PeteDangerous

Hi Gringo, I'm sorry that it's taken me a couple of days to reply but I have been away from my computer. The computer has developed a number of other problems since I last spoke to you and has been sent away for a factory reset. Thank you for your help, it was greatly appreciated. Kind regards Pete

Hi Gringo, I have done as you requested and have pasted the log below. I am still in Safe mode. Am I ok to reboot the computer in normal mode now? Cheers Pete ComboFix 13-04-09.01 - Ian 10/04/2013 7:12.2.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.2242 [GMT 1:00] Running from: c:\users\Mark\Downloads\ComboFix.exe AV: Bitdefender Antivirus *Disabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4} FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF} SP: Bitdefender Antispyware *Disabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-03-10 to 2013-04-10 ))))))))))))))))))))))))))))))) . . 2013-04-10 06:28 . 2013-04-10 06:28 -------- d-----w- c:\users\Mcx1\AppData\Local\temp 2013-04-10 06:28 . 2013-04-10 06:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-04-10 06:28 . 2013-04-10 06:28 -------- d-----w- c:\users\Mark\AppData\Local\temp 2013-04-10 06:28 . 2013-04-10 06:29 -------- d-----w- c:\users\Ian\AppData\Local\temp 2013-04-09 15:34 . 2013-04-09 15:42 166 ----a-w- c:\windows\DeleteOnReboot.bat 2013-04-03 08:28 . 2013-04-03 08:28 -------- d-----w- c:\program files\FileZilla FTP Client 2013-03-18 18:33 . 2013-02-12 01:57 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-29 09:49 . 2012-10-25 07:11 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys 2013-03-13 08:58 . 2013-02-25 07:33 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 08:58 . 2013-02-25 07:33 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-25 19:02 . 2013-02-25 19:02 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-25 19:01 . 2012-07-19 06:46 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-02-25 19:01 . 2010-05-16 06:22 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-30 19:31 . 2013-01-30 19:31 482928 ----a-w- c:\windows\system32\drivers\avckf.sys 2013-01-30 19:31 . 2013-01-30 19:31 625128 ----a-w- c:\windows\system32\drivers\avc3.sys 2013-01-30 19:31 . 2013-01-30 19:31 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys 2012-10-11 01:06 . 2012-10-26 16:14 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox1] @="{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}" [HKEY_CLASSES_ROOT\CLSID\{152C96EB-288E-4EDC-B7C6-D21F8250ADF3}] 2013-02-27 21:31 241360 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox2] @="{342DAA0B-D796-460D-8566-901E08A1CCAD}" [HKEY_CLASSES_ROOT\CLSID\{342DAA0B-D796-460D-8566-901E08A1CCAD}] 2013-02-27 21:31 241360 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox3] @="{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}" [HKEY_CLASSES_ROOT\CLSID\{57595DAE-1AE1-4D97-A49E-67CBB53B52DF}] 2013-02-27 21:31 241360 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\__SafeBox4] @="{33816773-98AE-4723-ADE0-EBE54C8B5A67}" [HKEY_CLASSES_ROOT\CLSID\{33816773-98AE-4723-ADE0-EBE54C8B5A67}] 2013-02-27 21:31 241360 ----a-w- c:\program files\Bitdefender\Bitdefender Safebox\safeboxshell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-04-23 262144] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-06-12 700416] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408] "Akamai NetSession Interface"="c:\users\Ian\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 90624] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-29 6111232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-30 30192] "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-06-02 36864] "AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-03-26 1093632] "EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-31 185896] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2008-07-09 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-09 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704] "ServiceManager.exe"="c:\program files\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-03-29 1617440] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352] . c:\users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Ian\AppData\Roaming\Dropbox\bin\Dropbox.exe [N/A] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-5-16 295606] Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2008-05-13 06:45 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GOEC62~1.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Akamai REG_MULTI_SZ Akamai LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2013-04-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 08:58] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 14:25] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 14:25] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864540386-1548060428-3434336971-1000Core.job - c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-07 16:44] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864540386-1548060428-3434336971-1000UA.job - c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-07 16:44] . 2013-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864540386-1548060428-3434336971-1001Core.job - c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-15 16:44] . 