Jump to content

keen2215

Members
  • Posts

    12
  • Joined

  • Last visited

Everything posted by keen2215

  1. Thank you very much for all the help Larry, I truly appreciate all your time, thanks again!
  2. Hi Larry, I've done the cleaning. Quick question, the TFC work like CCleaner? Also, do you suggest any additional scans (i.e. By SAS or updated Skybot again)? Again, very thankful for your time and assistance, sincerely appreciated!
  3. Hi Larry, I've updated both MBAM and Spybot and scanned with both of them. (One scan at a time) MBAM doesn't seem to be finding anything, while Spybot seems to find something; I'm not sure how to find a log created by Spybot, but they are tracking cookie from DoubleClick.net, total of 2 entries under my browser. I do recall that I've seen this from my previous Spybot scan and have removed/fixed them via Spybot, yet it seems like they just came back...should I also try to run a scan by Super AntiSpyware? Please advise how we should move forward, thank you!
  4. Hi Larry, I've manually deleted that folder and cleared it from recycle bin. Combofix is uninstalled. Is there any additional check we should run at the moment? Or we will wait and see? I'm very thankful for your assistance, seeing the files deleted already made me feel much better!
  5. Hi Larry, I have no idea where it came from, but I do recall there was something similar (though not 100% sure) that was on my program list under control panel. I've manually removed it via "uninstall or change a program." and it is currently not on my program list (it didn't come back...yet?) Right now the computer is running OK, I don't see any obvious problems, and I haven't seen the "welcome to ngnix!" since we started troubleshooting. Please advise how we should move forward, the folder you mentioned does seem suspicious. Thank you!
  6. Thanks Larry, a simple restarted helped and I didn't have to use another computer. Here's the new log created by CF: ComboFix 12-04-25.02 - Dick Chen 04/25/2012 13:45:25.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4012.1494 [GMT -7:00] Running from: c:\users\Dick Chen\Desktop\ComboFix.exe Command switches used :: c:\users\Dick Chen\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\dlumd10.dll" "c:\windows\system32\dlumd11.dll" "c:\windows\system32\dlumd9.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\Conduit c:\program files (x86)\Conduit\Community Alerts\Alert.dll c:\users\Dick Chen\AppData\Local\Conduit c:\users\Dick Chen\AppData\Local\CRE c:\users\Dick Chen\AppData\Local\CRE\loemjcdefhdidbjiflmobkpjohbfefee.crx c:\users\Dick Chen\AppData\Local\Wisdom-soft c:\windows\system32\dlumd10.dll c:\windows\system32\dlumd11.dll c:\windows\system32\dlumd9.dll . . ((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 ))))))))))))))))))))))))))))))) . . 2012-04-25 20:52 . 2012-04-25 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-24 20:28 . 2012-04-24 20:28 -------- d-----w- c:\users\Dick Chen\AppData\Local\blekkotb 2012-04-24 00:13 . 2012-04-24 00:13 -------- d-----w- c:\users\Dick Chen\AppData\Local\Windows Live 2012-04-23 19:23 . 2012-04-24 06:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-04-23 19:23 . 2012-04-24 05:42 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-CN 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES 2012-04-20 19:09 . 2012-04-20 19:11 -------- d-----w- c:\program files\Zune 2012-04-19 18:08 . 2012-04-19 18:08 -------- d-----w- c:\users\Dick Chen\AppData\Roaming\Malwarebytes 2012-04-19 18:06 . 2012-04-19 18:06 -------- d-----w- c:\programdata\Malwarebytes 2012-04-19 18:06 . 2012-04-19 18:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-19 18:06 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-19 18:03 . 2012-04-11 04:24 301904 ----a-w- c:\windows\system32\drivers\dlkmd.sys 2012-04-19 18:03 . 2012-04-11 04:24 15184 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys 2012-04-19 17:24 . 2012-04-19 17:27 -------- d-----w- c:\program files\DisplayLink Core Software 2012-04-19 17:19 . 2012-04-19 17:19 2071040 ----a-w- c:\windows\system32\DisplayLinkUsbCo64_6.1.32700.0.dll 2012-04-19 17:19 . 2012-04-19 17:19 17408 ----a-w- c:\windows\system32\drivers\DisplayLinkUsbPort_6.1.32700.0.sys 2012-04-15 21:47 . 2012-04-15 21:47 -------- d-----w- C:\PFiles 2012-04-11 06:20 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-11 06:20 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-04-11 06:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-11 06:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 06:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-11 06:17 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-11 06:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-11 06:17 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-11 06:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-11 04:24 . 2012-04-11 04:24 1137072 ----a-w- c:\windows\system32\dlumd64.dll 2012-04-11 04:24 . 2012-04-11 04:24 943536 ----a-w- c:\windows\SysWow64\dlumd32.dll 2012-04-11 04:24 . 2012-04-11 04:24 105904 ----a-w- c:\windows\system32\DLTmmB.dll 2012-04-11 04:24 . 2012-04-11 04:24 102832 ----a-w- c:\windows\system32\ManageTMMLifeTime.dll 2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-04-02 21:22 . 2012-04-20 22:33 -------- d-----w- c:\program files (x86)\Google 2012-04-01 04:24 . 2012-04-01 04:24 -------- d-----w- c:\program files (x86)\Safari 2012-04-01 04:22 . 2012-04-01 04:22 -------- d-----w- c:\program files\iPod 2012-04-01 04:22 . 2012-04-01 04:22 -------- d-----w- c:\program files\iTunes 2012-04-01 04:22 . 2012-04-01 04:22 -------- d-----w- c:\program files (x86)\iTunes 2012-03-31 21:15 . 2012-04-13 19:15 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-31 04:48 . 2012-04-13 19:15 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\users\Dick Chen\AppData\Roaming\ATI 2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\users\Dick Chen\AppData\Local\ATI 2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\programdata\ATI 2012-03-28 23:45 . 2012-03-28 23:45 -------- d-----w- c:\users\Dick Chen\AppData\Local\Real 2012-03-28 23:45 . 2012-03-30 23:40 -------- d-----w- c:\program files (x86)\Real 2012-03-28 23:25 . 2012-03-28 23:25 -------- d-----w- c:\users\Dick Chen\AppData\Local\Sony 2012-03-28 23:24 . 2012-03-28 23:24 -------- d-----w- c:\users\Dick Chen\AppData\Roaming\Sony 2012-03-27 16:47 . 2012-03-27 16:47 -------- d-----w- c:\users\ADMINI~1\Roaming 2012-03-27 16:47 . 2012-03-27 16:47 -------- d-----w- c:\programdata\Intel 2012-03-27 16:46 . 2012-03-27 16:46 -------- d-----w- c:\program files (x86)\Cisco 2012-03-27 16:46 . 2012-03-27 16:46 -------- d--h--w- c:\windows\system32\WLANProfiles . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-13 19:15 . 2012-03-13 08:29 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-13 08:46 . 2012-03-13 15:33 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-04-03 21:05 . 2012-03-13 22:07 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-03-28 23:45 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-03-26 20:10 . 2012-03-26 20:12 19464 ----a-w- c:\windows\system32\drivers\AWOPFilterDriver.sys 2012-03-21 05:30 . 