Jump to content

Open windows losing focus, searches redirecting... Help appreciated


Ballare

Recommended Posts

Hi and thanks in advance for your time,

I recently had to do a system restore due to a nasty .exe I'd stupidly downloaded. Thought the restore had fixed the issue as my computer ran smoothly for a day or so, but small problems keep cropping up which makes me think there's still something kicking around. Open windows (Firefox, OpenOffice, for example) are losing focus every minute or so; new tabs or searches I run in Firefox redirect to unrelated websites; Firefox asks me after every open if it should be made the default browser (and has been my default since I got the laptop). Every so often, IE will open and direct to a random website with no prompting.

So far I've run both AVG and Malwarebytes with no results whatsoever.

I haven't noticed my laptop running any slower or otherwise being affected. Help is much appreciated. Malwarebytes and DDS log as follows, ark.txt and attach.txt zipped and attached.

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7823

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

29/09/2011 4:55:07 PM

mbam-log-2011-09-29 (16-55-07).txt

Scan type: Quick scan

Objects scanned: 181912

Time elapsed: 3 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Run by Beth at 16:49:49 on 2011-09-29

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3758.1392 [GMT -6:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Prey\platform\windows\cronsvc.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Care\VCSpt.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Pidgin\pidgin.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Windows\system32\notepad.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uInternet Settings,ProxyServer = 0.0.0.0:80

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

uRun: [EPSON NX510 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_SCA28.tmp" /EF "HKCU"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Beth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\Beth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{63FEB4C7-04E4-4372-BD5A-89A196E65237} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{63FEB4C7-04E4-4372-BD5A-89A196E65237}\4656661657C647 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{63FEB4C7-04E4-4372-BD5A-89A196E65237}\54870727563737F613 : DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{EB355B97-B221-42AD-8DB2-23C13F05AA16} : NameServer = 0.0.0.0

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\1806v6co.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Beth\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2010-12-23 19968]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]

R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]

R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2010-8-3 252416]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-3 2320920]

R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-8-3 575856]

R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]

R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-3 136176]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-28 366152]

S3 Andbus;LGE Android Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]

S3 AndDiag;LGE Android USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]

S3 AndGps;LGE Android USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]

S3 ANDModem;LGE Android USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]

S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\lgandadb.sys --> C:\Windows\system32\Drivers\lgandadb.sys [?]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-3 136176]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]

S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]

S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]

S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-8-3 1250160]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]

.

=============== Created Last 30 ================

.

2011-09-29 04:51:18 -------- d-----w- C:\Users\Beth\AppData\Roaming\Malwarebytes

2011-09-29 04:51:08 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-29 04:51:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-09-28 04:41:58 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-09-28 04:41:58 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-09-10 18:23:03 -------- d-----w- C:\Program Files (x86)\tamasoftware

.

==================== Find3M ====================

.

2011-09-29 22:31:13 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat

2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 05:14:10 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-07-09 04:30:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

.

============= FINISH: 16:57:14.30 ===============

Hi,

I'm still experiencing troubles, but realized I hadn't attached the .txt files I said I did; I've attached them here. Attach.zip

Anybody out there able to help me?

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

Thanks so much for your reply!

Quick Scan, ComboFix, and DDS logs as follows:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7868

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

04/10/2011 1:28:25 PM

mbam-log-2011-10-04 (13-28-25).txt

Scan type: Quick scan

Objects scanned: 182097

Time elapsed: 5 minute(s), 36 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

ComboFix 11-10-04.04 - Beth 04/10/2011 13:43:55.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3758.1413 [GMT -6:00]

Running from: c:\users\Beth\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Beth\AppData\Local\Temp\swtlib-32\swt-gdip-win32-3650.dll

c:\users\Beth\AppData\Local\Temp\swtlib-32\swt-win32-3650.dll

c:\users\Beth\AppData\Roaming\Local

c:\users\Beth\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\Beth\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\Beth\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\The.Big.Bang.Theory.S02E05.The.Euclid.Alternative.DVDRip.XviD-SAiNTS_ns.avi.ddp

c:\users\Beth\AppData\Roaming\Local\Temp\DDM\Settings\The.Big.Bang.Theory.S02E05.The.Euclid.Alternative.DVDRip.XviD-SAiNTS_ns.avi.ddr

c:\users\Beth\f5d8232-4 ww v1.00.15.bin

.

.

((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))

.

.

