Jump to content

Katje

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 37 Java version out of Date! Adobe Flash Player 11.4.402.287 Flash Player out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 12.0 Firefox out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 3% ````````````````````End of Log`````````````````````` [Am now off to work, back this evening, thanks!]
  2. (No worries...at least you have a plan!) ComboFix 12-11-24.02 - Kathy 11/25/2012 7:16.4.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4078.2286 [GMT 3:00] Running from: c:\users\Kathy\Desktop\ComboFix.exe Command switches used :: c:\users\Kathy\Desktop\CFscript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 ))))))))))))))))))))))))))))))) . . 2012-11-25 04:26 . 2012-11-25 04:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-24 16:41 . 2012-11-08 06:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{61FE8B75-0CC5-4034-9EB8-538662613CF7}\mpengine.dll 2012-11-24 09:11 . 2012-11-24 09:11 -------- d-----w- c:\programdata\WebEx 2012-11-24 09:11 . 2012-11-24 09:11 -------- d--h--w- c:\windows\AxInstSV 2012-11-23 16:03 . 2012-11-23 16:03 -------- d-----w- c:\program files (x86)\ERUNT 2012-11-23 13:12 . 2012-11-23 13:12 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-11-23 12:07 . 2012-11-23 12:07 -------- d-----w- c:\users\Kathy\AppData\Roaming\Malwarebytes 2012-11-23 12:07 . 2012-11-23 12:07 -------- d-----w- c:\programdata\Malwarebytes 2012-11-23 12:07 . 2012-11-23 12:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-23 12:07 . 2012-09-29 16:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-23 11:13 . 2012-11-23 11:13 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2012-11-23 11:13 . 2012-11-23 11:13 -------- d-----w- c:\users\Kathy\AppData\Roaming\iolo 2012-11-23 11:13 . 2012-11-23 11:13 -------- d-----w- c:\programdata\iolo 2012-11-23 11:13 . 2012-08-17 14:25 69000 ----a-w- c:\windows\system32\offreg.dll 2012-11-23 11:13 . 2012-08-17 14:25 21176 ----a-w- c:\windows\system32\iolorgdf64.exe 2012-11-23 11:01 . 2012-11-23 11:01 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-11-23 06:00 . 2012-08-21 10:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-11-23 05:59 . 2012-11-23 06:00 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-11-23 05:59 . 2012-11-23 06:00 -------- d-----w- c:\program files\iTunes 2012-11-23 05:59 . 2012-11-23 05:59 -------- d-----w- c:\program files\iPod 2012-11-22 16:04 . 2012-11-22 16:04 -------- d-----w- c:\users\Kathy\AppData\Local\VS Revo Group 2012-11-22 16:04 . 2009-12-30 08:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-11-22 16:04 . 2012-11-22 16:04 -------- d-----w- c:\program files\VS Revo Group 2012-11-22 14:56 . 2012-11-22 14:56 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A8A665F-0E22-4EB0-8E43-98A6173FC1DA}\gapaengine.dll 2012-11-22 14:56 . 2012-11-08 06:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-22 14:43 . 2012-11-22 14:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-11-22 14:43 . 2012-11-22 14:43 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-17 07:45 . 2012-11-17 07:45 -------- dc-h--w- c:\programdata\{54907AB1-7CB5-448D-8FED-78973B1D2830} 2012-11-17 00:01 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-17 00:01 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-17 00:01 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-17 00:01 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 00:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 00:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 00:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 00:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 00:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 00:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 00:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 16:30 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 16:30 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-07 02:48 . 2012-11-07 02:48 -------- d-----w- c:\programdata\Package Cache 2012-11-07 02:47 . 2012-11-07 02:47 -------- d-----w- c:\programdata\MR APP 2012-10-27 15:51 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-27 15:51 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-27 15:51 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-27 15:51 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-27 15:51 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-10-27 15:51 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-10-27 15:49 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-27 15:49 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-27 15:49 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-27 15:49 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-27 15:48 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-27 15:48 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-27 15:48 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-27 15:48 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-27 15:48 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-27 15:48 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-27 11:12 . 2012-10-27 11:12 -------- d-----w- c:\program files (x86)\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-22 16:24 . 2009-11-23 20:01 9621608 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-11-22 16:24 . 2009-11-23 20:01 7723112 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-11-22 16:24 . 2009-11-23 20:01 1314408 ----a-w- c:\windows\system32\nvapi64.dll 2012-11-22 16:24 . 2009-11-23 20:01 1063528 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-11-16 00:02 . 2010-03-09 20:23 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-27 15:45 . 