Need help removing smitfraud-C.generic

[anm81]

Machine all of a sudden shuts down while I was working on PC (running Win 7 64-bit). Scans using MalwareBytes, SpyBot found smitfraud-C.generic trojan in my system. Neither one of the anti-malware programs -- along with Norton Power Eraser -- were able to fully remove the trojan from my system.

Here are the following logs from the DDS.com:

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 11/1/2009 8:04:48 PM

System Uptime: 10/5/2012 5:12:24 PM (1 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | N/A | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 290 GiB total, 155.703 GiB free.

E: is Removable

F: is Removable

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP292: 10/5/2012 4:52:32 PM - Norton_Power_Eraser_20121005165232374

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.5

Amazon Games & Software Downloader

Atheros Client Installation Program

AURA Fate of the Ages

Bing HRS Toolbar

Compatibility Pack for the 2007 Office system

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dragonsphere

Dropbox

Epson Event Manager

EPSON Scan

File Uploader

Free M4a to MP3 Converter 6.2

Free WAV To MP3 Converter 2.1

Free WMA to MP3 Converter 1.16

Google Chrome

Google Earth

Google Update Helper

HP Update

Intel® Rapid Storage Technology

Java Auto Updater

Malwarebytes Anti-Malware version 1.65.0.1400

MediaMonkey 4.0

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Visio MUI (English) 2007

Microsoft Office Visio Professional 2007

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Move Media Player

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

Nikon Message Center

Nikon Transfer

NVIDIA PhysX

RarZilla Free Unrar

realMyst

Realtek High Definition Audio Driver

Risen

Riven The sequel to Myst

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Spybot - Search & Destroy

Text Twist 2 1.00

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VAIO Care

VAIO Satisfaction Survey.

VAIO Update

VAIO Update 4

VU5x86

Wav to Mp3

Winamp

Winamp Detector Plug-in

Yahoo! Messenger

.

==== Event Viewer Messages From Past Week ========

.

9/29/2012 9:28:26 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

9/29/2012 9:25:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}

9/29/2012 8:48:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

9/29/2012 8:48:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

9/29/2012 8:48:00 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

9/29/2012 8:47:59 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

9/29/2012 8:32:16 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.

10/5/2012 5:13:00 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

10/5/2012 5:12:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect.

10/5/2012 5:12:57 PM, Error: Service Control Manager [7000] - The HsfXAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

10/5/2012 10:40:51 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

10/5/2012 10:09:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.

10/5/2012 1:58:21 PM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

10/5/2012 1:31:17 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

10/5/2012 1:22:22 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

10/5/2012 1:22:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

10/5/2012 1:22:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

10/5/2012 1:22:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

10/5/2012 1:22:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

10/5/2012 1:21:45 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccSet_NIS discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6

10/3/2012 9:43:45 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR4.

10/3/2012 8:30:44 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000fe (0x0000000000000008, 0x0000000000000006, 0x0000000000000006, 0xfffffa800a9cc000). A dump was saved in: C:\Windows\Minidump\100312-54335-01.dmp. Report Id: 100312-54335-01.

10/2/2012 7:11:14 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.

10/2/2012 7:11:14 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

.

==== End Of File ===========================

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Anthony at 18:02:32 on 2012-10-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.6251 [GMT -6:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Microsoft Device Center\ipoint.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = about:blank

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - mscoree.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

TB: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - mscoree.dll

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [ouekjsbwxmrewft] C:\ProgramData\ouekjsbw.exe

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

dRun: [Apple] rundll32.exe "C:\Users\Anthony\AppData\Local\Apple Computer\Apple\mazyebsy.dll",DllRegisterServerW

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495} : DhcpNameServer = 208.180.42.100 208.180.42.68

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2516D6164616 : DhcpNameServer = 172.20.100.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2656C6B696E6E2732683 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\3555444454E4C494E4B4E2E45445D253635453 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\54E67456E6965737146344333334 : DhcpNameServer = 69.6.190.10 69.6.190.11

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Microsoft.Search.HRSToolBar.InitToolbarBHO: {1d970ed5-3eda-438d-bffd-715931e2775d} - mscoree.dll

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

TB-X64: Bing HRS Toolbar: {c9a6357b-25cc-4bcf-96c1-78736985d414} - mscoree.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121004.001\IDSviA64.sys [2012-10-5 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1309000.009\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1309000.009\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-19 13336]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]

R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-10-5 259192]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-30 138912]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-5 44736]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-5-21 401920]

S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\system32\DRIVERS\hcw72ADFilter.sys --> C:\Windows\system32\DRIVERS\hcw72ADFilter.sys [?]

