Jump to content


Photo
- - - - -

Worm:MSIL/Necast.D


  • This topic is locked This topic is locked
5 replies to this topic

#1 tqh

tqh

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 116 posts

Posted 27 December 2012 - 06:06 PM

Hello MB forum. Need some help with a potential malware problem (not my computer). Windows "problem reports and solutions" found the following malware:

Worm:MSIL/Necast.D

I was instructed by this tool to scan with Microsoft Security Scanner. This scanner did not find any threats. Malwarebytes found the following PUP and I deleted it:

C:\Program Files (x86)\ElectionTracker_59\bar\1.bin\59impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.

I'm not sure if it is related or not.

I know Java is way out-of-date but did not want to change anything. I probably will uninstall it.

Thanks in advance for any help.

Here is the current MBAM Log:

See DDS and attach files below that.




Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.12.27.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
KAREN :: KAREN-PC [administrator]

12/27/2012 11:29:37 AM
mbam-log-2012-12-27 (11-29-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235425
Time elapsed: 9 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_33
Run by KAREN at 11:32:18 on 2012-12-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.1257 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\System32\wercon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3185123
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uURLSearchHooks: <No Name>: {fa42903e-48eb-4dbf-b2f1-0426edef18a9} - LocalServer32 - <no file>
uURLSearchHooks: SocialSearchBar Toolbar: {2be1e5a2-f105-4bef-a622-88fe50899422} - C:\Program Files (x86)\SocialSearchBar\prxtbSoci.dll
mURLSearchHooks: SocialSearchBar Toolbar: {2be1e5a2-f105-4bef-a622-88fe50899422} - C:\Program Files (x86)\SocialSearchBar\prxtbSoci.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SocialSearchBar Toolbar: {2be1e5a2-f105-4bef-a622-88fe50899422} - C:\Program Files (x86)\SocialSearchBar\prxtbSoci.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: SocialSearchBar Toolbar: {2BE1E5A2-F105-4BEF-A622-88FE50899422} - C:\Program Files (x86)\SocialSearchBar\prxtbSoci.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: SocialSearchBar Toolbar: {2be1e5a2-f105-4bef-a622-88fe50899422} - C:\Program Files (x86)\SocialSearchBar\prxtbSoci.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"
mRun: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [Election Tracker Search Scope Monitor] "C:\PROGRA~2\ELECTI~2\bar\1.bin\59srchmn.exe" /m=2 /w /h
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.1.1 68.238.96.12
TCP: Interfaces\{1B9892C1-A666-4D28-B6C8-4451C27DC4AD} : DHCPNameServer = 198.224.159.135 198.224.158.135
TCP: Interfaces\{EA76C314-95C8-4BDC-985B-84146B72CD34} : DHCPNameServer = 192.168.1.1 68.238.96.12
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - LocalServer32 - <no file>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KAREN\AppData\Roaming\Mozilla\Firefox\Profiles\x4scr48k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3185123&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - SocialSearchBar Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc59fa66c-2bec-4dc5-8e03-869f674b65d2%7D&mid=7e140ad243c992beb2235945d10005f4-3bbabc88c974d9c5f299a83227263b858039b3a9&ds=AVG&v=11.0.0.9&lang=en&pr=pr&d=2012-05-14%2017%3A43%3A31&sap=ku&q=
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-5-9 55024]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-11 30568]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-16 14112]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-4-23 141344]
R2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-5-9 167424]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-5-9 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-4-23 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-1-14 5184872]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-11 711112]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2008-1-20 27648]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-5-9 19968]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-4-23 126464]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-8-29 4745216]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-4-23 11392]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-4-23 403968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9d08c70dc6129;Google Update Service (gupdate1c9d08c70dc6129);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-9 133104]
S2 Norton Internet Security;Norton Internet Security; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-2 1025352]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-4-23 36392]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-4-23 300032]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-5-9 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-5-9 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-5-9 390440]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-5-9 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-5-9 91432]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-5-9 394536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-5-9 110376]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-5 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-17 09:05:35 67413224 ----a-w- C:\Windows\System32\mrt.exe
2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-15 19:39:16 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-15 19:39:16 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll
2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-11-13 01:55:22 2770432 ----a-w- C:\Windows\System32\win32k.sys
2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-11 20:40:18 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