2012-03-31 07:11 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-27 15:45 . 2011-12-30 17:32 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-25 00:12 . 2012-10-25 00:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 00:12 . 2012-10-25 00:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-01 17:43 . 2012-10-01 17:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-10-01 17:42 . 2011-03-26 20:46 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-10-01 17:42 . 2011-03-26 20:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-10-01 17:42 . 2011-03-26 19:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-09-24 12:32 . 2012-08-13 18:05 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-24 12:32 . 2010-04-17 14:46 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-21 15:55 . 2011-03-26 19:45 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-09-21 15:55 . 2011-03-26 19:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-09-06 21:01 . 2012-09-06 21:01 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-08-31 08:16 . 2010-03-07 14:55 47633 ----a-w- c:\windows\SysWow64\wuwuninst.exe 2012-08-30 19:03 . 2012-08-30 19:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-30 19:03 . 2012-08-30 19:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\system32\%APPDATA% ---- . 1601-01-01 00:00 . 1601-01-01 00:00 0 --sha-w- c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RCHotKey"="c:\program files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2010-01-29 32768] "Akamai NetSession Interface"="c:\users\Kathy\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2012-04-11 2177056] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-12-01 03:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040] R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-03-30 237328] R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-09-22 43028328] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840] R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2012-04-02 26856] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [2010-07-13 21200] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152] R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-10-12 54760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-11 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128] R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600] S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2012-04-11 770080] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-11-13 60416] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776] S2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-09-16 352312] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2012-08-06 156672] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-09-15 262360] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216] . . Contents of the 'Scheduled Tasks' folder . 2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:45] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 13:32] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 13:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320] "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 16397416] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.com/ mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> TCP: DhcpNameServer = 192.168.1.1 DPF: {8A177687-28EB-48DB-9CCB-5C5254D10568} - file:///G:/program/base/Components/Setup/EduSpeak.EduSpeakX/EduSpeakX.cab FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\6lbajv5t.default\ FF - ExtSQL: 2012-10-27 14:11; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4 AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe AddRemove-SplashID iPhone Desktop - c:\program files (x86)\SplashData\SplashID for iPhone\uninst.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-25 07:30:33 ComboFix-quarantined-files.txt 2012-11-25 04:30 ComboFix2.txt 2012-11-25 04:06 ComboFix3.txt 2012-11-24 16:20 ComboFix4.txt 2012-11-24 08:08 . Pre-Run: 323,481,882,624 bytes free Post-Run: 323,405,066,240 bytes free . - - End Of File - - 57941CBD8767A0B637F7BA24C955C61E
  3. Nothing found, so nothing removed for Step 4 Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.11.24.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kathy :: KATHY-VAIOBIG [administrator] Protection: Disabled 11/24/2012 7:36:53 PM mbam-log-2012-11-24 (19-36-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208287 Time elapsed: 2 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. (The RKill.com is the only one did not give the option to run as administrator.) ComboFix 12-11-23.02 - Kathy 11/24/2012 19:08:16.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4078.2372 [GMT 3:00] Running from: c:\users\Kathy\Desktop\ComboFix.exe Command switches used :: c:\users\Kathy\Desktop\CFscript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 ))))))))))))))))))))))))))))))) . . 2012-11-24 16:17 . 2012-11-24 16:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-24 09:11 . 2012-11-24 09:11 -------- d-----w- c:\programdata\WebEx 2012-11-24 09:11 . 2012-11-24 09:11 -------- d--h--w- c:\windows\AxInstSV 2012-11-24 08:21 . 2012-11-08 06:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2E9BFE4-38AA-469C-AA8A-FDC3642C9B2D}\mpengine.dll 2012-11-23 16:03 . 2012-11-23 16:03 -------- d-----w- c:\program files (x86)\ERUNT 2012-11-23 13:12 . 2012-11-23 13:12 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-11-23 12:07 . 2012-11-23 12:07 -------- d-----w- c:\users\Kathy\AppData\Roaming\Malwarebytes 2012-11-23 12:07 . 2012-11-23 12:07 -------- d-----w- c:\programdata\Malwarebytes 2012-11-23 12:07 . 