2013-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864540386-1548060428-3434336971-1001UA.job - c:\users\Mark\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-15 16:44] . 2013-04-09 c:\windows\Tasks\ReclaimerUpdateFiles_Ian.job - c:\users\Ian\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-19 18:16] . 2013-04-06 c:\windows\Tasks\ReclaimerUpdateXML_Ian.job - c:\users\Ian\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-19 18:16] . 2013-04-09 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Ian.job - c:\users\Ian\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.40\agent\rnupgagent.exe [2013-03-19 18:16] . . ------- Supplementary Scan ------- . uStart Page = about:blank mStart Page = about:blank uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 FF - ProfilePath - c:\users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\ompr541b.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=021113&q= FF - ExtSQL: !HIDDEN! 2009-09-02 18:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) SafeBoot-WudfPf SafeBoot-WudfRd . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-04-10 07:29 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_ca0e279.dll" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b4 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1312) c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\program files\Common Files\Intel\WirelessCommon\PsRegApi.dll c:\program files\Common Files\Intel\WirelessCommon\CustomUIResource.dll . Completion time: 2013-04-10 07:32:02 ComboFix-quarantined-files.txt 2013-04-10 06:31 . Pre-Run: 111,936,942,080 bytes free Post-Run: 114,650,107,904 bytes free . - - End Of File - - B6BF45C868059ADB3D336E38D8F05BE3

Hi Gringo, How long is this Combofix scan supposed to take? I started the scan over 2 hours ago and it still hasn't finished. The last few entries in the log are: Deleting Folders: C:\InstDrvs C:\Program Files\Windows Searchqu Toolbar C:\ProgramData\Roaming C:\Windows\systems32\URTTemp Nothing has changed for over an hour now. Do I need to reboot my system or is the scan still working? Will it cause any problems if I reboot this now?

Hi Gringo, Please accept my apologies, this is the correct report. Cheers Pete RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Ian [Admin rights] Mode : Remove -- Date : 04/09/2013 17:48:09 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] RTKAUDIOSERVICE.EXE -- C:\Windows\RtkAudioService.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 5 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\RunOnce : DeleteOnReboot (C:\Windows\DeleteOnReboot.bat) [-] -> DELETED [TASK][sUSP PATH] Norton PC Checkup Setup : "C:\Users\Ian\AppData\Roaming\PCCUStubInstaller\SymcPCCUInstaller.exe" /env=prod /task [7] -> DELETED [TASK][sUSP PATH] switchShakeIcon : C:\Users\Mark\AppData\Roaming\NCH Swift Sound\Program Files\Switch\switch.exe -shakeicon [-] -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS542525K9SA00 +++++ --- User --- [MBR] c42c2ef57abed14776ad240409710042 [bSP] ac7e18a2577d82f347d0acc0ea0cf415 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10481 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21467136 | Size: 227992 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_04092013_02d1748.txt >> RKreport[1]_S_04092013_02d1738.txt ; RKreport[2]_D_04092013_02d1748.txt

Hi Gringo, I've just completed the RogueKiller scan and pasted the results below. This one does seem to flag up something. Cheers Pete RogueKiller V8.5.4 [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User : Ian [Admin rights] Mode : Scan -- Date : 04/09/2013 17:38:22 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] RTKAUDIOSERVICE.EXE -- C:\Windows\RtkAudioService.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 6 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\RunOnce : DeleteOnReboot (C:\Windows\DeleteOnReboot.bat) [-] -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1864540386-1548060428-3434336971-1000[...]\RunOnce : DeleteOnReboot (C:\Windows\DeleteOnReboot.bat) [-] -> FOUND [TASK][sUSP PATH] Norton PC Checkup Setup : "C:\Users\Ian\AppData\Roaming\PCCUStubInstaller\SymcPCCUInstaller.exe" /env=prod /task [7] -> FOUND [TASK][sUSP PATH] switchShakeIcon : C:\Users\Mark\AppData\Roaming\NCH Swift Sound\Program Files\Switch\switch.exe -shakeicon [-] -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HTS542525K9SA00 +++++ --- User --- [MBR] c42c2ef57abed14776ad240409710042 [bSP] ac7e18a2577d82f347d0acc0ea0cf415 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10481 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21467136 | Size: 227992 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_04092013_02d1738.txt >> RKreport[1]_S_04092013_02d1738.txt

Hi Gringo, I was unable to run the Security Check that you requested but I have been able to run AdwCleaner # AdwCleaner v2.200 - Logfile created 04/09/2013 at 16:33:49 # Updated 02/04/2013 by Xplode # Operating system : Windows Vista Home Premium Service Pack 2 (32 bits) # User : Ian - IAN-PC # Boot Mode : Normal # Running from : C:\Users\Mark\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] *****

