 2013-08-02 15:31 - 12989580 _____ C:\Users\Me\Downloads\drvupdate-amd64.zip 2013-08-02 15:36 - 2013-08-02 15:33 - 00000000 ____D C:\Windows\WindowsMobile 2013-07-28 13:42 - 2013-07-28 13:40 - 00000000 ____D C:\Users\Me\Desktop\Crossmark 2013-07-27 00:28 - 2013-07-27 00:28 - 00000000 ____D C:\Users\Public\Downloads\POTENTE SIEMPRE A MI 2013-07-27 00:28 - 2013-07-27 00:28 - 00000000 ____D C:\Users\Public\Downloads\Jimmy Lee y Tentazion 2013-07-26 22:06 - 2013-07-26 22:06 - 00000196 _____ C:\Users\Public\Downloads\fandango.txt 2013-07-26 11:46 - 2013-07-26 11:46 - 00073893 _____ C:\Users\Work\Desktop\FreshNews TrackerUpLoad.xlsx 2013-07-26 11:24 - 2013-07-19 11:44 - 00000000 ____D C:\Users\Public\Downloads\Gary Hobbs 2013-07-24 21:45 - 2013-06-23 09:11 - 00000000 ____D C:\Users\Me\AppData\Local\Google 2013-07-19 11:43 - 2013-07-14 22:34 - 00000000 ____D C:\Users\Public\Downloads\Al Green 2013-07-19 11:03 - 2013-07-19 11:03 - 00000000 ____D C:\Users\Public\Downloads\Panic Room 2013-07-17 23:42 - 2013-07-17 14:46 - 00000000 ____D C:\Users\Public\Downloads\Pimsleur French III 2013-07-17 22:43 - 2013-07-17 22:43 - 00001284 _____ C:\Users\Me\Desktop\Public Downloads - Shortcut.lnk 2013-07-17 14:53 - 2013-07-17 14:51 - 00000000 ____D C:\Users\Work\AppData\Roaming\Nikon 2013-07-17 14:53 - 2010-03-13 08:09 - 00000020 ____H C:\ProgramData\PKP_DLdu.DAT 2013-07-17 14:51 - 2013-07-17 14:51 - 00000000 ____D C:\Users\Anthony\AppData\Roaming\Nikon 2013-07-17 00:14 - 2013-06-26 07:10 - 00000000 ____D C:\Users\Me\Documents\MATLAB 2013-07-16 20:47 - 2013-07-16 20:44 - 00000000 ____D C:\Windows\system32\MRT 2013-07-14 23:31 - 2013-05-15 17:40 - 00000120 _____ C:\Users\Me\Documents\blahblah.txt 2013-07-14 18:06 - 2013-06-22 18:41 - 00000000 ____D C:\Program Files (x86)\Opera 2013-07-11 12:49 - 2009-07-13 22:45 - 00491456 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-11 12:48 - 2012-05-11 16:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-07-11 12:47 - 2009-12-20 08:36 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-07-11 12:47 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-11 12:47 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-11 12:33 - 2010-01-30 12:47 - 00000039 _____ C:\Windows\vbaddin.ini 2013-07-10 12:44 - 2013-07-10 12:44 - 00000000 ____D C:\Users\Work\AppData\Local\Citrix 2013-07-09 13:49 - 2013-07-09 13:49 - 00000046 _____ C:\Users\Me\Desktop\books2013.txt 2013-07-09 09:44 - 2013-07-09 09:44 - 00000000 ____D C:\Program Files (x86)\MSECache Files to move or delete: ==================== C:\ProgramData\SMRResults311.dat ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-03 19:10 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2013 Ran by Anthony at 2013-08-08 10:23:05 Running from C:\Users\Anthony\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 64 Bit HP CIO Components Installer (Version: 6.2.1) Adobe Flash Player 11 ActiveX (x32 Version: 11.5.502.146) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.01) (x32 Version: 11.0.01) Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620) Alps Pointing-device for VAIO Amazon Games & Software Downloader (x32 Version: 2.0.2.0) Apple Application Support (x32 Version: 2.3.4) Apple Software Update (x32 Version: 2.1.3.127) Atheros Client Installation Program (x32 Version: 7.0) AURA Fate of the Ages (x32) Bing HRS Toolbar (x32 Version: 3.15.0) Citrix Online Launcher (x32 Version: 1.0.110) Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dragonsphere (x32) el® Graphics Media Accelerator Driver (Version: 8.15.10.1872) eMusic Download Manager 6 (x32 Version: 6.0.3) ERUNT 1.1j (x32) ESET Online Scanner v3 (x32) File Uploader (x32 Version: 1.1.1) Free M4a to MP3 Converter 6.2 (x32) Free WAV To MP3 Converter 2.1 (x32 Version: 2.1) Free WMA to MP3 Converter 1.16 (x32) Google Chrome (x32 Version: 25.0.1364.97) Google Earth (x32 Version: 6.1.0.5001) Google Update Helper (x32 Version: 1.3.21.79) HP Update (x32 Version: 4.000.011.006) Intel® Rapid Storage Technology (x32 Version: 9.6.0.1014) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Java SE Development Kit 6 Update 15 (64-bit) (Version: 1.6.0.150) Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) MATLAB R2013a Student Version (32-bit) (x32 Version: 8.1) MediaMonkey 4.0 (x32 Version: 4.0) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Mouse and Keyboard Center (Version: 1.1.500.0) Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000) Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Outlook Connector (x32 Version: 14.0.6123.5001) Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Professional 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000) Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000) Microsoft Office Visio MUI (English) 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Visio Professional 2007 (x32 Version: 12.0.6612.1000) Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Move Media Player (HKCU) MSXML 4.0 SP3 Parser (KB2721691) (x32 Version: 4.30.2114.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (KB973685) (x32 Version: 4.30.2107.