2011-10-04 20:13 . 2011-10-04 20:13 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-29 17:05 . 2011-09-29 17:05 -------- d-----w- c:\windows\Sun

2011-09-29 04:51 . 2011-09-29 04:51 -------- d-----w- c:\users\Beth\AppData\Roaming\Malwarebytes

2011-09-29 04:51 . 2011-09-29 04:51 -------- d-----w- c:\programdata\Malwarebytes

2011-09-29 04:51 . 2011-09-29 04:51 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-09-28 04:41 . 2011-09-30 13:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2011-09-28 04:41 . 2011-09-29 22:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2011-09-10 18:23 . 2011-09-10 18:23 -------- d-----w- c:\program files (x86)\tamasoftware

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-04 20:17 . 2011-01-25 03:46 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat

2011-07-22 05:35 . 2011-08-09 19:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-07-22 04:56 . 2011-08-09 19:13 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2011-07-16 05:26 . 2011-08-09 19:14 362496 ----a-w- c:\windows\system32\wow64win.dll

2011-07-16 05:26 . 2011-08-09 19:14 243200 ----a-w- c:\windows\system32\wow64.dll

2011-07-16 05:26 . 2011-08-09 19:14 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2011-07-16 05:26 . 2011-08-09 19:14 214528 ----a-w- c:\windows\system32\winsrv.dll

2011-07-16 05:24 . 2011-08-09 19:14 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2011-07-16 05:21 . 2011-08-09 19:14 422400 ----a-w- c:\windows\system32\KernelBase.dll

2011-07-16 05:17 . 2011-08-09 19:14 338432 ----a-w- c:\windows\system32\conhost.exe

2011-07-16 05:04 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 05:04 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-07-16 04:36 . 2011-08-09 19:14 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2011-07-16 04:32 . 2011-08-09 19:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2011-07-16 04:31 . 2011-08-09 19:14 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2011-07-16 04:30 . 2011-08-09 19:14 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2011-07-16 04:30 . 2011-08-09 19:14 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll

2011-07-16 04:19 . 2011-08-09 19:14 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

2011-07-16 04:19 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

2011-07-16 02:26 . 2011-08-09 19:14 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2011-07-16 02:26 . 2011-08-09 19:14 2048 ----a-w- c:\windows\SysWow64\user.exe

2011-07-16 02:21 . 2011-08-09 19:14 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21 . 2011-08-09 19:14 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21 . 2011-08-09 19:14 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21 . 2011-08-09 19:14 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 05:14 . 2011-08-24 10:51 2048 ----a-w- c:\windows\system32\tzres.dll

2011-07-09 04:30 . 2011-08-24 10:51 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-07-09 02:44 . 2011-08-09 19:14 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]

"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]

.

c:\users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2011-3-24 473616]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-08-18 7390560]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 136176]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]

R3 Andbus;LGE Android Composite USB Device;c:\windows\system32\DRIVERS\lgandbus64.sys [x]

R3 AndDiag;LGE Android USB Serial Port;c:\windows\system32\DRIVERS\lganddiag64.sys [x]

R3 AndGps;LGE Android USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps64.sys [x]

R3 ANDModem;LGE Android USB Modem;c:\windows\system32\DRIVERS\lgandmodem64.sys [x]

R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\lgandadb.sys [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 136176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]

R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]

R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-05-31 1250160]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]

S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2010-12-23 19968]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 15:24]

.

2011-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-03 15:24]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-24 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-24 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-24 413208]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyServer = 0.0.0.0:80

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{EB355B97-B221-42AD-8DB2-23C13F05AA16}: NameServer = 0.0.0.0

FF - ProfilePath - c:\users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\1806v6co.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

AddRemove-VAIO Messenger - c:\programdata\{2BD4D073-FF7E-46C6-B916-02F1AF376300}\VAIO Messenger Setup 2.0.202.0.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2324173582-3166274008-2216476914-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:dd,e4,94,55,4a,1a,45,40,03,43,74,38,0d,88,f3,e5,f1,7c,70,aa,8f,34,b7,

ba,a0,25,29,47,18,a6,44,c3,59,fc,25,ea,ac,2a,7c,39,fe,7f,37,a9,22,5a,d3,f2,\

"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\program files\Sony\VAIO Care\VCSpt.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.exe

c:\program files (x86)\OpenOffice.org 3\program\soffice.bin

c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe

c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

c:\program files\Sony\VAIO Care\listener.exe

c:\program files (x86)\Vuze\Azureus.exe

c:\prey\platform\windows\bin\bash.exe

c:\prey\platform\windows\bin\bash.exe

c:\prey\platform\windows\bin\bash.exe

c:\prey\platform\windows\bin\bash.exe

c:\prey\platform\windows\bin\sed.exe

.