2012-11-23 12:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-23 12:07 . 2012-09-29 16:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-23 11:13 . 2012-11-23 11:13 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2012-11-23 11:13 . 2012-11-23 11:13 -------- d-----w- c:\users\Kathy\AppData\Roaming\iolo 2012-11-23 11:13 . 2012-11-23 11:13 -------- d-----w- c:\programdata\iolo 2012-11-23 11:13 . 2012-08-17 14:25 69000 ----a-w- c:\windows\system32\offreg.dll 2012-11-23 11:13 . 2012-08-17 14:25 21176 ----a-w- c:\windows\system32\iolorgdf64.exe 2012-11-23 11:01 . 2012-11-23 11:01 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-11-23 06:00 . 2012-08-21 10:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-11-23 05:59 . 2012-11-23 06:00 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-11-23 05:59 . 2012-11-23 06:00 -------- d-----w- c:\program files\iTunes 2012-11-23 05:59 . 2012-11-23 05:59 -------- d-----w- c:\program files\iPod 2012-11-22 16:04 . 2012-11-22 16:04 -------- d-----w- c:\users\Kathy\AppData\Local\VS Revo Group 2012-11-22 16:04 . 2009-12-30 08:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-11-22 16:04 . 2012-11-22 16:04 -------- d-----w- c:\program files\VS Revo Group 2012-11-22 14:56 . 2012-11-22 14:56 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A8A665F-0E22-4EB0-8E43-98A6173FC1DA}\gapaengine.dll 2012-11-22 14:56 . 2012-11-08 06:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-22 14:43 . 2012-11-22 14:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-11-22 14:43 . 2012-11-22 14:43 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-17 07:45 . 2012-11-17 07:45 -------- dc-h--w- c:\programdata\{54907AB1-7CB5-448D-8FED-78973B1D2830} 2012-11-17 00:01 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-17 00:01 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-17 00:01 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-17 00:01 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 00:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 00:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 00:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 00:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 00:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 00:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 00:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 16:30 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 16:30 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-07 02:48 . 2012-11-07 02:48 -------- d-----w- c:\programdata\Package Cache 2012-11-07 02:47 . 2012-11-07 02:47 -------- d-----w- c:\programdata\MR APP 2012-10-27 15:51 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-27 15:51 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-27 15:51 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-27 15:51 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-27 15:51 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-10-27 15:51 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-10-27 15:49 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-27 15:49 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-27 15:49 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-27 15:49 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-27 15:48 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-27 15:48 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-27 15:48 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-27 15:48 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-27 15:48 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-27 15:48 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-27 11:12 . 2012-10-27 11:12 -------- d-----w- c:\program files (x86)\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-22 16:24 . 2009-11-23 20:01 9621608 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-11-22 16:24 . 2009-11-23 20:01 7723112 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-11-22 16:24 . 2009-11-23 20:01 1314408 ----a-w- c:\windows\system32\nvapi64.dll 2012-11-22 16:24 . 2009-11-23 20:01 1063528 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-11-16 00:02 . 2010-03-09 20:23 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-27 15:45 . 2012-03-31 07:11 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-27 15:45 . 2011-12-30 17:32 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-25 00:12 . 2012-10-25 00:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 00:12 . 2012-10-25 00:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-01 17:43 . 2012-10-01 17:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-10-01 17:42 . 2011-03-26 20:46 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-10-01 17:42 . 2011-03-26 20:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-10-01 17:42 . 2011-03-26 19:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-09-24 12:32 . 2012-08-13 18:05 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-24 12:32 . 2010-04-17 14:46 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-21 15:55 . 2011-03-26 19:45 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-09-21 15:55 . 2011-03-26 19:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-09-06 21:01 . 2012-09-06 21:01 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-08-31 08:16 . 2010-03-07 14:55 47633 ----a-w- c:\windows\SysWow64\wuwuninst.exe 2012-08-30 19:03 . 2012-08-30 19:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-30 19:03 . 