2012-10-22 19:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-15 09:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-05 09:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-02 09:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 11:33:02.83 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/28/2009 12:22:58 PM
System Uptime: 12/27/2012 9:05:46 AM (2 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz | N/A | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 187.463 GiB free.
D: is Removable
E: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP537: 10/20/2012 10:43:57 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP538: 11/1/2012 6:25:15 PM - Scheduled Checkpoint
RP539: 11/5/2012 12:58:02 PM - VAIO Care Automatic Restore Point
RP540: 11/16/2012 3:00:44 AM - Windows Update
RP541: 11/17/2012 1:55:46 PM - Installed AVG 2013
RP542: 11/17/2012 1:57:33 PM - Installed AVG 2013
RP543: 11/19/2012 3:00:26 AM - Windows Update
RP544: 11/19/2012 7:49:17 PM - Scheduled Checkpoint
RP545: 12/10/2012 6:41:50 PM - VAIO Care Automatic Restore Point
RP546: 12/12/2012 7:02:38 PM - Scheduled Checkpoint
RP547: 12/13/2012 2:26:13 PM - Scheduled Checkpoint
RP548: 12/17/2012 3:00:30 AM - Windows Update
RP549: 12/21/2012 4:37:44 PM - Windows Update
RP550: 12/21/2012 5:06:38 PM - Windows Update
RP551: 12/21/2012 5:38:26 PM - Windows Update
RP552: 12/26/2012 10:39:29 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
Adobe Shockwave Player 11.6
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 2
AVG 2013
AVG Security Toolbar
Bonjour
Choice Guard
Click to Disc
Click to Disc Editor
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Election Tracker Toolbar
FriendsChecker
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Envy 100 D410 series Basic Device Software
HP Envy 100 D410 series Help
HP Envy 100 D410 series Product Improvement Study
HP Photo Creations
HP Update
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java™ 6 Update 33
Java™ SE Runtime Environment 6
Junk Mail filter update
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Transfer
OpenMG Secure Module 5.3.00
PokerStars
PokerStars.net
Primo
QuickBooks Financial Center
QuickBooks Simple Start 2009
Realtek High Definition Audio Driver
Regi
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Runtime
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Setting Utility Series
SmartWi Connection Utility
SocialSearchBar Toolbar
Sony Home Network Library
Sony Picture Utility
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 9
Splashtop
SupportSoft Assisted Service
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Care
VAIO Content Folder Setting
VAIO Content Folder Watcher
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO My Memory Center
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO Power Management
VAIO Presentation Support
VAIO Startup Assistant
VAIO Survey
VAIO Update 4
VAIO Wallpaper Contents
VD64Inst
Verizon Mobile Broadband Drivers
Verizon Wireless MiFi-2200 Firmware Updates
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VZAccess Manager
WIDCOMM Bluetooth Software
WinASO Registry Optimizer 4.5.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinDVD BD for VAIO
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/27/2012 9:44:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/27/2012 9:44:14 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/27/2012 9:44:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/26/2012 7:32:18 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/26/2012 6:01:28 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/26/2012 5:52:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
12/26/2012 5:52:34 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/26/2012 5:52:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
12/26/2012 5:52:13 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/26/2012 5:52:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/26/2012 5:45:31 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/26/2012 5:22:32 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate1c9d08c70dc6129) service terminated unexpectedly. It has done this 1 time(s).
12/26/2012 11:03:06 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/26/2012 11:03:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall SRTSP SRTSPX
12/26/2012 11:03:06 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
12/26/2012 11:03:06 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
12/26/2012 11:01:24 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\DMICall.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/24/2012 7:34:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Entertainment UPnP Client Adapter service to connect.
12/24/2012 7:34:57 PM, Error: Service Control Manager [7000] - The VAIO Entertainment UPnP Client Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2012 7:34:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Vcsw with arguments "" in order to run the server: {AD824619-9A64-4DFF-9426-4111B582A967}
12/24/2012 7:34:27 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/24/2012 7:32:41 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer QuickBooks PDF Converter with shared resource name QuickBooks PDF Converter. Error 2114. The printer cannot be used by others on the network.
12/23/2012 12:02:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SampleCollector service.
12/21/2012 5:41:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
12/21/2012 5:07:59 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Windows Live Essentials 2011 (KB2434419).
12/21/2012 4:54:34 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/21/2012 4:42:11 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
12/21/2012 4:34:26 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/20/2012 7:56:37 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.65 for the Network Card with network address 0022FB808710 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

#2 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 27 December 2012 - 06:09 PM

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.