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) Nikon Message Center (x32 Version: 0.92.000) Nikon Transfer (x32 Version: 1.3.0) NVIDIA PhysX (x32 Version: 9.09.0203) Opera 12.16 (x32 Version: 12.16.1860) PlayReady PC Runtime amd64 (Version: 1.3.0) QuickTime (x32 Version: 7.74.80.86) RarZilla Free Unrar (x32 Version: 2.59) realMyst (x32) Realtek High Definition Audio Driver (x32 Version: 6.0.1.5886) Regi (Version: 1.00.0000) Risen (x32 Version: 1.00.0000) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32) Sophos Virus Removal Tool (x32 Version: 2.4) Text Twist 2 1.00 (x32) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1) Update for Microsoft Office 2010 (KB2494150) (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) VAIO Care (x32 Version: 6.4.2.11150) VAIO Satisfaction Survey. (x32 Version: 3.0) VAIO Update (x32 Version: 5.1.1.06090) VAIO Update 4 (x32 Version: 4.2.0.07300) VD64Inst (Version: 1.00.0000) VU5x86 (x32 Version: 1.0.0) Wav to Mp3 (x32) Winamp (x32 Version: 5.63 ) Winamp Detector Plug-in (HKCU Version: 1.0.0.1) Windows Mobile Device Center (Version: 6.1.6965.0) Windows Mobile Device Center Driver Update (Version: 6.1.6965.0) Yahoo! Messenger (x32) ==================== Restore Points ========================= 08-08-2013 08:02:02 Scheduled Checkpoint ==================== Hosts content: ========================== 2009-07-13 20:34 - 2013-04-11 08:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0125A216-768D-4430-9B6A-A628A5A90C01} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe [2012-06-26] (Microsoft) Task: {01BD90B4-8544-42E3-8444-2D6189736107} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03] (Google Inc.) Task: {0B8B093F-5E7E-4EDC-8D2D-2456CEB9A802} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03] (Google Inc.) Task: {157094CC-52A9-489C-A7A4-39E16AC9EB2D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Device Center\ipoint.exe [2012-06-26] (Microsoft Corporation) Task: {1EBDA005-D59A-4381-85B9-0529C6BC1702} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCOneClick.exe [2011-02-16] (Sony Corporation) Task: {4B60D3D2-62EB-4067-83B6-B9CE7C532DFB} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation) Task: {6F57DBB5-BB26-49CD-9FD3-5D6328FEF314} - System32\Tasks\{68A5572C-C5E7-4811-A901-4C033D0CAE0B} => C:\Program Files (x86)\GOG.com\realMyst\realMystStart.exe [2010-01-04] () Task: {7E684F9C-D428-4588-8195-41D168EB5547} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Device Center\itype.exe [2012-06-26] (Microsoft Corporation) Task: {8116B324-88B7-4CEB-AFB3-810B246ADDFE} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe No File Task: {94A2BD72-46AC-4B37-AA8C-E9AB0E148223} - System32\Tasks\VAIO Care Service => C:\Program Files\Sony\VAIO Care\VAIOCareService.exe [2009-12-04] (Sony Corporation) Task: {98501C74-9A17-4233-9711-0FBC8FB56EE3} - System32\Tasks\{00BE88FD-20CF-4283-9F0D-A83F7F390056} => C:\Program Files (x86)\GOG.com\realMyst\realMystStart.exe [2010-01-04] () Task: {98DFA9F8-71B9-4BD7-B421-01BC57937E74} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation) Task: {9D2C8839-7250-4942-BACF-32272C9622DC} - System32\Tasks\Sony\Java Update => C:\Program Files\Java\jre6\bin\jusched.exe No File Task: {CA4726F5-CEAC-494A-AC2C-51CB21063EE9} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe No File Task: {D6136BA3-5B6C-4CBF-8F30-3FD88559212D} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe No File Task: {F2DDDEEB-6804-4905-B06C-024FC63F728D} - System32\Tasks\MATLAB R2013a Startup Accelerator => C:\Program Files (x86)\MATLAB\R2013a Student\bin\win32\MATLABStartupAccelerator.exe [2013-01-16] () Task: {F7153265-85F8-4F22-B956-5521E50FC87F} - System32\Tasks\Sony\VAIO Mini Program => C:\Program Files\Sony\First Experience\Miniprogram.exe [2009-08-26] () Task: {F9882F40-3C65-4659-8EA3-97A367829069} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe No File Task: {FAC36AC7-EC90-45E4-8D26-E35C3205BCF3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe No File Task: {FCB51C76-3C7F-4E12-A217-D33793719AFF} - System32\Tasks\VAIO Care => C:\Program Files\Sony\VAIO Care\VCsystray.exe [2011-02-16] (Sony Corporation) Task: {FDE8DEF4-7D90-4362-9581-1FD4572D977E} - System32\Tasks\SONY\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe [2009-07-30] (Sony Corporation) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\MATLAB R2013a Startup Accelerator.job => C:\Program Files (x86)\MATLAB\R2013a Student\bin\win32\MATLABStartupAccelerator.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (08/08/2013 10:17:05 AM) (Source: Service Control Manager) (User: ) Description: The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: %%1058 Error: (08/08/2013 10:17:04 AM) (Source: Service Control Manager) (User: ) Description: The HsfXAudioService service failed to start due to the following error: %%1053 Error: (08/08/2013 10:17:04 AM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2013-08-08 01:56:54.255 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-08 01:56:54.255 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-08 01:56:54.255 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-08 01:56:54.239 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-08 01:56:54.239 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-08 01:56:54.239 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 19:13:52.215 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 19:13:52.215 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 19:13:52.215 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2013-08-03 19:13:52.200 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 8031.02 MB Available physical RAM: 6065.88 MB Total Pagefile: 8045.2 MB Available Pagefile: 6036.75 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:290.09 GB) (Free:137.32 GB) NTFS (Disk=0 Partition=3) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A2EB41AF) Partition 1: (Not Active) - (Size=8 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  15. anm81