2012-08-30 19:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-08 39408] "RCHotKey"="c:\program files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2010-01-29 32768] "Akamai NetSession Interface"="c:\users\Kathy\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2012-04-11 2177056] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-12-01 03:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-03-30 237328] R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-09-22 43028328] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840] R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2012-04-02 26856] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [2010-07-13 21200] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-11 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128] R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600] S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2012-04-11 770080] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-11-13 60416] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776] S2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-09-16 352312] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2012-08-06 156672] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-09-15 262360] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248] S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-10-12 54760] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216] . . Contents of the 'Scheduled Tasks' folder . 2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:45] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 13:32] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 13:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320] "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 16397416] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.com/ mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 DPF: {8A177687-28EB-48DB-9CCB-5C5254D10568} - file:///G:/program/base/Components/Setup/EduSpeak.EduSpeakX/EduSpeakX.cab FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\6lbajv5t.default\ FF - ExtSQL: 2012-10-27 14:11; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4 AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe AddRemove-SplashID iPhone Desktop - c:\program files (x86)\SplashData\SplashID for iPhone\uninst.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-11-24 19:20:03 ComboFix-quarantined-files.txt 2012-11-24 16:20 ComboFix2.txt 2012-11-24 08:08 . Pre-Run: 324,353,970,176 bytes free Post-Run: 324,059,512,832 bytes free . - - End Of File - - 9594690C47ACEDBF4A7AC45D2ACB455B
  5. Rkill 2.4.5 by Lawrence Abrams (Grinler) http://www.bleepingcomputer.com/ Copyright 2008-2012 BleepingComputer.com More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 11/24/2012 07:04:55 PM in x64 mode. Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * C:\Program Files\Java\jre6\bin\jusched.exe (PID: 2228) [FI] 1 proccess terminated! Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 11/24/2012 07:05:10 PM Execution time: 0 hours(s), 0 minute(s), and 14 seconds(s)
  6. sorry, wait. Let me try again...I was looking for an .exe file, not .com
  7. The tool does not run from of the RKill links provided....so I will try the alternate links provided.
  8. Update MSE is back in the tray, does not disappear when I approach with the cursor. IE still redirecting to a blank page (despite URL of www.google.com) when I click on a link. Katje
  9. So far, the system seems better, no redirects in the first 10 minutes...I will let you know if that changes. Thanks, and ready for whatever comes next!
  10. ComboFix 12-11-23.02 - Kathy 11/24/2012 10:51:51.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4078.2365 [GMT 3:00] Running from: c:\users\Kathy\Desktop\ComboFix.exe Command switches used :: c:\users\Kathy\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\Kathy\AppData\Roaming\ifsutilx6.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Kathy\AppData\Roaming\ifsutilx6.dll c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2012-10-24 to 2012-11-24 ))))))))))))))))))))))))))))))) . . 2012-11-23 16:03 . 2012-11-23 16:03 -------- d-----w- c:\program files (x86)\ERUNT 2012-11-23 13:12 . 2012-11-23 13:12 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-11-23 12:07 . 2012-11-23 12:07 -------- d-----w- c:\users\Kathy\AppData\Roaming\Malwarebytes 2012-11-23 12:07 . 2012-11-23 12:07 -------- d-----w- c:\programdata\Malwarebytes 2012-11-23 12:07 . 2012-11-23 12:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-23 12:07 . 2012-09-29 16:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-23 11:13 . 2012-11-23 11:13 74703 ----a-w- c:\windows\SysWow64\mfc45.dll 2012-11-23 11:13 . 2012-11-23 11:13 -------- d-----w- c:\users\Kathy\AppData\Roaming\iolo 2012-11-23 11:13 . 2012-11-23 11:13 -------- d-----w- c:\programdata\iolo 2012-11-23 11:13 . 2012-08-17 14:25 69000 ----a-w- c:\windows\system32\offreg.dll 2012-11-23 11:13 . 2012-08-17 14:25 21176 ----a-w- c:\windows\system32\iolorgdf64.exe 2012-11-23 11:01 . 2012-11-23 11:01 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-11-23 06:00 . 2012-08-21 10:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-11-23 05:59 . 2012-11-23 06:00 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-11-23 05:59 . 2012-11-23 06:00 -------- d-----w- c:\program files\iTunes 2012-11-23 05:59 . 2012-11-23 05:59 -------- d-----w- c:\program files\iPod 2012-11-22 16:04 . 2012-11-22 16:04 -------- d-----w- c:\users\Kathy\AppData\Local\VS Revo Group 2012-11-22 16:04 . 2009-12-30 08:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-11-22 16:04 . 2012-11-22 16:04 -------- d-----w- c:\program files\VS Revo Group 2012-11-22 14:56 . 2012-11-22 14:56 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0A8A665F-0E22-4EB0-8E43-98A6173FC1DA}\gapaengine.dll 2012-11-22 14:56 . 2012-11-08 06:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-22 14:43 . 