S3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\system32\DRIVERS\hcw72ATV.sys --> C:\Windows\system32\DRIVERS\hcw72ATV.sys [?]

S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\system32\DRIVERS\hcw72DTV.sys --> C:\Windows\system32\DRIVERS\hcw72DTV.sys [?]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2012-10-5 1223024]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-8-23 166400]

S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-8-23 128512]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]

S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]

S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]

S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-6 1153368]

S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104]

S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952]

S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304]

S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048]

S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432]

S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960]

S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496]

S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]

S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264]

S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672]

S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888]

.

=============== Created Last 30 ================

.

2012-10-05 23:13:52 20480 ------w- C:\Windows\svchost.exe

2012-10-02 00:36:40 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtsp64.sys

2012-10-02 00:36:40 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys

2012-10-02 00:36:40 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys

2012-10-02 00:36:40 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtspx64.sys

2012-10-02 00:36:40 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys

2012-10-02 00:36:40 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys

2012-10-02 00:36:40 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys

2012-10-02 00:36:27 -------- d-----w- C:\Windows\System32\drivers\NISx64\1309000.009

2012-09-29 19:48:12 -------- d-----w- C:\ProgramData\MediaMonkey

2012-09-29 19:48:08 -------- d-----w- C:\Users\Anthony\AppData\Roaming\MediaMonkey

2012-09-27 03:35:46 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-09-27 03:35:46 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-09-27 03:35:40 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-09-26 14:01:33 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-09-22 20:02:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-09-22 20:02:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-09-20 03:16:25 -------- d-----w- C:\Program Files (x86)\Microsoft Corporation

2012-09-19 01:56:18 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-19 01:56:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-12 14:27:35 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-12 14:27:34 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-12 14:27:34 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-12 14:27:34 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-12 14:27:34 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-12 14:27:34 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-09-12 14:27:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

.

==================== Find3M ====================

.

2012-10-04 19:33:05 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-04 19:33:05 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-15 23:16:52 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 18:05:50.52 ===============

[Maniac]

Hello anm81! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Step 1

Please uninstall this application: Bing HRS Toolbar

Step 2

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
• Put a checkmark beside loaded modules.
  
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
  
• Click the Start Scan button.
  
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 3

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

• TDSSKiller log
  
• Malwarebytes' Anti-Malware log
  
• a new fresh DDS log

[anm81]

New DDS log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Anthony at 12:54:11 on 2012-10-06

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.6475 [GMT -6:00]

.

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Microsoft Device Center\ipoint.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\System32\vds.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uStart Page = about:blank

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [ouekjsbwxmrewft] C:\ProgramData\ouekjsbw.exe

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

dRun: [Apple] rundll32.exe "C:\Users\Anthony\AppData\Local\Apple Computer\Apple\mazyebsy.dll",DllRegisterServerW

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{0392DEE3-4F2A-4EED-8133-34D4E6248495} : DhcpNameServer = 208.180.42.100 208.180.42.68

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2516D6164616 : DhcpNameServer = 172.20.100.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\2656C6B696E6E2732683 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\3555444454E4C494E4B4E2E45445D253635453 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{DBCFD52F-857F-427E-B3A0-D5BB20ADF6FB}\54E67456E6965737146344333334 : DhcpNameServer = 69.6.190.10 69.6.190.11

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

BHO-X64: Norton Identity Protection - No File

BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL

BHO-X64: Norton Vulnerability Protection - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-10-1 1385120]

R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121005.002\IDSviA64.sys [2012-10-5 513184]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [?]

R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1309000.009\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1309000.009\SYMNETS.SYS [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-5-19 13336]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe [2012-10-1 138272]

R2 regi;regi;\??\C:\Windows\system32\drivers\regi.sys --> C:\Windows\system32\drivers\regi.sys [?]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-18 189984]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-10-5 259192]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-30 138912]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-10-5 44736]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2012-5-21 401920]

S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;C:\Windows\system32\DRIVERS\hcw72ADFilter.sys --> C:\Windows\system32\DRIVERS\hcw72ADFilter.sys [?]

S3 hcw72ATV;WinTV HVR-950 NTSC;C:\Windows\system32\DRIVERS\hcw72ATV.sys --> C:\Windows\system32\DRIVERS\hcw72ATV.sys [?]

S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;C:\Windows\system32\DRIVERS\hcw72DTV.sys --> C:\Windows\system32\DRIVERS\hcw72DTV.sys [?]