2012-03-21 05:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-14 01:15 . 2012-03-14 01:15 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2012-03-13 22:08 . 2012-03-13 22:08 53248 ----a-r- c:\users\Dick Chen\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-03-13 18:09 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-03-13 15:33 . 2012-03-13 15:33 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68EA3E99-778D-46D9-966D-ED19F8C7A6F3}\gapaengine.dll 2012-03-13 08:06 . 2012-03-13 08:06 951680 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-02-17 06:38 . 2012-03-13 17:12 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-13 17:12 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-13 17:12 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-13 17:12 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-10 06:36 . 2012-03-14 16:44 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-14 16:44 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-02-03 04:34 . 2012-03-14 16:45 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((( SnapShot@2012-04-25_18.54.55 ))))))))))))))))))))))))))))))))))))))))) . + 2012-03-13 14:54 . 2012-04-25 20:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-03-13 14:54 . 2012-04-25 16:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-03-13 14:54 . 2012-04-25 20:38 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-03-13 14:54 . 2012-04-25 16:46 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-04-25 16:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-04-25 20:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-04-25 16:43 . 2012-04-25 16:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-04-25 20:54 . 2012-04-25 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-04-25 20:54 . 2012-04-25 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-04-25 16:43 . 2012-04-25 16:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 05:01 . 2012-04-25 20:54 525868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-04-25 04:46 525868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-03-13 15:51 . 2012-04-25 20:54 4752388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2702091899-3835716337-4143874838-1000-8192.dat + 2012-03-13 15:51 . 2012-04-25 20:54 4307860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2702091899-3835716337-4143874838-1000-12288.dat - 2012-03-13 15:51 . 2012-04-25 04:46 4307860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2702091899-3835716337-4143874838-1000-12288.dat - 2012-03-13 14:46 . 2012-04-25 04:46 4190540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat + 2012-03-13 14:46 . 2012-04-25 20:54 4190540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Point of View"="c:\program files (x86)\IPEVO\P2V\P2V.exe" [2011-09-02 1228800] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-25 651832] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "AveoSTI"="c:\program files (x86)\COOLINGTECH SOFTWARE R&D CENTER\COOLINGTECH SOFTWARE R&D CENTER\AveoSTI.exe" [2010-04-15 32768] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Dick Chen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-3-21 1014112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-12 661504] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-13 135952] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 116648] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-12-01 260768] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024] R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-27 2656536] R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-09-20 535176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x] R3 AVEO;USB2.0 PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-11-15 1355840] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x] R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 116648] R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-01-04 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824] R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-09-01 894624] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-09-08 549408] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600] R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-11-15 921664] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-11-15 995392] S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-04-11 8498608] S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2011-04-26 294216] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-24 2413056] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-25 430136] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-09-30 955832] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x] S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [x] S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [x] S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:15] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 21:22] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 21:22] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702091899-3835716337-4143874838-1000Core.job - c:\users\Dick Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 20:27] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702091899-3835716337-4143874838-1000UA.job - c:\users\Dick Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 20:27] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Seagull Drivers"="ssdal_nc.exe startup" [X] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-16 2179688] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-28 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-28 416024] "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 421192] "ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 308040] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-11-15 10358784] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-01-04 1935120] "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "NCInstallQueue"="netman.dll" [2009-07-14 360448] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe c:\windows\SysWOW64\DllHost.exe c:\windows\SysWOW64\DllHost.exe . ************************************************************************** . Completion time: 2012-04-25 14:12:52 - machine was rebooted ComboFix-quarantined-files.txt 2012-04-25 21:12 ComboFix2.txt 2012-04-25 18:56 . Pre-Run: 314,658,500,608 bytes free Post-Run: 314,620,776,448 bytes free . - - End Of File - - 650FEAC60237F11A4DC98FC5CBF8B072
  7. Hi Larry, So I waited and looks like the computer was successfully restarted with a CF log showing. I'm using another computer to reply you right now, it seems like some registry was deleted during the process and I can no longer access Google Chrome or IE. These are the only web browsers I have in the moment, and every time I try to double click any of them, an error message popped up and shows: C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe Illegal operation attempted on a registry key that has been marked for deletion. I wouldn't be able to provide you the log since the computer we were previously working on now cannot open a web browser, how should we proceed from here? Thank you!