2012-11-22 14:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client 2012-11-22 14:43 . 2012-11-22 14:43 -------- d-----w- c:\program files\Microsoft Security Client 2012-11-17 07:45 . 2012-11-17 07:45 -------- dc-h--w- c:\programdata\{54907AB1-7CB5-448D-8FED-78973B1D2830} 2012-11-17 00:01 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-17 00:01 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-17 00:01 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-17 00:01 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-16 00:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-16 00:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-16 00:01 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-16 00:01 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-16 00:01 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-16 00:01 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-16 00:01 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 16:30 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 16:30 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-07 02:48 . 2012-11-07 02:48 -------- d-----w- c:\programdata\Package Cache 2012-11-07 02:47 . 2012-11-07 02:47 -------- d-----w- c:\programdata\MR APP 2012-10-27 15:51 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-27 15:51 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-27 15:51 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-27 15:51 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-10-27 15:51 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-10-27 15:51 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-10-27 15:49 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-27 15:49 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-27 15:49 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-27 15:49 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-27 15:48 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-27 15:48 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-27 15:48 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-27 15:48 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-27 15:48 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-27 15:48 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-27 11:12 . 2012-10-27 11:12 -------- d-----w- c:\program files (x86)\Common Files\Java . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-22 16:24 . 2009-11-23 20:01 9621608 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-11-22 16:24 . 2009-11-23 20:01 7723112 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-11-22 16:24 . 2009-11-23 20:01 1314408 ----a-w- c:\windows\system32\nvapi64.dll 2012-11-22 16:24 . 2009-11-23 20:01 1063528 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-11-16 00:02 . 2010-03-09 20:23 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-27 15:45 . 2012-03-31 07:11 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-27 15:45 . 2011-12-30 17:32 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-25 00:12 . 2012-10-25 00:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 00:12 . 2012-10-25 00:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-01 17:43 . 2012-10-01 17:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-10-01 17:42 . 2011-03-26 20:46 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-10-01 17:42 . 2011-03-26 20:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-10-01 17:42 . 2011-03-26 19:45 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-09-24 12:32 . 2012-08-13 18:05 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-24 12:32 . 2010-04-17 14:46 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-21 15:55 . 2011-03-26 19:45 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-09-21 15:55 . 2011-03-26 19:45 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-09-06 21:01 . 2012-09-06 21:01 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2012-08-31 08:16 . 2010-03-07 14:55 47633 ----a-w- c:\windows\SysWow64\wuwuninst.exe 2012-08-30 19:03 . 2012-08-30 19:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys 2012-08-30 19:03 . 2012-08-30 19:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-08 39408] "RCHotKey"="c:\program files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2010-01-29 32768] "Akamai NetSession Interface"="c:\users\Kathy\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920] "Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2012-04-11 2177056] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-03 284696] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [2012-3-13 274328] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-12-01 03:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-27 151040] R3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;c:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-03-30 237328] R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-09-22 43028328] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840] R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2012-04-02 26856] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [2010-07-13 21200] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-19 549616] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152] R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-10-12 54760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-11 1255736] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128] R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600] S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2012-04-11 770080] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-03 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-11-13 