    I am using a Win7 64-bit Home Premium laptop computer. Neither MalwareBytes, TDSSKiller, nor ESET Online Scanner were able to detect. Sophos removal utility did detect but was apparently unable to remove (or it did remove but the malware came back). Below is a DDS log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16496 BrowserJavaVersion: 10.25.2 Run by Anthony at 8:08:47 on 2013-08-07 #Option Extended Search is enabled. Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.6482 [GMT -6:00] . AV: Kaspersky Internet Security *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky Internet Security *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\SearchIndexer.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Apoint\Apoint.exe C:\Program Files\Microsoft Device Center\ipoint.exe C:\Program Files\Microsoft Device Center\itype.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\WindowsMobile\wmdc.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe C:\Program Files\Apoint\Apvfb.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll TB: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll TCP: NameServer = 192.168.1.1 TCP: Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2656C6B696E6E2732683 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\564786F63747275616D6F507F6F6C6 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\84F4D454D234535323 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\B497C65637B496E67637 : DHCPNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Notify: VESWinlogon - VESWinlogon.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe x64-Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe x64-Run: [intelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe" x64-Run: [intelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe" x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Notify: igfxcui - igfxdev.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-9-3 55856] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2012-8-2 28504] R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2012-6-8 54368] R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2012-8-13 178448] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [2012-8-17 356376] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-19 13336] R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-16 14112] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-9-3 19968] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-8-18 139264] R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2012-10-25 29016] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2012-10-25 29528] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-8-18 11392] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-8-18 393216] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136] S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\System32\drivers\hcw72ADFilter.sys [2010-4-23 38656] S3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\System32\drivers\hcw72ATV.sys [2010-4-23 1631488] S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\System32\drivers\hcw72DTV.sys [2010-4-23 1634176] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-28 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-29 1255736] S4 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-5-21 401920] S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840] S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992] S4 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-10-5 259192] S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe --> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [?] S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104] S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952] S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304] S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048] S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432] S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960] S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496] S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920] S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264] S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672] S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888] S4 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-5 44736] S4 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2012-10-5 1223024] . =============== File Associations =============== . ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1" . =============== Created Last 60 ================ . 