  8. Hi Larry, I did as instructed and seems like CF was trying to restart my computer (I was away and when I came back I saw Windows 7 showing all the programs that need to be closed before shut down/force shut down option). I canceled it to save a file I had with Mircosoft Office Word then manually restarted the computer. I'm not sure exactly what's happening but the computer rebooted without showing the log in screen, it now has black screen a the mouse cursor. (It does respond to my mouse movement) Should I force shut down with the power button and restart it again to see how it goes? Or I should do something else? Thanks again for the help.
  9. Hi Larry, Thanks again for the prompt reply, I've ran CF without creating windows recovery console. At the moment I can't really tell if there's anything changed since I could only see the difference by running spybot, should I perform a scan by spybot to see if it found anything? Please see the log below after running ComboFix: ComboFix 12-04-25.02 - Dick Chen 04/25/2012 11:47:28.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4012.1785 [GMT -7:00] Running from: c:\users\Dick Chen\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\COOLINGTECH SOFTWARE R&D CENTER\COOLINGTECH SOFTWARE R&D CENTER\TvBOxtitle.ax c:\programdata\Roaming c:\windows\SysWow64\dlumd10.dll c:\windows\SysWow64\dlumd11.dll c:\windows\SysWow64\dlumd9.dll c:\windows\SysWow64\MailBee.dll . . ((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 ))))))))))))))))))))))))))))))) . . 2012-04-25 18:54 . 2012-04-25 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-25 18:54 . 2012-04-25 18:54 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp 2012-04-25 16:55 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51D3F373-550E-4BF6-8896-F03EC6DCED38}\mpengine.dll 2012-04-24 20:28 . 2012-04-24 20:28 -------- d-----w- c:\users\Dick Chen\AppData\Local\blekkotb 2012-04-24 00:13 . 2012-04-24 00:13 -------- d-----w- c:\users\Dick Chen\AppData\Local\Windows Live 2012-04-23 19:23 . 2012-04-24 06:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-04-23 19:23 . 2012-04-24 05:42 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-CN 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE 2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES 2012-04-20 19:09 . 2012-04-20 19:11 -------- d-----w- c:\program files\Zune 2012-04-19 18:08 . 2012-04-19 18:08 -------- d-----w- c:\users\Dick Chen\AppData\Roaming\Malwarebytes 2012-04-19 18:06 . 2012-04-19 18:06 -------- d-----w- c:\programdata\Malwarebytes 2012-04-19 18:06 . 2012-04-19 18:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-19 18:06 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-19 18:03 . 2012-04-11 04:24 301904 ----a-w- c:\windows\system32\drivers\dlkmd.sys 2012-04-19 18:03 . 2012-04-11 04:24 15184 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys 2012-04-19 17:24 . 2012-04-19 17:27 -------- d-----w- c:\program files\DisplayLink Core Software 2012-04-19 17:19 . 2012-04-19 17:19 0 ----a-w- c:\windows\system32\dlumd9.dll 2012-04-19 17:19 . 2012-04-19 17:19 0 ----a-w- c:\windows\system32\dlumd11.dll 2012-04-19 17:19 . 2012-04-19 17:19 0 ----a-w- c:\windows\system32\dlumd10.dll 2012-04-19 17:19 . 2012-04-19 17:19 2071040 ----a-w- c:\windows\system32\DisplayLinkUsbCo64_6.1.32700.0.dll 2012-04-19 17:19 . 2012-04-19 17:19 17408 ----a-w- c:\windows\system32\drivers\DisplayLinkUsbPort_6.1.32700.0.sys 2012-04-18 18:32 . 2012-04-18 18:32 -------- d-----w- c:\users\Dick Chen\AppData\Local\Wisdom-soft 2012-04-18 18:22 . 2012-04-18 18:22 -------- d-----w- c:\users\Dick Chen\AppData\Local\CRE 2012-04-18 18:22 . 2012-04-18 18:22 -------- d-----w- c:\program files (x86)\Conduit 2012-04-18 18:22 . 2012-04-19 17:32 -------- d-----w- c:\users\Dick Chen\AppData\Local\Conduit 2012-04-15 21:47 . 2012-04-15 21:47 -------- d-----w- C:\PFiles 2012-04-11 06:20 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-04-11 06:20 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-04-11 06:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-11 06:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-11 06:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-11 06:17 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-11 06:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-11 06:17 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-11 06:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-11 04:24 . 2012-04-11 04:24 1137072 ----a-w- c:\windows\system32\dlumd64.dll 2012-04-11 04:24 . 2012-04-11 04:24 943536 ----a-w- c:\windows\SysWow64\dlumd32.dll 2012-04-11 04:24 . 2012-04-11 04:24 105904 ----a-w- c:\windows\system32\DLTmmB.dll 2012-04-11 04:24 . 2012-04-11 04:24 102832 ----a-w- c:\windows\system32\ManageTMMLifeTime.dll 2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-04-02 21:22 . 2012-04-20 22:33 -------- d-----w- c:\program files (x86)\Google 2012-04-01 04:24 . 2012-04-01 04:24 -------- d-----w- c:\program files (x86)\Safari 2012-04-01 04:22 . 2012-04-01 04:22 -------- d-----w- c:\program files\iPod 2012-04-01 04:22 . 2012-04-01 04:22 -------- d-----w- c:\program files\iTunes 2012-04-01 04:22 . 2012-04-01 04:22 -------- d-----w- c:\program files (x86)\iTunes 2012-03-31 21:15 . 2012-04-13 19:15 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-03-31 04:48 . 2012-04-13 19:15 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\users\Dick Chen\AppData\Roaming\ATI 2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\users\Dick Chen\AppData\Local\ATI 2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\programdata\ATI 2012-03-28 23:45 . 2012-03-28 23:45 -------- d-----w- c:\users\Dick Chen\AppData\Local\Real 2012-03-28 23:45 . 2012-03-30 23:40 -------- d-----w- c:\program files (x86)\Real 2012-03-28 23:25 . 2012-03-28 23:25 -------- d-----w- c:\users\Dick Chen\AppData\Local\Sony 2012-03-28 23:24 . 2012-03-28 23:24 -------- d-----w- c:\users\Dick Chen\AppData\Roaming\Sony 2012-03-27 16:47 . 2012-03-27 16:47 -------- d-----w- c:\users\ADMINI~1\Roaming 2012-03-27 16:47 . 