60416] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776] S2 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-09-16 352312] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2012-08-06 156672] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-09-15 262360] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248] S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 15:45] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 13:32] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-08 13:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-11 16397416] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = https://www.google.com/ mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: Append to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.1.1 DPF: {8A177687-28EB-48DB-9CCB-5C5254D10568} - file:///G:/program/base/Components/Setup/EduSpeak.EduSpeakX/EduSpeakX.cab FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\6lbajv5t.default\ FF - ExtSQL: 2012-10-27 14:11; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKCU-Run-Livestation - c:\program files (x86)\Livestation\Livestation.exe Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4 AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe AddRemove-SplashID iPhone Desktop - c:\program files (x86)\SplashData\SplashID for iPhone\uninst.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe c:\program files\Sony\VAIO Care\listener.exe . ************************************************************************** . Completion time: 2012-11-24 11:08:08 - machine was rebooted ComboFix-quarantined-files.txt 2012-11-24 08:08 . Pre-Run: 324,394,053,632 bytes free Post-Run: 324,425,551,872 bytes free . - - End Of File - - 898F09E7948732F3B9ABD2BA4BB9D235
  11. Maurice, One question: Is MSE actually running somewhere and should I first go in to Safe mode to disable it before following the steps above? Katje
  12. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_37 Run by Kathy at 19:17:58 on 2012-11-23 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4078.2159 [GMT 3:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Fitbit\fitbit.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Windows\SysWOW64\WebUpdateSvc4.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServer.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\System32\alg.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe C:\Users\Kathy\AppData\Local\Akamai\netsession_win.exe C:\Users\Kathy\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Fitbit\fitbit-tray.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files\Apoint\Apntex.exe C:\Program Files\Apoint\Apvfb.exe C:\Windows\system32\taskeng.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\taskeng.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe C:\Program Files\Sony\VAIO Care\VCPerfService.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe C:\Program Files\Sony\VAIO Update\VUAgent.exe C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Sony\VAIO Care\VCSystemTray.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Sony\VAIO Care\VCService.exe C:\Program Files\Sony\VAIO Care\VCAgent.exe C:\Windows\System32\vds.exe C:\Windows\splwow64.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.google.com/ uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT uProxyOverride = <local> mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [RCHotKey] "C:\Program Files (x86)\RingCentral\RingCentral Call Controller\RCHotKey.exe" uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [Livestation] C:\Program Files (x86)\Livestation\Livestation.exe -startup uRun: [Akamai NetSession Interface] "C:\Users\Kathy\AppData\Local\Akamai\netsession_win.exe" uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe uRun: [JFHFP] rundll32 "C:\Users\Kathy\AppData\Roaming\ifsutilx6.dll",UXZPFTRTP uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SONYMS~1.LNK - C:\Program Files (x86)\Sony\MSS\3.0.271\SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab DPF: {8A177687-28EB-48DB-9CCB-5C5254D10568} - file:///G:/program/base/Components/Setup/EduSpeak.EduSpeakX/EduSpeakX.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxp://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://goive.state.gov/dana-cached/sc/JuniperSetupClient.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{2F73DCE4-4155-4351-A0B8-5D5F66293778}\75C414E4D2544363031373 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{BB8C9484-BDD0-485F-9085-847F9BF303D0} : DHCPNameServer = 192.168.1.1 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Notify: VESWinlogon - VESWinlogon.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup x64-RunOnce: [AppRemover] wscript.exe "C:\Users\Kathy\AppData\Local\Temp\AppRemover_RunBatchSilently.vbs" "C:\Users\Kathy\AppData\Local\Temp\AppRemover_ToBeDelAfterReboot.bat" x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . INFO: x64-HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\6lbajv5t.default\ FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll FF - plugin: C:\Program Files (x86)\SRI\EduSpeakFSI\1.04.02.0001\npEduSpeakFSI.