S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2012-10-5 1223024]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-8-23 166400]

S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-8-23 128512]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-9-3 133104]

S4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]

S4 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]

S4 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-2-6 1153368]

S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-9-3 120104]

S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-9-3 70952]

S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-9-3 427304]

S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-9-3 75048]

S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-9-3 91432]

S4 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-9-3 104960]

S4 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-9-3 411496]

S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]

S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-9-3 468264]

S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-9-3 357672]

S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-9-3 110888]

.

=============== Created Last 30 ================

.

2012-10-06 13:37:33 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-02 00:36:40 737952 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtsp64.sys

2012-10-02 00:36:40 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1309000.009\symds64.sys

2012-10-02 00:36:40 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symnets.sys

2012-10-02 00:36:40 37536 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\srtspx64.sys

2012-10-02 00:36:40 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ironx64.sys

2012-10-02 00:36:40 167072 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\ccsetx64.sys

2012-10-02 00:36:40 1129120 ----a-w- C:\Windows\System32\drivers\NISx64\1309000.009\symefa64.sys

2012-10-02 00:36:27 -------- d-----w- C:\Windows\System32\drivers\NISx64\1309000.009

2012-09-29 19:48:12 -------- d-----w- C:\ProgramData\MediaMonkey

2012-09-29 19:48:08 -------- d-----w- C:\Users\Anthony\AppData\Roaming\MediaMonkey

2012-09-27 03:35:46 916456 ----a-w- C:\Windows\System32\deployJava1.dll

2012-09-27 03:35:46 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll

2012-09-27 03:35:40 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2012-09-26 14:01:33 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2012-09-22 20:02:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-09-22 20:02:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-09-19 01:56:18 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-19 01:56:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-09-12 14:27:35 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-12 14:27:34 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-12 14:27:34 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-12 14:27:34 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-12 14:27:34 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-12 14:27:34 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-09-12 14:27:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

.

==================== Find3M ====================

.

2012-10-04 19:33:05 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-10-04 19:33:05 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-08-15 23:16:52 27256 ----a-w- C:\Windows\System32\drivers\FixZeroAccess.sys

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 12:57:14.65 ===============

[anm81]

Results of Malwarebytes scan:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.05.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Anthony :: ANTHONY-VAIO [administrator]

10/6/2012 7:44:04 AM

mbam-log-2012-10-06 (07-44-04).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 676865

Time elapsed: 2 hour(s), 57 minute(s), 9 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 2

C:\TDSSKiller_Quarantine\06.10.2012_07.31.28\mbr0000\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

[anm81]

TDSSKiller file too long to post. Saved as attachment.

[anm81]

TDSSKiller log (too long to copy & paste)

TDSSKiller.2.8.10.0_06.10.2012_07.31.26_log.txt

[Maniac]

You don't follow my instructions correctly. Please more carefully.

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

07:37:37.0683 3228 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

07:37:37.0683 3228 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

[anm81]

New TDSSKiller Log attached

Subsequent MalwareBytes log:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.05.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Anthony :: ANTHONY-VAIO [administrator]

10/7/2012 9:39:59 AM

mbam-log-2012-10-07 (09-39-59).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 674360

Time elapsed: 2 hour(s), 49 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\TDSSKiller_Quarantine\07.10.2012_09.14.23\tdlfs0000\tsk0002.dta (Trojan.Agent.MRGGen) -> Quarantined and deleted successfully.

(end)

TDSSKiller.2.8.10.0_07.10.2012_09.05.31_log.txt

TDSSKiller.2.8.10.0_07.10.2012_09.14.23_log.txt

[Maniac]

You are not follow my instructions right. Please repeat step 2.

[anm81]

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.07.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Anthony :: ANTHONY-VAIO [administrator]

10/7/2012 7:41:32 PM

mbam-log-2012-10-07 (19-41-32).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 251656

Time elapsed: 56 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

[Maniac]

Good!

Note: Please do not run this tool without special supervision and instruction of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[anm81]

ComboFix 12-10-08.01 - Anthony 10/08/2012 7:13.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8031.6105 [GMT -6:00]

Running from: c:\users\Anthony\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\FlashPlayerInstaller.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-09-08 to 2012-10-08 )))))))))))))))))))))))))))))))

.

.

