help Trojan horse Generic33.CBEF removal

rrs43082 · July 13, 2013

I have been unable to remove Trojan horse Generic33.CBEF

I have run AVG scan, MBAM Quick scan, and MBAM Full Scan

MBAR seems to get stuck during system scan

Here is the MBAM Quick scan log

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Verdie Mae :: VERDIEMAE-VAIO [administrator]

Protection: Enabled

7/12/2013 10:24:05 PM
mbam-log-2013-07-12 (22-24-05).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is the MBAM Flash scan log

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.12.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16635
Verdie Mae :: VERDIEMAE-VAIO [administrator]

Protection: Enabled

7/12/2013 10:29:10 PM
mbam-log-2013-07-12 (22-29-10).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is the DDS log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Verdie Mae at 21:58:35 on 2013-07-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2003 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe
C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe
C:\Users\Verdie Mae\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Personalization Manager\VpmIfPav.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_94_ActiveX.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.

mWinlogon: Userinit = userinit.exe,
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - LocalServer32 - <no file>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Elbserver] C:\Program Files (x86)\Sony\Media Gallery\ElbServer.exe /Stay
uRun: [VRLPHelper] C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe /Stay
uRun: [EPSON Artisan 50 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIFFA.EXE /FU "C:\Windows\TEMP\E_S6579.tmp" /EF "HKCU"
uRun: [spotify Web Helper] "C:\Users\Verdie Mae\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
dRun: [searchProtect] \SearchProtect\bin\cltmng.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

TCP: NameServer = 192.168.1.1
TCP: Interfaces\{892743EA-C1C9-4DED-9706-51469157C58B} : DHCPNameServer = 62.24.0.10 62.24.0.9
TCP: Interfaces\{CED935FE-D553-4E90-8133-829D68E47A19} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-20 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-4-20 2361344]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-11 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-11 701512]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-4-20 259192]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-4-20 105024]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-20 2656280]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-19 546608]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-19 385336]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-4-20 852160]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-4-20 19968]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-29 317440]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-7-11 25928]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-4-20 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-29 425064]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-4-20 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-4-20 1021112]
S1 rmunugbq;rmunugbq;C:\Windows\System32\drivers\rmunugbq.sys [2013-7-12 49872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-19 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-9-29 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-07-12 08:38:57 49872 ----a-w- C:\Windows\System32\drivers\rmunugbq.sys
2013-07-12 08:35:44 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{403E71AD-E049-4187-AA1D-1C8C0F4E9E9E}\offreg.dll
2013-07-12 08:32:43 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{403E71AD-E049-4187-AA1D-1C8C0F4E9E9E}\mpengine.dll
2013-07-12 02:52:53 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-12 02:36:12 -------- d-----w- C:\Users\Verdie Mae\AppData\Roaming\AVG
2013-07-12 02:35:21 -------- d-----w- C:\ProgramData\AVG
2013-07-12 02:33:47 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-07-12 01:36:11 -------- d-----w- C:\Users\Verdie Mae\AppData\Roaming\AVG2013
2013-07-12 01:35:31 -------- d-----w- C:\Users\Verdie Mae\AppData\Roaming\TuneUp Software
2013-07-12 01:33:48 -------- d--h--w- C:\$AVG
2013-07-12 01:33:48 -------- d-----w- C:\ProgramData\AVG2013
2013-07-12 01:32:51 -------- d-----w- C:\Program Files (x86)\AVG
2013-07-12 01:25:31 -------- d--h--w- C:\ProgramData\Common Files
2013-07-12 01:25:31 -------- d-----w- C:\Users\Verdie Mae\AppData\Local\MFAData
2013-07-12 01:25:31 -------- d-----w- C:\Users\Verdie Mae\AppData\Local\Avg2013
2013-07-12 01:25:31 -------- d-----w- C:\ProgramData\MFAData
2013-07-11 22:59:13 -------- d-----w- C:\Users\Verdie Mae\AppData\Roaming\Malwarebytes
2013-07-11 22:59:02 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-11 22:59:01 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-07-11 22:59:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-11 21:50:01 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll
2013-07-11 21:50:01 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-07-11 21:50:01 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-07-11 21:50:01 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll
2013-07-11 21:50:01 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2013-07-11 21:50:01 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll
2013-07-11 21:50:01 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll
2013-07-11 21:50:01 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll
2013-07-11 21:50:01 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-11 21:50:01 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll
2013-07-11 21:50:00 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-11 21:49:48 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-07-11 21:49:48 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-11 21:49:48 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 21:49:47 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 21:49:47 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-11 21:49:47 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-11 21:49:38 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-07-11 21:49:37 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-07-11 21:33:53 -------- dc-h--w- C:\ProgramData\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}
2013-06-18 02:33:55 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-06-18 02:33:55 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
.
==================== Find3M ====================
.
2013-07-12 01:25:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-12 01:25:13 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-11 21:30:56 9089416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-22 17:43:36 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
.
============= FINISH: 21:59:16.66 ===============