2013-08-07 05:18:33 -------- d-sh--w- C:\$RECYCLE.BIN 2013-08-07 04:54:52 -------- d-----w- C:\Users\Anthony\AppData\Local\temp 2013-08-07 04:25:12 98816 ----a-w- C:\Windows\sed.exe 2013-08-07 04:25:12 256000 ----a-w- C:\Windows\PEV.exe 2013-08-07 04:25:12 208896 ----a-w- C:\Windows\MBR.exe 2013-08-05 21:31:21 -------- d-----w- C:\ProgramData\Sophos 2013-08-05 21:29:55 -------- d-----w- C:\Program Files (x86)\Sophos 2013-08-05 02:27:07 -------- d-----w- C:\Program Files (x86)\ESET 2013-08-02 21:33:59 -------- d-----w- C:\Windows\WindowsMobile 2013-07-17 02:44:31 -------- d-----w- C:\Windows\System32\MRT 2013-07-11 15:01:49 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL 2013-07-09 15:44:14 -------- d-----w- C:\Program Files (x86)\MSECache 2013-06-28 04:07:58 5079800 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll 2013-06-28 04:07:52 646368 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\ACEEXCL.DLL 2013-06-28 04:07:10 3523320 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Csi.dll 2013-06-28 01:26:06 18635968 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL 2013-06-27 17:31:45 -------- d-----w- C:\Users\Anthony\AppData\Local\HRSToolbar 2013-06-27 17:30:23 -------- d-----w- C:\Program Files (x86)\Microsoft Corporation 2013-06-26 04:47:45 -------- d-----w- C:\Program Files (x86)\MATLAB 2013-06-26 03:20:54 988888 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Filters\odffilt.dll 2013-06-26 03:19:36 988888 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll 2013-06-25 10:25:06 1509592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll 2013-06-25 10:25:06 1332952 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll 2013-06-25 10:11:24 1271512 ----a-w- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll 2013-06-23 07:51:27 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-23 07:48:24 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-23 07:48:17 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-23 07:39:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2013-06-23 07:39:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2013-06-23 07:39:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2013-06-23 07:39:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2013-06-23 07:39:12 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2013-06-23 07:00:10 -------- d-----w- C:\Program Files (x86)\Yahoo! 2013-06-23 00:41:06 -------- d-----w- C:\Users\Anthony\AppData\Local\Opera 2013-06-12 13:51:34 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ==================== Find6M ==================== . 2013-08-06 04:21:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-06 04:21:13 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-25 02:57:16 1002008 ----a-w- C:\Windows\SysWow64\igxpun.exe 2013-06-23 07:51:21 972712 ----a-w- C:\Windows\System32\deployJava1.dll 2013-06-23 07:51:21 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-06-23 07:48:06 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-18 14:27:58 54368 ----a-w- C:\Windows\System32\drivers\kltdi.sys 2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll 2013-06-03 04:07:15 178448 ----a-w- C:\Windows\System32\drivers\kneps.sys 2013-06-03 04:07:13 90208 ----a-w- C:\Windows\System32\drivers\klflt.sys 2013-05-29 05:43:16 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-29 05:35:44 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-05-29 05:34:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-05-29 05:29:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-05-29 05:29:02 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-05-29 05:25:09 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-05-29 01:50:14 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-29 01:41:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-05-29 01:41:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-29 01:37:15 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-05-29 01:36:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-05-29 01:33:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-06 04:56:35 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL 2013-05-01 09:59:12 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2013-05-01 09:59:12 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-09 23:34:01 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-04-04 20:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-04-02 22:51:57 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll 2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe 2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-02-12 04:12:06 19968 ----a-w- C:\Windows\System32\drivers\usb8023x.sys 2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys . ============= FINISH: 8:17:25.92 ===============
  16. anm81
    I ran the ESET Online Scanner (twice). The first time, the ESET scanner removed several purported threats. However, the log.txt file was practically empty save for the title of the program with no pertinent info to the scan, itself. The 2nd time, it was shown to be clean, though, strangely, no log.txt file was produced at all. I have no desire to run a third scan as it would be redundant and time-consuming and my PC seems to be clean.