2012-10-08 13:23 . 2012-10-08 13:23 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-10-06 13:37 . 2012-10-07 15:32 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-05 18:08 . 2012-10-05 18:08 -------- d-----w- c:\program files (x86)\Opera

2012-10-02 00:36 . 2012-10-03 14:29 -------- d-----w- c:\windows\system32\drivers\NISx64\1309000.009

2012-09-29 19:48 . 2012-09-29 19:48 -------- d-----w- c:\programdata\MediaMonkey

2012-09-29 19:48 . 2012-09-29 19:48 -------- d-----w- c:\users\Anthony\AppData\Roaming\MediaMonkey

2012-09-27 03:35 . 2012-09-27 03:35 916456 ----a-w- c:\windows\system32\deployJava1.dll

2012-09-27 03:35 . 2012-09-27 03:35 289768 ----a-w- c:\windows\system32\javaws.exe

2012-09-27 03:35 . 2012-09-27 03:35 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-09-27 03:35 . 2012-09-27 03:35 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2012-09-27 03:35 . 2012-09-27 03:35 189416 ----a-w- c:\windows\system32\javaw.exe

2012-09-27 03:35 . 2012-09-27 03:35 188904 ----a-w- c:\windows\system32\java.exe

2012-09-26 14:01 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-22 20:02 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-22 20:02 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-09-19 19:07 . 2012-09-20 02:47 -------- d-----w- c:\users\Anthony - 1

2012-09-19 01:56 . 2012-09-19 01:56 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-19 01:56 . 2012-09-07 23:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-19 00:30 . 2012-09-19 00:30 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes

2012-09-19 00:26 . 2012-09-19 00:26 -------- d-----w- c:\users\Guest\AppData\Roaming\Intel Corporation

2012-09-12 14:27 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-09-12 14:27 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-09-12 14:27 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-09-12 14:27 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-09-12 14:27 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-09-12 14:27 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 14:27 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-04 19:33 . 2012-03-31 13:31 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-04 19:33 . 2011-06-16 06:07 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-12 18:40 . 2009-11-05 00:44 64462936 ----a-w- c:\windows\system32\MRT.exe

2012-08-15 23:16 . 2012-08-14 23:01 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys

2012-07-18 18:15 . 2012-08-15 14:23 3148800 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-08-27 79872]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-07-01 18:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

R3 46689277;46689277;c:\windows\system32\drivers\40553321.sys [x]

R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]

R3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\DRIVERS\hcw72ADFilter.sys [2010-04-23 38656]

R3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\DRIVERS\hcw72ATV.sys [2010-04-23 1631488]

R3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\DRIVERS\hcw72DTV.sys [2010-04-23 1634176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 SYMNDISV;Symantec Network Filter Driver; [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-09 1223024]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-29 1255736]

R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 133104]

R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 133104]

R4 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-06-26 313840]

R4 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-06-26 362992]

R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R4 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-27 120104]

R4 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-27 70952]

R4 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-27 427304]

R4 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-27 75048]

R4 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-27 91432]

R4 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]

R4 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-08-22 411496]

R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]

R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-06-26 468264]

R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-06-26 357672]

R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-06-18 110888]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2012-03-29 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120928.001\BHDrvx64.sys [2012-08-31 1385120]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20121005.002\IDSvia64.sys [2012-09-06 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-03 189984]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]

S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-05-28 52320]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-30 138912]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-08-05 139264]

S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-06-27 46176]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2009-06-11 11392]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-07-31 393216]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 08:28]

.

2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-03 08:28]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\Anthony\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]

"IntelliPoint"="c:\program files\Microsoft Device Center\ipoint.exe" [2012-06-27 2004584]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mLocal Page = c:\windows\system32\blank.htm

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-ouekjsbwxmrewft - c:\programdata\ouekjsbw.exe

Wow6432Node-HKU-Default-Run-Apple - c:\users\Anthony\AppData\Local\Apple Computer\Apple\mazyebsy.dll

SafeBoot-10412561.sys

SafeBoot-46689277.sys

SafeBoot-57884251.sys

SafeBoot-83294327.sys

HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Riven The sequel to Myst_is1 - c:\program files (x86)\GOG.com\Riven\unins000.exe

AddRemove-{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E} - c:\program files (x86)\InstallShield Installation Information\{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-10-08 07:27:11

ComboFix-quarantined-files.txt 2012-10-08 13:27

.

Pre-Run: 166,576,607,232 bytes free

Post-Run: 166,291,271,680 bytes free

.

- - End Of File - - AB798B14199A7273C25DE3E4BF88A06C

[Maniac]

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[anm81]

I ran the ESET Online Scanner (twice). The first time, the ESET scanner removed several purported threats. However, the log.txt file was practically empty save for the title of the program with no pertinent info to the scan, itself. The 2nd time, it was shown to be clean, though, strangely, no log.txt file was produced at all. I have no desire to run a third scan as it would be redundant and time-consuming and my PC seems to be clean.

[Maniac]

Glad to know that!

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

Next, uninstall ESET Online Scanner.

Some malware prevenion tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing!

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!