2012-03-27 16:47 -------- d-----w- c:\programdata\Intel 2012-03-27 16:46 . 2012-03-27 16:46 -------- d-----w- c:\program files (x86)\Cisco 2012-03-27 16:46 . 2012-03-27 16:46 -------- d--h--w- c:\windows\system32\WLANProfiles 2012-03-26 20:12 . 2012-03-26 20:10 19464 ----a-w- c:\windows\system32\drivers\AWOPFilterDriver.sys 2012-03-26 20:10 . 2012-03-26 20:10 -------- d-----w- c:\users\Dick Chen\AppData\Local\Downloaded Installations 2012-03-26 20:10 . 2012-03-26 20:10 -------- d-----w- C:\dell . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-13 19:15 . 2012-03-13 08:29 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-13 08:46 . 2012-03-13 15:33 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-04-03 21:05 . 2012-03-13 22:07 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-03-28 23:45 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-03-21 05:30 . 2012-03-21 05:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-14 01:15 . 2012-03-14 01:15 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2012-03-13 22:08 . 2012-03-13 22:08 53248 ----a-r- c:\users\Dick Chen\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-03-13 18:09 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-03-13 15:33 . 2012-03-13 15:33 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68EA3E99-778D-46D9-966D-ED19F8C7A6F3}\gapaengine.dll 2012-03-13 08:06 . 2012-03-13 08:06 951680 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-02-17 06:38 . 2012-03-13 17:12 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-17 05:34 . 2012-03-13 17:12 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-17 04:58 . 2012-03-13 17:12 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-17 04:57 . 2012-03-13 17:12 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys 2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-02-10 06:36 . 2012-03-14 16:44 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 05:38 . 2012-03-14 16:44 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-02-03 04:34 . 2012-03-14 16:45 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Wisdom-soft ScreenHunter 6.0 Free"="0" [X] "Point of View"="c:\program files (x86)\IPEVO\P2V\P2V.exe" [2011-09-02 1228800] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-25 651832] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "AveoSTI"="c:\program files (x86)\COOLINGTECH SOFTWARE R&D CENTER\COOLINGTECH SOFTWARE R&D CENTER\AveoSTI.exe" [2010-04-15 32768] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Dick Chen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-3-21 1014112] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-11-15 921664] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-11-15 995392] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 116648] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088] R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x] R3 AVEO;USB2.0 PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320] R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-11-15 1355840] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x] R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 116648] R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-01-04 340240] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x] R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824] R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-09-01 894624] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-09-08 549408] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-12 661504] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648] S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-13 135952] S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-04-11 8498608] S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2011-04-26 294216] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-24 2413056] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-25 430136] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-12-01 260768] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-27 2656536] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-09-20 535176] S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-09-30 955832] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x] S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [x] S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [x] S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x] S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:15] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 21:22] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 21:22] . 2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702091899-3835716337-4143874838-1000Core.job - c:\users\Dick Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 20:27] . 2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702091899-3835716337-4143874838-1000UA.job - c:\users\Dick Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 20:27] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Seagull Drivers"="ssdal_nc.exe startup" [X] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-16 2179688] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-28 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-28 416024] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 421192] "ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 308040] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-11-15 10358784] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-01-04 1935120] "Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{6dfc55bb-bfff-485a-9709-90c3fdf6db58} - (no file) Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-25 11:56:41 ComboFix-quarantined-files.txt 2012-04-25 18:56 . Pre-Run: 315,469,742,080 bytes free Post-Run: 315,345,440,768 bytes free . - - End Of File - - 52B8C580EA0F6A7CF0747B7BB2453B85