  17. anm81
    ComboFix 12-10-08.01 - Anthony 10/08/2012 7:13.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.6105 [GMT -6:00] Running from: c:\users\Anthony\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\FlashPlayerInstaller.exe . . ((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 ))))))))))))))))))))))))))))))) . . 2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-10-06 13:37 . 2012-10-07 15:32 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-05 18:08 . 2012-10-05 18:08 -------- d-----w- c:\program files (x86)\Opera 2012-10-02 00:36 . 2012-10-03 14:29 -------- d-----w- c:\windows\system32\drivers\NISx64\1309000.009 2012-09-29 19:48 . 2012-09-29 19:48 -------- d-----w- c:\programdata\MediaMonkey 2012-09-29 19:48 . 2012-09-29 19:48 -------- d-----w- c:\users\Anthony\AppData\Roaming\MediaMonkey 2012-09-27 03:35 . 2012-09-27 03:35 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-27 03:35 . 2012-09-27 03:35 289768 ----a-w- c:\windows\system32\javaws.exe 2012-09-27 03:35 . 2012-09-27 03:35 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-27 03:35 . 2012-09-27 03:35 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-09-27 03:35 . 2012-09-27 03:35 189416 ----a-w- c:\windows\system32\javaw.exe 2012-09-27 03:35 . 2012-09-27 03:35 188904 ----a-w- c:\windows\system32\java.exe 2012-09-26 14:01 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-22 20:02 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-09-22 20:02 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-09-19 19:07 . 2012-09-20 02:47 -------- d-----w- c:\users\Anthony - 1 2012-09-19 01:56 . 2012-09-19 01:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-09-19 01:56 . 2012-09-07 23:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-19 00:30 . 2012-09-19 00:30 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes 2012-09-19 00:26 . 2012-09-19 00:26 -------- d-----w- c:\users\Guest\AppData\Roaming\Intel Corporation 2012-09-12 14:27 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-12 14:27 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-12 14:27 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-12 14:27 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-09-12 14:27 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-09-12 14:27 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-12 14:27 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-04 19:33 . 2012-03-31 13:31 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-04 19:33 . 2011-06-16 06:07 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-12 18:40 . 2009-11-05 00:44 64462936 ----a-w- c:\windows\system32\MRT.exe 2012-08-15 23:16 . 2012-08-14 23:01 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys 2012-07-18 18:15 . 2012-08-15 14:23 3148800 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-08-27 79872] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] R3 46689277;46689277;c:\windows\system32\drivers\40553321.sys [x] R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920] R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys [2010-04-23 38656] R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys [2010-04-23 1631488] R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys [2010-04-23 1634176] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 SYMNDISV;Symantec Network Filter Driver; [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-09 1223024] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1255736] R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 133104] R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 133104] R4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840] R4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992] R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104] R4 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952] R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304] R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048] R4 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432] R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496] R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920] R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264] R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672] R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2012-03-29 451192] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120] S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121005.002\IDSvia64.sys [2012-09-06 513184] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-03 189984] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-30 138912] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264] S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216] . . Contents of the 'Scheduled Tasks' folder . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 08:28] . 2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 08:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504] "IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = about:blank mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mLocal Page = c:\windows\system32\blank.htm TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-ouekjsbwxmrewft - c:\programdata\ouekjsbw.exe Wow6432Node-HKU-Default-Run-Apple - c:\users\Anthony\AppData\Local\Apple Computer\Apple\mazyebsy.dll SafeBoot-10412561.sys SafeBoot-46689277.sys SafeBoot-57884251.sys SafeBoot-83294327.sys HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-Riven The sequel to Myst_is1 - c:\program files (x86)\GOG.com\Riven\unins000.exe AddRemove-{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E} - c:\program files (x86)\InstallShield Installation Information\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1" -- . [HKEY_LOCAL_MACHINE\system\ControlSet002\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-08 07:27:11 ComboFix-quarantined-files.txt 2012-10-08 13:27 . Pre-Run: 166,576,607,232 bytes free Post-Run: 166,291,271,680 bytes free . - - End Of File - - AB798B14199A7273C25DE3E4BF88A06C
  18. anm81
    Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.07.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anthony :: ANTHONY-VAIO [administrator] 10/7/2012 7:41:32 PM mbam-log-2012-10-07 (19-41-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 251656 Time elapsed: 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected)