Here is the attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/25/2011 5:44:56 PM
System Uptime: 7/12/2013 3:47:07 AM (18 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Pentium® CPU B940 @ 2.00GHz | N/A | 2000/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 386.058 GiB free.
D: is Removable
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP103: 4/4/2013 1:30:31 PM - Windows Modules Installer
RP104: 4/29/2013 10:09:32 PM - Windows Update
RP105: 5/14/2013 9:48:16 PM - Windows Update
RP106: 5/22/2013 1:37:02 PM - Windows Update
RP107: 6/7/2013 1:07:43 PM - Windows Update
RP108: 6/17/2013 10:18:00 PM - Windows Update
RP109: 7/11/2013 5:30:23 PM - Windows Update
RP111: 7/11/2013 6:18:35 PM - Windows Defender Checkpoint
RP112: 7/11/2013 6:37:46 PM - Removed Skype Click to Call
RP113: 7/11/2013 6:51:26 PM - Removed Oasis2Service
RP114: 7/11/2013 9:32:20 PM - Installed AVG 2013
RP115: 7/11/2013 9:33:08 PM - Installed AVG 2013
RP116: 7/11/2013 10:35:26 PM - Installed AVG PC TuneUp
RP117: 7/11/2013 11:15:13 PM - Removed AVG PC TuneUp
RP118: 7/11/2013 11:16:29 PM - Removed AVG PC TuneUp Language Pack (en-US)
RP119: 7/12/2013 3:00:16 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Alps Pointing-device for VAIO
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
AVG 2013
BearShare
Conexant HD Audio
D3DX10
EPSON Artisan 50 Series Printer Uninstall
Epson CreativeZone
Epson Easy Photo Print 2
Epson Print CD
Google Toolbar for Internet Explorer
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java 6 Update 22
Java 6 Update 22 (64-bit)
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Media Gallery
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Camera Codec Pack
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
OOBE
PlayReady PC Runtime amd64
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.3
Sony Corporation
Spotify
SSLx64
SSLx86
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Messenger
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
VESx64
VESx86
Visual Studio 2010 x64 Redistributables
VIx64
VIx86
VLC media player 2.0.2
VSNx64
Vuze
VWSTx86
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
7/12/2013 3:46:24 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
7/11/2013 6:42:17 PM, Error: Service Control Manager [7031] - The Application Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
7/11/2013 6:27:33 PM, Error: Service Control Manager [7034] - The Application Sendori service terminated unexpectedly. It has done this 1 time(s).
7/11/2013 6:27:33 PM, Error: Service Control Manager [7031] - The Service Sendori service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1200000 milliseconds: Restart the service.
.
==== End Of File ===========================

Thank you for any help you can give me in cleaning up this laptop!

AdvancedSetup · July 13, 2013

Hello and :welcome:

Please run the following and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.

Pleae fully uninstall the following software
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 22 (64-bit)

Please either uninstall this Peer2Peer software or fully disable it from running while we assist you as these type of software applications can infect your computer very easily.
BearShare
Vuze

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download ERUNT from one of the following links: Link1 | Link2 | Link3
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double click on erunt-setup.exe to Install ERUNT by following the prompts.
NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup.
- Note: the default location is C:\Windows\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK
Then click on YES to create the folder.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02

Please download Malwarebytes Anti-Rootkit from HERE
- Unzip the contents to a folder in a convenient location.
- Open the folder where the contents were unzipped and run mbar.exe
- Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
- Click on the Cleanup button to remove any threats and reboot if prompted to do so.
- Wait while the system shuts down and the cleanup process is performed.
- Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
- When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
STEP 03

Please download Junkware Removal Tool to your desktop.
- Shutdown your antivirus to avoid any conflicts.
- Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next reply message
- When completed make sure to re-enable your antivirus
STEP 04

Please download AdwCleaner by Xplode to your desktop.
- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- If prompted by the User Account Control click Yes to allow it to run.
- Under Actions click on the Delete button.
- Click OK on all prompts.
- You will be prompted to restart your computer. A text file will open after the restart.
- Please post the entire contents of that logfile to your next reply.
- You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.
STEP 05

Please go here to run the online antivirus scannner from ESET.
- Turn off the real time scanner of any existing antivirus program while performing the online scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is unticked
- Click on Advanced Settings and ensure these options are ticked:
  - Scan for potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth Technology
- Click Scan
- Wait for the scan to finish
- If any threats were found, click the 'List of found threats' , then click Export to text file....
- Save it to your desktop, then please copy and paste that log as a reply to this topic.

rrs43082 · July 13, 2013

I uninstalled Java 6 Update 22, Java 6 Update 22 (64-bit) and Vuze.

I could not locate Java Auto Updater in my remove programs control panel.

I also could not locate BearShare in the remove programs control panel, and when I navigated to its Program Files (x86) folder, there was not an uninstall application. Should I just delete the entire folder or is there a program that will remove BearShare?

rrs43082 · July 13, 2013

Upon installing and running ERUNT, I received a message stating

Unable to create file:

C:\WIndows\ERDNT\7-13-2013\ERDNT.INF

Registry backup will continue, but no restore information for the ERDNT program will be saved. This means that later restoration of the registry can only be done manually by using another OS to copy back the files.

I clicked OK and then got a warning stating

Error saving file

C:\Windows\ERDNT\7-13-2013\BCD !

Continue with the next file?

[RegCreateKeyEx:5 - Access is denied]