  10. (This is a repost due to the poor format of the previous post) Hello Larry, Thank you very much for your assistance. I'll try to be as clear as possible describing how the computer behaves, and will have a c/p MBAM log at the end of this post. So far I've had the following issues: 1. Homepage was redirected, while originally was set to be google.com, it was redirected to "search.conduit" and it would search with bing/search.conduit instead of google when I try to use the search bar. 2. An extension on chrome called "wisdom toolbar" was installed by itself, I've manually removed it and it hasn't come back since then. (I used "remove extension" within google chrome's setting) 3. After a few hours the homepage was redirected again, this time it's redirected to a page that says "Welcome to nginx!" I've tried to follow a friend's suggestion using spybot and deleted a few items that seemed to be suspicious according to the scan, the issues above seem to be gone after deleting those items, but here's the problem now: 1. MBAM doesn't seem to be able to find anything after the spybot scan, even after the latest update. 2. However, usually after I browse around with chrome after about 30 mins or so, if I run spybot again, it usually finds issues again, sometimes 2, sometimes 5 malicious items. If I deleted them, they come back within the next few minutes or so. (Again MBAM doesn't seem to find them) 3. Chrome is acting extremely slow right now, when doing web browsing, many websites can only display partial images, those undisplayed images either show "404 Forbidden" or "Welcome to ngnix!". I'm quite certain this isn't about my internet connection since everyone else' computer can view these sites' images like usual. I'm not sure running spybot was a wise choice, and I normally don't use other web browser besides chrome, so I wouldn't be able to tell if they are all having troubles. Please let me know how we should proceed, I appreciate your help! Below is the scan resort from MBAM: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.25.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Dick Chen :: DICKCHEN-VAIO [administrator] Protection: Enabled 4/25/2012 9:49:43 AM mbam-log-2012-04-25 (09-49-43).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 439696 Time elapsed: 1 hour(s), 3 minute(s), 7 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  11. <P>Hello Larry,<BR><BR>Thank you very much for your assistance. I'll try to be as clear as possible describing how the computer behaves, and will have a c/p MBAM log at the end of this post.</P> <P></P> <P>So far I've had the following issues:</P> <P>1. Homepage was redirected, while originally was set to be google.com, it was redirected to "search.conduit" and would search with bing/search.conduit. </P> <P>2. An extension on chrome called "wisdom toolbar" was installed by itself, I've manually removed it and it hasn't come back since then. (I used "remove extension" within google chrome's setting)</P> <P>3. After a few hours the homepage was redirected again, this time it's redirected to a page that says "Welcome to nginx!" </P> <P></P> <P>I've tried to follow my friend's suggestion using spybot and deleted a few items that seemed to be suspicious according to the scan, the issues above seem to be gone after deleting those items, but here's the problem now:</P> <P></P> <P>1. MBAM doesn't seem to be able to find anything after the spybot's scan, even after the latest update.</P> <P>2. However, usually after I browse around with chrome after about 30 mins or so, if I run spybot again, it usually finds issues again, sometimes 2, sometimes 5 malicious items. If I deleted them, they come back within the next few minutes or so.</P> <P>3. Chrome is acting extremely slow right now, when doing web browsing, many websites can only display partial images, those undisplayed images either show "404 Forbidden" or "Welcome to ngnix!"</P> <P></P> <P>I'm not sure running spybot was a smart choice, and I normally don't use other web browser besides chrome, so I wouldn't be able to tell if they are all having troubles. Please let me know how we should proceed, I appreciate your help!</P> <P></P> <P></P> <P>Below is the scan resort from MBAM:</P> <P></P> <P></P> <DIV>Malwarebytes Anti-Malware (Trial) 1.61.0.1400</DIV> <DIV>www.malwarebytes.org</DIV> <DIV></DIV> <DIV>Database version: v2012.04.25.06</DIV> <DIV></DIV> <DIV>Windows 7 Service Pack 1 x64 NTFS</DIV> <DIV>Internet Explorer 9.0.8112.16421</DIV> <DIV>Dick Chen :: DICKCHEN-VAIO [administrator]</DIV> <DIV></DIV> <DIV>Protection: Enabled</DIV> <DIV></DIV> <DIV>4/25/2012 9:49:43 AM</DIV> <DIV>mbam-log-2012-04-25 (09-49-43).txt</DIV> <DIV></DIV> <DIV>Scan type: Full scan</DIV> <DIV>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</DIV> <DIV>Scan options disabled: P2P</DIV> <DIV>Objects scanned: 439696</DIV> <DIV>Time elapsed: 1 hour(s), 3 minute(s), 7 second(s)</DIV> <DIV></DIV> <DIV>Memory Processes Detected: 0</DIV> <DIV>(No malicious items detected)</DIV> <DIV></DIV> <DIV>Memory Modules Detected: 0</DIV> <DIV>(No malicious items detected)</DIV> <DIV></DIV> <DIV>Registry Keys Detected: 0</DIV> <DIV>(No malicious items detected)</DIV> <DIV></DIV> <DIV>Registry Values Detected: 0</DIV> <DIV>(No malicious items detected)</DIV> <DIV></DIV> <DIV>Registry Data Items Detected: 0</DIV> <DIV>(No malicious items detected)</DIV> <DIV></DIV> <DIV>Folders Detected: 0</DIV> <DIV>(No malicious items detected)</DIV> <DIV></DIV> <DIV>Files Detected: 0</DIV> <DIV>(No malicious items detected)</DIV> <DIV></DIV> <DIV>(end)</DIV>