  19. anm81
    New TDSSKiller Log attached Subsequent MalwareBytes log: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.05.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anthony :: ANTHONY-VAIO [administrator] 10/7/2012 9:39:59 AM mbam-log-2012-10-07 (09-39-59).txt Scan type: Full scan (C:\|E:\|F:\|G:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 674360 Time elapsed: 2 hour(s), 49 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\TDSSKiller_Quarantine\07.10.2012_09.14.23\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully. (end) TDSSKiller.2.8.10.0_07.10.2012_09.05.31_log.txt TDSSKiller.2.8.10.0_07.10.2012_09.14.23_log.txt
  20. anm81
    TDSSKiller log (too long to copy & paste) TDSSKiller.2.8.10.0_06.10.2012_07.31.26_log.txt
  21. anm81
    TDSSKiller file too long to post. Saved as attachment.
  22. anm81
    Results of Malwarebytes scan: Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.05.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Anthony :: ANTHONY-VAIO [administrator] 10/6/2012 7:44:04 AM mbam-log-2012-10-06 (07-44-04).txt Scan type: Full scan (C:\|E:\|F:\|G:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 676865 Time elapsed: 2 hour(s), 57 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\TDSSKiller_Quarantine\06.10.2012_07.31.28\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully. C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end)
  23. anm81
    New DDS log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Anthony at 12:54:11 on 2012-10-06 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.6475 [GMT -6:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Microsoft Device Center\ipoint.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\Apvfb.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Sony\VAIO Care\VCPerfService.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Program Files\Sony\VAIO Care\VCService.exe C:\Program Files\Sony\VAIO Care\VCAgent.exe C:\Windows\System32\vds.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uStart Page = about:blank uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [ouekjsbwxmrewft] C:\ProgramData\ouekjsbw.exe mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe dRun: [Apple] rundll32.exe "C:\Users\Anthony\AppData\Local\Apple Computer\Apple\mazyebsy.dll",DllRegisterServerW mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495} : DhcpNameServer = 208.180.42.100 208.180.42.68 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2516D6164616 : DhcpNameServer = 172.20.100.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2656C6B696E6E2732683 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\3555444454E4C494E4B4E2E45445D253635453 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\54E67456E6965737146344333334 : DhcpNameServer = 69.6.190.10 69.6.190.11 Notify: VESWinlogon - VESWinlogon.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121005.002\IDSviA64.sys [2012-10-5 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1309000.009\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1309000.009\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-19 13336] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272] R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984] R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-10-5 259192] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-30 138912] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?] R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-5 44736] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-5-21 401920] S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\system32\DRIVERS\hcw72ADFilter.sys --> C:\Windows\system32\DRIVERS\hcw72ADFilter.sys [?] S3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\system32\DRIVERS\hcw72ATV.sys --> C:\Windows\system32\DRIVERS\hcw72ATV.sys [?] S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\system32\DRIVERS\hcw72DTV.sys --> C:\Windows\system32\DRIVERS\hcw72DTV.sys [?] S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2012-10-5 1223024] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-8-23 166400] S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-8-23 128512] S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104] S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104] S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840] S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992] S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-6 1153368] S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104] S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952] S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304] S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048] S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432] S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960] S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496] S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920] S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264] S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672] S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888] . =============== Created Last 30 ================ . 