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-10-27 14:11; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-8 55280] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600] R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-8-17 770080] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-9 13336] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-23 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-23 676936] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 128456] R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-11-13 60416] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2009-12-8 14112] R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-11-23 93696] R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-11-23 75776] R2 RosettaStoneLtdController;RosettaStoneLtdController;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-9-16 352312] R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-8-6 156672] R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-12-8 104960] R2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2008-9-15 262360] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-12-8 19968] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-23 25928] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-11-23 11392] R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-12-8 571248] R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-12 54760] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2012-11-23 1286784] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-11-23 393216] S2 AviraUpgradeService;Avira Upgrade Service;C:\Windows\Temp\AVSETUP_50af9034\avupgsvc.exe [2012-11-23 57632] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-11-23 52264] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-24 35104] S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-11-23 151040] S3 McComponentHostServiceSony;McAfee Security Scan Component Host Service for Sony;C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [2012-3-30 237328] S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-9-22 43028328] S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2012-11-22 31800] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840] S3 SIUSBXP;SIUSBXP;C:\Windows\System32\drivers\SiUSBXp.sys [2012-8-17 26856] S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-10 108400] S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280] S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-10 67952] S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-27 303872] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-20 59392] S3 TVICHW64;TVICHW64;C:\Windows\System32\drivers\TVicHW64.sys [2010-7-13 21200] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-20 549616] S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-12 1255736] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128] S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024] . =============== Created Last 30 ================ . 2012-11-23 13:12:00 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2012-11-23 12:07:22 -------- d-----w- C:\Users\Kathy\AppData\Roaming\Malwarebytes 2012-11-23 12:07:05 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-23 12:07:04 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-11-23 12:07:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-23 11:13:15 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll 2012-11-23 11:13:14 69000 ----a-w- C:\Windows\System32\offreg.dll 2012-11-23 11:13:14 21176 ----a-w- C:\Windows\System32\iolorgdf64.exe 2012-11-23 11:13:14 -------- d-----w- C:\Users\Kathy\AppData\Roaming\iolo 2012-11-23 11:13:14 -------- d-----w- C:\ProgramData\iolo 2012-11-23 06:00:39 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-11-23 05:59:53 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-11-23 05:59:53 -------- d-----w- C:\Program Files\iTunes 2012-11-23 05:59:53 -------- d-----w- C:\Program Files\iPod 2012-11-22 16:04:31 -------- d-----w- C:\Users\Kathy\AppData\Local\VS Revo Group 2012-11-22 16:04:28 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys 2012-11-22 16:04:26 -------- d-----w- C:\Program Files\VS Revo Group 2012-11-22 14:56:43 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A8A665F-0E22-4EB0-8E43-98A6173FC1DA}\gapaengine.dll 2012-11-22 14:56:38 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1E11288A-0299-42F8-9D67-450AF3A3950F}\mpengine.dll 2012-11-22 14:51:10 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-11-22 14:43:52 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client 2012-11-22 14:43:50 -------- d-----w- C:\Program Files\Microsoft Security Client 2012-11-17 07:45:21 -------- dc-h--w- C:\ProgramData\{54907AB1-7CB5-448D-8FED-78973B1D2830} 2012-11-17 00:01:12 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-17 00:01:11 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-17 00:01:08 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-17 00:01:07 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-16 00:01:48 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-16 00:01:47 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-16 00:01:46 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-16 00:01:46 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-16 00:01:45 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-16 00:01:45 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-16 00:01:45 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-15 16:30:13 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-11-15 16:30:13 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-11-07 02:48:42 -------- d-----w- C:\ProgramData\Package Cache 2012-11-07 02:47:24 -------- d-----w- C:\ProgramData\MR APP 2012-11-03 15:32:53 -------- d-----w- C:\Users\Kathy\AppData\Local\{6A269DB1-67C0-4A95-8789-8AFF9FE44B05} 2012-10-27 15:51:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-10-27 15:51:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-10-27 15:51:21 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-10-27 15:51:19 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-10-27 15:51:18 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-10-27 15:51:17 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-10-27 