  12. Hello, Not sure exactly what happened since this is a laptop for office-use only. The only download that'd be suspicious was a download from CNET, it was the screenhunter's free version. Any help would be greatly appreciated, I've updated and ran Malwarebyte's Anti-Malware but the problem still persist...if not getting worse. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Dick Chen at 15:30:08 on 2012-04-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4012.1649 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\TrueSuite\TrueSuite.Service.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Windows\system32\atieclxx.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Windows\System32\rundll32.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files (x86)\IPEVO\P2V\P2V.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Users\Dick Chen\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe C:\Program Files (x86)\COOLINGTECH SOFTWARE R&D CENTER\COOLINGTECH SOFTWARE R&D CENTER\AveoSTI.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\Apvfb.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\igfxext.exe C:\Program Files\Sony\VAIO Smart Network\VSNService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Sony\VAIO Care\VCPerfService.exe C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Windows\system32\wbem\wmiprvse.exe c:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files\Sony\VAIO Care\VCSystemTray.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Sony\VAIO Care\VCService.exe C:\Program Files\Sony\VAIO Care\VCAgent.exe C:\Windows\System32\vds.exe C:\Program Files\Sony\VAIO Update Common\VUAgent.exe C:\Program Files\Sony\VAIO Care\VCAdmin.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\TrueSuite\TrueSuite.WeblogonHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - mscoree.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" uRun: [Point of View] "C:\Program Files (x86)\IPEVO\P2V\P2V.exe" -startup uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [Wisdom-soft ScreenHunter 6.0 Free] 0 uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe uRun: [Google Update] "C:\Users\Dick Chen\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AveoSTI] C:\Program Files (x86)\COOLINGTECH SOFTWARE R&D CENTER\COOLINGTECH SOFTWARE R&D CENTER\AveoSTI.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\DICKCH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dick Chen\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\DICKCH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{401D7FEA-3431-4CC6-A939-1CDF6C94CAD5} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{401D7FEA-3431-4CC6-A939-1CDF6C94CAD5}\155716C69647970294E6E602D4962716D61627 : DhcpNameServer = 10.128.128.128 TCP: Interfaces\{401D7FEA-3431-4CC6-A939-1CDF6C94CAD5}\649637865627D616E6 : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{401D7FEA-3431-4CC6-A939-1CDF6C94CAD5}\669637865627D616E6 : DhcpNameServer = 192.168.1.254 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll BHO-X64: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - mscoree.dll BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll BHO-X64: TSBHO Class - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun-x64: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [AveoSTI] C:\Program Files (x86)\COOLINGTECH SOFTWARE R&D CENTER\COOLINGTECH SOFTWARE R&D CENTER\AveoSTI.exe mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 . ============= SERVICES / DRIVERS =============== . R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-12 661504] R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-13 249648] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-11-14 921664] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-11-14 995392] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-13 135952] R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2012-4-10 8498608] R2 FPLService;TrueSuiteService;C:\Program Files\TrueSuite\TrueSuite.Service.exe [2011-4-26 294216] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-13 13592] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-13 2413056] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-19 654408] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-8-24 430136] R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-23 1153368] R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-2-23 105024] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-13 2656536] R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-3-13 535176] R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-3-13 955832] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?] R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\system32\DRIVERS\ATSwpWDF.sys --> C:\Windows\system32\DRIVERS\ATSwpWDF.sys [?] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-11-14 1355840] R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [?] R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?] R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?] R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-20 54432] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?] R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-2 116648] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253088] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?] S3 AVEO;USB2.0 PC Camera;C:\Windows\system32\DRIVERS\AVEOdcnt.sys --> C:\Windows\system32\DRIVERS\AVEOdcnt.sys [?] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-9-15 195320] S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-3-13 245760] S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?] S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-2 116648] S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-1-4 340240] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824] S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232] S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-9-1 894624] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-9-8 549408] S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-24 20:28:16 -------- d-----w- C:\Users\Dick Chen\AppData\Local\blekkotb 2012-04-24 15:28:01 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{403F38CF-96B8-4B47-BDAA-4CD64535A691}\mpengine.dll 2012-04-24 00:13:57 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Windows Live 2012-04-24 00:13:39 -------- d-----w- C:\Users\Dick Chen\AppData\Local\{8CF3B0E0-50C2-47B7-976C-66CE44C6AC2A} 2012-04-23 19:23:28 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-04-23 19:23:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-04-20 19:10:59 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-CN 2012-04-20 