2012-10-06 13:37:33 -------- d-----w- C:\TDSSKiller_Quarantine 2012-10-02 00:36:40 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtsp64.sys 2012-10-02 00:36:40 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys 2012-10-02 00:36:40 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys 2012-10-02 00:36:40 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtspx64.sys 2012-10-02 00:36:40 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys 2012-10-02 00:36:40 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys 2012-10-02 00:36:40 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys 2012-10-02 00:36:27 -------- d-----w- C:\Windows\System32\drivers\NISx64\1309000.009 2012-09-29 19:48:12 -------- d-----w- C:\ProgramData\MediaMonkey 2012-09-29 19:48:08 -------- d-----w- C:\Users\Anthony\AppData\Roaming\MediaMonkey 2012-09-27 03:35:46 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-27 03:35:46 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-27 03:35:40 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-09-26 14:01:33 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-22 20:02:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-09-22 20:02:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-09-19 01:56:18 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-19 01:56:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-12 14:27:35 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-12 14:27:34 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-12 14:27:34 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 14:27:34 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-12 14:27:34 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-12 14:27:34 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-12 14:27:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS . ==================== Find3M ==================== . 2012-10-04 19:33:05 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-04 19:33:05 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-15 23:16:52 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 12:57:14.65 ===============
  24. anm81
    Machine all of a sudden shuts down while I was working on PC (running Win 7 64-bit). Scans using MalwareBytes, SpyBot found smitfraud-C.generic trojan in my system. Neither one of the anti-malware programs -- along with Norton Power Eraser -- were able to fully remove the trojan from my system. Here are the following logs from the DDS.com: DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 11/1/2009 8:04:48 PM System Uptime: 10/5/2012 5:12:24 PM (1 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | N/A | 2200/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 290 GiB total, 155.703 GiB free. E: is Removable F: is Removable G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP292: 10/5/2012 4:52:32 PM - Norton_Power_Eraser_20121005165232374 . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Adobe Shockwave Player 11.5 Amazon Games & Software Downloader Atheros Client Installation Program AURA Fate of the Ages Bing HRS Toolbar Compatibility Pack for the 2007 Office system Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dragonsphere Dropbox Epson Event Manager EPSON Scan File Uploader Free M4a to MP3 Converter 6.2 Free WAV To MP3 Converter 2.1 Free WMA to MP3 Converter 1.16 Google Chrome Google Earth Google Update Helper HP Update Intel® Rapid Storage Technology Java Auto Updater Malwarebytes Anti-Malware version 1.65.0.1400 MediaMonkey 4.0 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office Word MUI (English) 2010 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Move Media Player MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) Nikon Message Center Nikon Transfer NVIDIA PhysX RarZilla Free Unrar realMyst Realtek High Definition Audio Driver Risen Riven The sequel to Myst Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Spybot - Search & Destroy Text Twist 2 1.00 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VAIO Care VAIO Satisfaction Survey. VAIO Update VAIO Update 4 VU5x86 Wav to Mp3 Winamp Winamp Detector Plug-in Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 9/29/2012 9:28:26 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 9/29/2012 9:25:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34} 9/29/2012 8:48:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 9/29/2012 8:48:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 9/29/2012 8:48:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf ws2ifsl 9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 9/29/2012 8:32:16 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4. 10/5/2012 5:13:00 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. 10/5/2012 5:12:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect. 10/5/2012 5:12:57 PM, Error: Service Control Manager [7000] - The HsfXAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 10/5/2012 10:40:51 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 10/5/2012 10:09:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3. 10/5/2012 1:58:21 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. 10/5/2012 1:31:17 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 10/5/2012 1:22:22 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 10/5/2012 1:22:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 10/5/2012 1:22:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 10/5/2012 1:22:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 10/5/2012 1:22:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 10/5/2012 1:21:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6 10/3/2012 9:43:45 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR4. 10/3/2012 8:30:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fe (0x0000000000000008, 0x0000000000000006, 0x0000000000000006, 0xfffffa800a9cc000). A dump was saved in: C:\Windows\Minidump\100312-54335-01.dmp. Report Id: 100312-54335-01. 10/2/2012 7:11:14 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107. 10/2/2012 7:11:14 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. . ==== End Of File =========================== DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Anthony at 18:02:32 on 2012-10-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.6251 [GMT -6:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe -netsvcs C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files\Sony\VAIO Care\VCPerfService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Sony\VAIO Care\VCService.exe C:\Windows\System32\vds.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Microsoft Device Center\ipoint.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe C:\Program Files\Apoint\Apvfb.exe C:\Program Files\Apoint\Apntex.exe C:\Windows\system32\conhost.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Program Files\Sony\VAIO Care\VCAgent.