Hi there, I seem to be experiencing problems associated with Malware that I cannot get to the bottom of. I've followed the guidelines on your thread titled 'I'm infected - What do I do now?' and have copied the text below as requested. Please help!!! DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.15.2 Run by Ian at 12:33:05 on 2013-04-09 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1051 [GMT 1:00] . AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09} FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\SLsvc.exe C:\Windows\RtkAudioService.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Apoint\Apoint.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe C:\Program Files\Sony\ISB Utility\ISBMgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Sony\Marketing Tools\MarketingTools.exe C:\Program Files\CyberLink\PCM4Everio\EverioService.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\LogMeIn\x86\RaMaint.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\LogMeIn\x86\LogMeInSystray.exe C:\Program Files\Windows Searchqu Toolbar\DataMngr\DataMngrUI.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Sony\Network Utility\LANUtil.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Users\Mark\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\LogMeIn\x86\LogMeIn.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Sony\Network Utility\NSUService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Users\Mark\AppData\Roaming\Trusteer\Rapport\app\bin\RapportService.exe C:\Windows\system32\DllHost.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\System32\WUDFHost.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Apoint\ApMsgFwd.exe C:\Program Files\Apoint\Apntex.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Skype\Phone\Skype.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Ipswitch\WS_FTP 12\WsftpCOMHelper.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Mark\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\svchost.exe -k Akamai C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Bar = hxxp://www.google.com/ie mStart Page = about:blank uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} - c:\program files\windows searchqu toolbar\toolbar\SearchquDx.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\google bae\BAE.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Searchqu Toolbar: {7FF99715-3016-4381-84CE-E4E4C9673020} - c:\program files\windows searchqu toolbar\toolbar\SearchquDx.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe" uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe" uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [Google Update] "c:\users\ian\appdata\local\google\update\GoogleUpdate.exe" /c uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Akamai NetSession Interface] "c:\users\ian\appdata\local\akamai\netsession_win.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe uRun: [showBatteryBar] "c:\program files\batterybar\ShowBatteryBar.exe" show uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide mRun: [Apoint] c:\program files\apoint\Apoint.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [iSBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe" mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe mRun: [AML] c:\program files\sony\vaio launcher\AML.exe InitApp mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe" mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe" mRun: [DataMngr] c:\progra~1\wi9130~1\datamngr\DataMngrUI.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [serviceManager.exe] "c:\program files\virgin media\service manager\ServiceManager.exe" /AUTORUN mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [bdagent] c:\program files\bitdefender\bitdefender 2013\bdagent.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-ba7e-000000000003}\_SC_Acrobat.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab TCP: NameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{23F03013-B6E3-4481-B1A4-007AF1833B12} : DHCPNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{920DE905-0E5C-4DCA-98A9-09D9356A7BD7} : DHCPNameServer = 192.168.1.254 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Notify: VESWinlogon - VESWinlogon.dll AppInit_DLLs= c:\progra~1\wi9130~1\datamngr\datamngr.dll, c:\progra~1\google\google~1\goec62~1.dll LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg . ================= FIREFOX =================== . FF - ProfilePath - c:\users\ian\appdata\roaming\mozilla\firefox\profiles\ompr541b.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=021113&q= FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll FF - plugin: c:\program files\virgin media\service manager\nprpspa.dll FF - plugin: c:\users\ian\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll FF - plugin: c:\windows\system32\NPSWF32.dll FF - ExtSQL: !HIDDEN! 