**************************************************************************

.

Completion time: 2011-10-04 14:38:26 - machine was rebooted

ComboFix-quarantined-files.txt 2011-10-04 20:38

.

Pre-Run: 371,391,488,000 bytes free

Post-Run: 371,260,555,264 bytes free

.

- - End Of File - - DD2872007210FC9AA479DECC67E7AB2C

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24

Run by Beth at 14:44:26 on 2011-10-04

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.3758.2155 [GMT -6:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Prey\platform\windows\cronsvc.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\Prey\platform\windows\bin\bash.exe

C:\Windows\system32\conhost.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Program Files (x86)\AVG\AVG10\avgemca.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Sony\VAIO Care\VCSpt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Prey\platform\windows\bin\bash.exe

C:\Prey\platform\windows\bin\curl.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uInternet Settings,ProxyServer = 0.0.0.0:80

uURLSearchHooks: H - No File

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Beth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\Users\Beth\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{63FEB4C7-04E4-4372-BD5A-89A196E65237} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{63FEB4C7-04E4-4372-BD5A-89A196E65237}\4656661657C647 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{63FEB4C7-04E4-4372-BD5A-89A196E65237}\54870727563737F613 : DhcpNameServer = 192.168.1.254 192.168.1.254

TCP: Interfaces\{63FEB4C7-04E4-4372-BD5A-89A196E65237}\D425375636572756 : DhcpNameServer = 142.109.1.85 142.109.1.4

TCP: Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{EB355B97-B221-42AD-8DB2-23C13F05AA16} : NameServer = 0.0.0.0

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

BHO-X64: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Beth\AppData\Roaming\Mozilla\Firefox\Profiles\1806v6co.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Beth\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-8-18 7390560]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2010-12-23 19968]

R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]

R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

R3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-3 136176]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-28 366152]

S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2010-8-3 252416]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-8-3 2320920]

S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-8-3 575856]

S2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]

S3 Andbus;LGE Android Composite USB Device;C:\Windows\system32\DRIVERS\lgandbus64.sys --> C:\Windows\system32\DRIVERS\lgandbus64.sys [?]

S3 AndDiag;LGE Android USB Serial Port;C:\Windows\system32\DRIVERS\lganddiag64.sys --> C:\Windows\system32\DRIVERS\lganddiag64.sys [?]

S3 AndGps;LGE Android USB GPS NMEA Port;C:\Windows\system32\DRIVERS\lgandgps64.sys --> C:\Windows\system32\DRIVERS\lgandgps64.sys [?]

S3 ANDModem;LGE Android USB Modem;C:\Windows\system32\DRIVERS\lgandmodem64.sys --> C:\Windows\system32\DRIVERS\lgandmodem64.sys [?]

S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\lgandadb.sys --> C:\Windows\system32\Drivers\lgandadb.sys [?]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-3 136176]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]

S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]

S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]

S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]

S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-8-3 1250160]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]

.

=============== File Associations ===============

.

inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-10-04 20:38:06 -------- d-sh--w- C:\$RECYCLE.BIN

2011-10-04 19:36:06 98816 ----a-w- C:\Windows\sed.exe

2011-10-04 19:36:06 518144 ----a-w- C:\Windows\SWREG.exe

2011-10-04 19:36:06 256000 ----a-w- C:\Windows\PEV.exe

2011-10-04 19:36:06 208896 ----a-w- C:\Windows\MBR.exe

2011-10-04 19:34:56 -------- d-----w- C:\ComboFix

2011-09-29 04:51:18 -------- d-----w- C:\Users\Beth\AppData\Roaming\Malwarebytes

2011-09-29 04:51:08 -------- d-----w- C:\ProgramData\Malwarebytes

2011-09-29 04:51:03 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-09-28 04:41:58 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2011-09-28 04:41:58 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-09-10 18:23:03 -------- d-----w- C:\Program Files (x86)\tamasoftware

.

==================== Find3M ====================

.

2011-10-04 20:43:43 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat

2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll

2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll

2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll

2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll

2011-07-16 05:17:46 338432 ----a-w- C:\Windows\System32\conhost.exe

2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe

2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2011-07-09 05:14:10 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-07-09 04:30:52 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

.

============= FINISH: 14:52:38.61 ===============

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.