15:49:23 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-10-27 15:49:23 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-10-27 15:49:22 715776 ----a-w- C:\Windows\System32\kerberos.dll 2012-10-27 15:49:22 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll 2012-10-27 15:48:45 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-10-27 15:48:45 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2012-10-27 15:48:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-10-27 15:48:45 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-10-27 15:48:44 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-10-27 15:48:44 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-10-25 00:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-10-25 00:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ==================== Find3M ==================== . 2012-10-27 15:45:29 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-27 15:45:29 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-24 12:32:24 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-09-24 12:32:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-08-31 08:16:54 47633 ----a-w- C:\Windows\SysWow64\wuwuninst.exe 2012-08-30 19:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-08-30 19:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys . ============= FINISH: 19:19:15.45 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core i7 CPU Q 720 @ 1.60GHz | N/A | 1600/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 457 GiB total, 302.43 GiB free. D: is Removable E: is Removable F: is Removable G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) ??? ????? Apple Adobe Acrobat 9 Pro - English, Français, Deutsch Adobe Acrobat 9.5.2 - CPSID_83708 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Akamai NetSession Interface Alps Pointing-device for VAIO Apple Mobile Device Support Apple Software Update ArcSoft Magic-i Visual Effects 2 ArcSoft WebCam Companion 3 Bonjour Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Compatibility Pack for the 2007 Office system Corel WinDVD D3DX10 EduSpeakFSI ERUNT 1.1j Evernote Fitbit Base Station (Driver Removal) Fitbit v2.1.0.8 Google Chrome Google Toolbar for Internet Explorer Google Update Helper iCloud Intel® Rapid Storage Technology Intel® Turbo Boost Technology Driver Internet TV for Windows Media Center iTunes Java Auto Updater Java 6 Update 17 (64-bit) Java 6 Update 37 Juniper Citrix Services Client Juniper Networks, Inc. Setup Client Junk Mail filter update Last.fm 1.5.4.27091 Malwarebytes Anti-Malware version 1.65.1.1000 Media Gallery Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office Office 64-bit Components 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared 64-bit MUI (English) 2007 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2008 Microsoft SQL Server 2008 Browser Microsoft SQL Server 2008 Common Files Microsoft SQL Server 2008 Database Engine Services Microsoft SQL Server 2008 Database Engine Shared Microsoft SQL Server 2008 Native Client Microsoft SQL Server 2008 RsFx Driver Microsoft SQL Server 2008 Setup Support Files Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server VSS Writer Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Microsoft WSE 2.0 SP3 Runtime MobileMe Control Panel Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA Drivers Oasis2Service OpenAL PlayReady PC Runtime amd64 PMB PMB VAIO Edition Guide PMB VAIO Edition plug-in (Click to Disc) PMB VAIO Edition plug-in (VAIO Image Optimizer) PMB VAIO Edition plug-in (VAIO Movie Story) PVSonyDll QuickBooks Financial Center QuickTime Rapid Rote Realtek High Definition Audio Driver Revo Uninstaller Pro 2.5.9 RingCentral Call Controller RingCentral Voicemail Player Rosetta Stone Ltd Services Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy Media Creator 10 LJ Roxio Easy Media Creator Home Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition Service Pack 3 for SQL Server 2008 (KB2546951) Setting Utility Series Setup_msm_VCMS_x64 Setup_msm_VOFS_x64 Setup_VEP_x64_Contain_SSDB Skype Click to Call Skype™ 6.0 SmartWi Connection Utility Software Update Wizard (Redistributable) 4.5 SOHLib Merge Module Sony Home Network Library SplashID iPhone Desktop 5.2 SplashID Safe 6.2 Sql Server Customer Experience Improvement Program Symantec Technical Support Web Controls Times Reader Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) VAIO Care VAIO Content Metadata Intelligent Analyzing Manager VAIO Content Metadata Intelligent Network Service Manager VAIO Content Metadata Manager Settings VAIO Content Metadata XML Interface Library VAIO Content Monitoring Settings VAIO Control Center VAIO Data Restore Tool VAIO DVD Menu Data VAIO Entertainment Platform VAIO Event Service VAIO Hardware Diagnostics VAIO Help and Support VAIO Media plus VAIO Media plus Opening Movie VAIO Messenger VAIO Movie Story Template Data VAIO OOBE and Startup Assistant VAIO Original Function Settings VAIO Personalization Manager VAIO Power Management VAIO Survey VAIO Transfer Support VAIO Update VAIO Wallpaper Contents VAIO Window Organizer VD64Inst VU5x64 VU5x86 WIDCOMM Bluetooth Software Windows 7 Upgrade Advisor Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin . ==== End Of File ===========================
  13. Windows 7 Using Chrome, IE and Firefox my computer is behaving erratically. It either redirects to ad sites or a blank page. I noticed MSE was not in the tray and have been unable to load/run it except in safe mode. MSE, MBAM and spybot all find no issues. Please help. Katje mbam-log-2012-11-23 (15-32-54).txt RKreport1_S_11232012_02d1520.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.