2009-09-02 18:23; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08 ============= SERVICES / DRIVERS =============== . R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-1-30 625128] R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2012-10-25 162976] R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2012-10-25 77192] R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2012-10-25 72704] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-2-25 374704] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-8-20 47640] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-24 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-24 682344] R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-6-2 229376] R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032] R2 RtkHDMIService;RtkHDMIService;c:\windows\RTKAUDIOSERVICE.EXE [2008-5-16 98304] R2 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2012-10-25 82824] R2 ServicepointService;ServicepointService;c:\program files\virgin media\service manager\ServicepointService.exe [2011-4-21 689464] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-8-27 92008] R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects\uCamMonitor.exe [2008-6-2 104960] R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2013\updatesrv.exe [2012-10-25 55984] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-6-2 17408] R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-1-30 482928] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-5-16 28464] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-24 21104] R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-17 9344] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536] S2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-5-16 411488] S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-1-30 66392] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-6-2 30192] S3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [2009-6-21 23096] S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-6-2 104288] S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-6-2 350048] S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-6-2 63328] S3 wmamp3DriverV32;wmamp3DriverV32;c:\windows\system32\drivers\wmamp3DriverV32.sys [2011-7-30 23608] S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-8-5 25704] S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-8-5 25704] S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-8-5 25704] S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-8-5 25704] S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-8-5 25704] S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2013\bdparentalservice.exe [2012-10-25 62688] . =============== File Associations =============== . ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1" . =============== Created Last 30 ================ . 2013-03-18 18:33:01 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys . ==================== Find3M ==================== . 2013-03-29 09:49:23 162976 ----a-w- c:\windows\system32\drivers\gzflt.sys 2013-03-13 08:58:14 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-13 08:58:14 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-25 19:02:05 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-25 19:01:52 861088 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-02-25 19:01:51 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-02 03:38:35 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-01-30 19:31:14 482928 ----a-w- c:\windows\system32\drivers\avckf.sys 2013-01-30 19:31:12 625128 ----a-w- c:\windows\system32\drivers\avc3.sys 2013-01-30 19:31:08 66392 ----a-w- c:\windows\system32\drivers\bdsandbox.sys 2013-01-29 18:17:32 18800 ----a-w- c:\windows\system32\roboot.exe . ============= FINISH: 12:36:05.89 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 25/08/2008 19:16:42 System Uptime: 09/04/2013 08:33:56 (4 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core2 Duo CPU P8400 @ 2.26GHz | N/A | 1600/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 223 GiB total, 87.541 GiB free. D: is Removable E: is Removable F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1294\7&315347F&0&64B9E8613B7F_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00000000-DECA-FADE-DECA-DEAFDECACAFE}_VID&000205AC_PID&1294\7&315347F&0&64B9E8613B7F_C00000000 Service: . Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318} Description: Device ID: ROOT\SYSTEM\0001 Manufacturer: Name: PNP Device ID: ROOT\SYSTEM\0001 Service: . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Activation Assistant for the 2007 Microsoft Office suites Adobe Acrobat 8 Standard - English, Français, Deutsch Adobe AIR Adobe Anchor Service CS3 Adobe Anchor Service CS4 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge CS4 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps CS4 Adobe Color - Photoshop Specific CS4 Adobe Color EU Extra Settings CS4 Adobe Color JA Extra Settings CS4 Adobe Color NA Recommended Settings CS4 Adobe Color Video Profiles CS CS4 Adobe Common File Installer Adobe CSI CS4 Adobe Default Language CS4 Adobe Device Central CS3 Adobe Device Central CS4 Adobe Drive CS4 Adobe Dynamiclink Support Adobe ExtendScript Toolkit 2 Adobe ExtendScript Toolkit CS4 Adobe Extension Manager CS4 Adobe Flash CS3 Adobe Flash CS3 Professional Adobe Flash CS4 Adobe Flash CS4 Extension - Flash Lite STI en Adobe Flash CS4 Professional Adobe Flash CS4 STI-en Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Flash Video Encoder Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe Linguistics CS4 Adobe Media Encoder CS4 Adobe Media Encoder CS4 Importer Adobe Media Player