19:10:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP 2012-04-20 19:10:57 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR 2012-04-20 19:10:56 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT 2012-04-20 19:10:56 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL 2012-04-20 19:10:55 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT 2012-04-20 19:10:54 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR 2012-04-20 19:10:54 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE 2012-04-20 19:10:53 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES 2012-04-19 18:08:40 -------- d-----w- C:\Users\Dick Chen\AppData\Roaming\Malwarebytes 2012-04-19 18:06:32 -------- d-----w- C:\ProgramData\Malwarebytes 2012-04-19 18:06:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-04-19 18:06:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-04-19 18:03:30 301904 ----a-w- C:\Windows\System32\drivers\dlkmd.sys 2012-04-19 18:03:30 15184 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys 2012-04-19 17:24:08 -------- d-----w- C:\Program Files\DisplayLink Core Software 2012-04-19 17:19:29 0 ----a-w- C:\Windows\SysWow64\dlumd9.dll 2012-04-19 17:19:29 0 ----a-w- C:\Windows\SysWow64\dlumd11.dll 2012-04-19 17:19:29 0 ----a-w- C:\Windows\SysWow64\dlumd10.dll 2012-04-19 17:19:29 0 ----a-w- C:\Windows\System32\dlumd9.dll 2012-04-19 17:19:29 0 ----a-w- C:\Windows\System32\dlumd11.dll 2012-04-19 17:19:29 0 ----a-w- C:\Windows\System32\dlumd10.dll 2012-04-19 17:19:27 2071040 ----a-w- C:\Windows\System32\DisplayLinkUsbCo64_6.1.32700.0.dll 2012-04-19 17:19:27 17408 ----a-w- C:\Windows\System32\drivers\DisplayLinkUsbPort_6.1.32700.0.sys 2012-04-18 18:32:42 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Wisdom-soft 2012-04-18 18:22:38 -------- d-----w- C:\Users\Dick Chen\AppData\Local\CRE 2012-04-18 18:22:34 -------- d-----w- C:\Program Files (x86)\Conduit 2012-04-18 18:22:33 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Conduit 2012-04-15 21:47:25 -------- d-----w- C:\PFiles 2012-04-11 06:20:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-11 06:20:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-04-11 06:17:39 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-04-11 06:17:39 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-04-11 06:17:39 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-04-11 06:17:38 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-04-11 06:17:38 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-04-11 06:17:38 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-04-11 06:17:38 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-04-11 04:24:20 1137072 ----a-w- C:\Windows\System32\dlumd64.dll 2012-04-11 04:24:17 943536 ----a-w- C:\Windows\SysWow64\dlumd32.dll 2012-04-11 04:24:12 105904 ----a-w- C:\Windows\System32\DLTmmB.dll 2012-04-11 04:24:11 102832 ----a-w- C:\Windows\System32\ManageTMMLifeTime.dll 2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2012-04-01 04:22:42 -------- d-----w- C:\Program Files\iPod 2012-04-01 04:22:41 -------- d-----w- C:\Program Files\iTunes 2012-04-01 04:22:41 -------- d-----w- C:\Program Files (x86)\iTunes 2012-03-31 21:15:09 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-03-31 04:48:13 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-03-29 23:53:32 -------- d-----w- C:\Users\Dick Chen\AppData\Local\ATI 2012-03-28 23:45:53 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Real 2012-03-28 23:25:15 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Sony 2012-03-27 16:46:53 -------- d-----w- C:\Program Files (x86)\Cisco 2012-03-27 16:46:03 -------- d--h--w- C:\Windows\System32\WLANProfiles 2012-03-26 20:12:00 19464 ----a-w- C:\Windows\System32\drivers\AWOPFilterDriver.sys 2012-03-26 20:10:10 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Downloaded Installations 2012-03-26 20:10:05 -------- d-----w- C:\dell 2012-03-26 18:14:55 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Alienware 2012-03-26 18:14:48 -------- d-----w- C:\Program Files\Alienware . ==================== Find3M ==================== . 2012-04-13 19:15:34 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-03 21:05:04 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2012-03-28 23:45:17 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-03-21 05:30:36 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-03-14 01:15:26 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll 2012-03-13 08:06:06 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-03-13 07:35:29 0 ----a-w- C:\Windows\ativpsrm.bin 2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-02-07 18:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys 2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe . ============= FINISH: 15:31:01.27 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/13/2012 7:53:32 AM System Uptime: 4/24/2012 3:18:17 PM (0 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core i5-2450M CPU @ 2.50GHz | N/A | 2501/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 452 GiB total, 294.185 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP47: 4/14/2012 10:43:05 PM - Windows Update RP48: 4/15/2012 2:47:02 PM - Installed Windows Media Player Firefox Plugin RP49: 4/18/2012 9:56:53 PM - Windows Update RP50: 4/19/2012 10:01:40 AM - Installed DisplayLink Core Software RP51: 4/19/2012 10:02:03 AM - Installed DisplayLink Graphics RP52: 4/19/2012 10:23:38 AM - Installed DisplayLink Core Software RP53: 4/19/2012 10:34:39 AM - Installed DisplayLink Graphics RP55: 4/20/2012 12:09:01 PM - Installed Zune 4.8 RP56: 4/22/2012 3:21:49 PM - Windows Update RP57: 4/24/2012 9:38:09 AM - Installed VAIO Update 5 RP58: 4/24/2012 1:51:31 PM - Windows Backup . ==== Installed Programs ====================== . . Update for Microsoft Office 2007 (KB2508958) 2007 Microsoft Office system Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Connect Add-in Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Reader X (10.1.3) MUI Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Apple Application Support