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uStart Page = about:blank uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - mscoree.dll BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll TB: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - mscoree.dll {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [ouekjsbwxmrewft] C:\ProgramData\ouekjsbw.exe mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe dRun: [Apple] rundll32.exe "C:\Users\Anthony\AppData\Local\Apple Computer\Apple\mazyebsy.dll",DllRegisterServerW mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495} : DhcpNameServer = 208.180.42.100 208.180.42.68 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2516D6164616 : DhcpNameServer = 172.20.100.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2656C6B696E6E2732683 : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\3555444454E4C494E4B4E2E45445D253635453 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\54E67456E6965737146344333334 : DhcpNameServer = 69.6.190.10 69.6.190.11 Notify: VESWinlogon - VESWinlogon.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - mscoree.dll BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll BHO-X64: Norton Identity Protection - No File BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL BHO-X64: Norton Vulnerability Protection - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll TB-X64: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - mscoree.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [?] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [?] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120] R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [?] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121004.001\IDSviA64.sys [2012-10-5 513184] R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [?] R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1309000.009\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1309000.009\SYMNETS.SYS [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-19 13336] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272] R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984] R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-10-5 259192] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-30 138912] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?] R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-5 44736] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-5-21 401920] S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\system32\DRIVERS\hcw72ADFilter.sys --> C:\Windows\system32\DRIVERS\hcw72ADFilter.sys [?] S3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\system32\DRIVERS\hcw72ATV.sys --> C:\Windows\system32\DRIVERS\hcw72ATV.sys [?] S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\system32\DRIVERS\hcw72DTV.sys --> C:\Windows\system32\DRIVERS\hcw72DTV.sys [?] S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2012-10-5 1223024] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-8-23 166400] S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-8-23 128512] S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104] S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104] S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840] S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992] S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-6 1153368] S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104] S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952] S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304] S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048] S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432] S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960] S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496] S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920] S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264] S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672] S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888] . =============== Created Last 30 ================ . 2012-10-05 23:13:52 20480 ------w- C:\Windows\svchost.exe 2012-10-02 00:36:40 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtsp64.sys 2012-10-02 00:36:40 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys 2012-10-02 00:36:40 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys 2012-10-02 00:36:40 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtspx64.sys 2012-10-02 00:36:40 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys 2012-10-02 00:36:40 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys 2012-10-02 00:36:40 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys 2012-10-02 00:36:27 -------- d-----w- C:\Windows\System32\drivers\NISx64\1309000.009 2012-09-29 19:48:12 -------- d-----w- C:\ProgramData\MediaMonkey 2012-09-29 19:48:08 -------- d-----w- C:\Users\Anthony\AppData\Roaming\MediaMonkey 2012-09-27 03:35:46 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-27 03:35:46 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-27 03:35:40 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-09-26 14:01:33 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-09-22 20:02:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-09-22 20:02:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-09-20 03:16:25 -------- d-----w- C:\Program Files (x86)\Microsoft Corporation 2012-09-19 01:56:18 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-19 01:56:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-09-12 14:27:35 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-09-12 14:27:34 574464 ----a-w- C:\Windows\System32\d3d10level9.dll 2012-09-12 14:27:34 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-12 14:27:34 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys 2012-09-12 14:27:34 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-09-12 14:27:34 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-09-12 14:27:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS . ==================== Find3M ==================== . 2012-10-04 19:33:05 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-04 19:33:05 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-15 23:16:52 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 18:05:50.52 ===============
  25. anm81
    System running smoothly once again. Thanks for all your assistance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.