Adobe Output Module Adobe PDF Library Files CS4 Adobe Photoshop 6.0 Adobe Photoshop CS4 Adobe Photoshop CS4 Support Adobe Photoshop Elements 6.0 Adobe Premiere Elements 4.0 Adobe Premiere Elements 4.0 Templates Adobe Reader X (10.1.6) Adobe Search for Help Adobe Service Manager Extension Adobe Setup Adobe Shockwave Player Adobe Type Support CS4 Adobe Update Manager CS3 Adobe Update Manager CS4 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS4 AdobeColorCommonSetCMYK AdobeColorCommonSetRGB Advanced Find and Replace v5.2 Akamai NetSession Interface Akamai NetSession Interface Service Alps Pointing-device for VAIO Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft Magic-i Visual Effects ArcSoft WebCam Companion 2 ATI Catalyst Install Manager Atlantis - Sky Patrol (remove only) µTorrent BatteryBar (remove only) Big Fish Games Center Big Fish Games Sudoku (remove only) Bitdefender Total Security 2013 BoB Test Screensaver Bonjour Browser Address Error Redirector Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center Localization Chinese Standard Catalyst Control Center Localization Chinese Traditional Catalyst Control Center Localization Czech Catalyst Control Center Localization Danish Catalyst Control Center Localization Dutch Catalyst Control Center Localization Finnish Catalyst Control Center Localization French Catalyst Control Center Localization German Catalyst Control Center Localization Greek Catalyst Control Center Localization Hungarian Catalyst Control Center Localization Italian Catalyst Control Center Localization Japanese Catalyst Control Center Localization Korean Catalyst Control Center Localization Norwegian Catalyst Control Center Localization Polish Catalyst Control Center Localization Portuguese Catalyst Control Center Localization Russian Catalyst Control Center Localization Spanish Catalyst Control Center Localization Swedish Catalyst Control Center Localization Thai Catalyst Control Center Localization Turkish ccc-core-static ccc-utility CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Click to Disc Click to Disc Editor Colour Spy 1.5 Compatibility Pack for the 2007 Office system Connect Creative Removable Disk Manager Creative System Information D3DX10 Digital Photo Navigator 1.5 DivX Converter DivX Setup DivX Version Checker Dolby Control Center EAX Unified (SHELL) FileZilla Client 3.6.0.2 Google Chrome Google Desktop Google Earth Google Talk (remove only) Google Toolbar for Internet Explorer Google Update Helper HDAUDIO SoftV92 Data Fax Modem with SmartCP Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel PROSet Wireless Intel® PROSet/Wireless WiFi Software Ipswitch WS_FTP 12 iTunes Java 7 Update 15 Java Auto Updater Java 6 Update 4 Java 6 Update 7 JustCamIt 2.1.0 kuler LogMeIn Macromedia Contribute 3.11 Macromedia Dreamweaver 8 Macromedia Extension Manager Macromedia Fireworks 8 Macromedia Flash 8 Macromedia Flash 8 Video Encoder Mahjong Towers Eternity (remove only) Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2742597) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office Access 2003 Runtime Microsoft Office File Validation Add-In Microsoft Office PowerPoint Viewer 2003 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works MobileMe Control Panel Mozilla Firefox 16.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML4 Parser My Club VAIO Mystery Case Files - Prime Suspects (remove only) Napster Burn Engine OGA Notifier 2.0.0048.0 OpenMG Secure Module 5.0.00 OpenOffice.org Installer 1.0 OXPDFCreator PaperPort Image Printer PDF Settings CS4 Photoshop Camera Raw Picasa 2 Pixel Bender Toolkit PowerCinema NE for Everio PowerDirector Express PowerProducer QuickTime Rapport RealPlayer Realtek High Definition Audio Driver Rosetta Stone Version 3 Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy Media Creator 10 LJ Roxio Easy Media Creator Home ScanSoft PaperPort 11 Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Segoe UI Setting Utility Series Skins Skype™ 6.1 SonicStage Mastering Studio SonicStage Mastering Studio Audio Filter SonicStage Mastering Studio Audio Filter Custom Preset SonicStage Mastering Studio Plugins Sony Video Shared Library Suite Shared Configuration CS4 TheBestSpinner3 TomTom HOME 2.7.2.1825 TomTom HOME Visual Studio Merge Modules TweetDeck Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VAIO Content Folder Setting VAIO Content Metadata Intelligent Analyzing Manager VAIO Content Metadata Manager Setting VAIO Content Metadata XML Interface Library VAIO Control Center VAIO Data Restore Tool VAIO DVD Menu Data Basic VAIO Edit Components 6.4 VAIO Entertainment Platform VAIO Event Service VAIO Guide VAIO Launcher Vaio Marketing Tools VAIO Media plus VAIO Movie Story VAIO Movie Story Template Data VAIO MusicBox VAIO MusicBox Sample Music VAIO Original Function Setting VAIO Power Management VAIO Presentation Support VAIO Smart Network VAIO Update 4 VAIO Wallpaper Contents VC80CRTRedist - 8.0.50727.4053 Virgin Media Service Manager 3.7.47 Virtual Villagers (remove only) WIDCOMM Bluetooth Software 6.1.0.2200 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Searchqu Toolbar WinDVD for VAIO WinRAR archiver Yahoo! Toolbar ZENcast Organizer . ==== End Of File ===========================