Apple Software Update Application Manager for VAIO ArcSoft Magic-i Visual Effects 2 ArcSoft WebCam Companion 4 BarTender UltraLite 9.20 Bing Bar Brother MFL-Pro Suite MFC-7360N Brother P-touch Editor 5.0 Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All Catalyst Control Center Profiles Mobile CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish COOLINGTECH SOFTWARE R&D CENTER CoolingTech version 2.0 Core FTP LE D3DX10 Dropbox eReg Evernote v. 4.5.4 FDUx86 FileZilla Client 3.5.3 Google Chrome Google Earth Plug-in Google Update Helper HL-4150CDN Intel PROSet Wireless Intel® Display Audio Driver Intel® Management Engine Components Intel® Rapid Storage Technology Intel® WiDi Java Auto Updater Java 6 Update 31 Junk Mail filter update Keyboard Shortcuts KUx86 Malwarebytes Anti-Malware version 1.61.0.1400 Media Go Mesh Runtime Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Hybrid 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MozBackup 1.5.1 Mozilla Thunderbird 11.0.1 (x86 en-US) MSVCRT MSVCRT_amd64 MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) OKI Color Swatch Utility OKI Network Extension OOBE P2V version 2.0.4.0 PDF Settings PlayStation®Network Downloader PlayStation®Store PMB PMB VAIO Edition Guide PMB VAIO Edition Plug-in PX Profile Update Quick Web Access QuickTime Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek PCIE Card Reader Remote Keyboard Renesas Electronics USB 3.0 Host Controller Driver Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition SendBlaster 2 Skype Click to Call Skype™ 5.8 Spybot - Search & Destroy SSLx86 Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VAIO - Media Gallery VAIO - PMB VAIO Edition Guide VAIO - PMB VAIO Edition Plug-in VAIO - Remote Keyboard VAIO Control Center VAIO CPU Fan Diagnostic VAIO Data Restore Tool VAIO Help and Support VAIO Improvement VAIO Manual VAIO Sample Contents VAIO Satisfaction Survey. VAIO Smart Network VAIO Update VCCx86 VHD VIx86 VMLx86 VSNx86 VSSTx86 VU5x86 VWSTx86 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 4/24/2012 8:25:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/24/2012 8:23:20 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 4/24/2012 3:20:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 4/23/2012 9:36:11 PM, Error: Service Control Manager [7022] - The Diagnostic Service Host service hung on starting. 4/23/2012 9:34:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/23/2012 4:10:03 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.278.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee2 Error description: The operation timed out 4/23/2012 12:09:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/23/2012 11:41:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.278.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode 4/23/2012 11:41:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} 4/23/2012 11:33:49 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 4/23/2012 11:32:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/23/2012 11:32:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/23/2012 11:32:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 4/23/2012 11:32:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 4/23/2012 11:32:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/23/2012 11:31:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/23/2012 11:31:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/23/2012 11:30:42 PM, Error: Service Control Manager [7022] - The Server service hung on starting. 4/23/2012 11:30:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state. 4/23/2012 11:30:30 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. 4/23/2012 11:30:24 PM, Error: Service Control Manager [7011] - A timeout (60000 milliseconds) was reached while waiting for a transaction response from the Spooler service. 4/23/2012 11:29:57 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control. 4/23/2012 11:03:10 PM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state. 4/22/2012 9:19:23 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/21/2012 9:08:21 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/20/2012 9:34:25 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/20/2012 6:02:41 PM, Error: Service Control Manager [7031] - The DisplayLinkManager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 4/19/2012 9:59:44 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 4/19/2012 9:55:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/19/2012 9:00:31 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/19/2012 12:58:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/19/2012 12:08:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000094, 0xfffff8800485b1eb, 0xfffff8800b74e6f8, 0xfffff8800b74df50). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041912-22167-01. 4/19/2012 12:02:07 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/19/2012 11:03:35 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/19/2012 10:25:29 AM, Error: Service Control Manager [7030] - The DisplayLinkManager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 4/19/2012 10:13:48 AM, Error: Service Control Manager [7011] - A timeout (60000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 4/19/2012 10:11:48 AM, Error: Service Control Manager [7011] - A timeout (60000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. 4/18/2012 9:47:02 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/18/2012 9:46:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/18/2012 10:52:06 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MACBOOKPRO-DA6B that believes that it is the master browser for the domain on transport NetBT_Tcpip_{401D7FEA-3431-4CC6-A939-1CDF6C94CAD5}. The master browser is stopping or an election is being forced. 4/17/2012 9:12:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/17/2012 8:33:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. . ==== End Of File =========================== DDS.txt Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.