Next, please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 tqh

tqh

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 116 posts

Posted 27 December 2012 - 08:00 PM

Here are all of the logs requested. Appreciate it.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2012.12.27.10

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
KAREN :: KAREN-PC [administrator]

12/27/2012 6:18:23 PM
mbam-log-2012-12-27 (18-18-23).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235313
Time elapsed: 4 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


ComboFix 12-12-27.03 - KAREN 12/27/2012 18:37:55.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.2075 [GMT -6:00]
Running from: c:\users\KAREN\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-28 )))))))))))))))))))))))))))))))
.
.
2012-12-28 00:49 . 2012-12-28 00:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-12-28 00:49 . 2012-12-28 00:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-27 23:10 . 2012-12-27 23:10 -------- d-----w- c:\users\KAREN\Doctor Web
2012-12-21 22:39 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 22:39 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 22:39 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 22:39 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-17 09:04 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-17 09:04 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-17 09:03 . 2009-07-14 12:19 20480 ----a-w- c:\windows\system32\winusb.dll
2012-12-17 09:03 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-17 09:03 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-17 09:03 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-17 09:03 . 2009-07-14 12:12 16896 ----a-w- c:\windows\SysWow64\winusb.dll
2012-12-17 09:03 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-17 09:03 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-12-17 09:03 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-17 09:03 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-17 09:03 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-17 09:03 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-16 17:40 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll
2012-12-16 17:40 . 2012-08-21 11:50 267648 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-16 17:39 . 2012-11-13 01:55 2770432 ----a-w- c:\windows\system32\win32k.sys
2012-12-16 17:39 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-16 17:39 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-16 17:39 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll
2012-12-16 17:39 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll
2012-12-16 17:39 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-16 17:39 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-16 17:39 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-17 09:05 . 2006-11-02 12:35 67413224 ----a-w- c:\windows\system32\mrt.exe
2012-12-15 19:39 . 2012-05-01 13:00 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-15 19:39 . 2011-08-30 01:04 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-14 22:49 . 2010-03-30 20:02 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-11 20:40 . 2012-11-11 20:40 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-10-22 19:02 . 2012-10-22 19:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2012-10-15 09:48 . 2012-10-15 09:48 63328 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2012-10-05 09:32 . 2012-10-05 09:32 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-10-02 09:30 . 2012-10-02 09:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-06-11 1524056]
"{2be1e5a2-f105-4bef-a622-88fe50899422}"= "c:\program files (x86)\SocialSearchBar\prxtbSoci.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{2be1e5a2-f105-4bef-a622-88fe50899422}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2be1e5a2-f105-4bef-a622-88fe50899422}]
2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\SocialSearchBar\prxtbSoci.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-11 20:40 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-11 1796552]
"{2be1e5a2-f105-4bef-a622-88fe50899422}"= "c:\program files (x86)\SocialSearchBar\prxtbSoci.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CLASSES_ROOT\clsid\{2be1e5a2-f105-4bef-a622-88fe50899422}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" [2009-03-06 77824]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"RegistrationReminder"="c:\program files\Sony\First Experience\OOBEFcdRegistration.exe" [2009-04-14 2054448]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2008-06-26 16384]
"VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-11 997320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HF_G_Jul"="c:\program files (x86)\AVG Secure Search\HF_G_Jul.exe" [2012-07-08 36960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-11-07 3143800]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-11 984352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ rdboot64.exe {16907711-4DF7-479c-939A-8F50F42128C3}
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMPROTECTOR
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 19:39]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-09 09:56]
.
2012-12-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-05-09 09:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-06 6956576]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-06 1833504]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2009-04-13 187904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-04-13 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-04-13 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-13 202264]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3185123
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 68.238.96.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\KAREN\AppData\Roaming\Mozilla\Firefox\Profiles\x4scr48k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3185123&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc59fa66c-2bec-4dc5-8e03-869f674b65d2%7D&mid=7e140ad243c992beb2235945d10005f4-3bbabc88c974d9c5f299a83227263b858039b3a9&ds=AVG&v=11.0.0.9&lang=en&pr=pr&d=2012-05-14%2017%3A43%3A31&sap=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{fa42903e-48eb-4dbf-b2f1-0426edef18a9} - (no file)
Toolbar-{de1540e3-8f32-491f-9868-e0b9c191cdd7} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
Wow6432Node-HKLM-Run-Election Tracker Search Scope Monitor - c:\progra~2\ELECTI~2\bar\1.bin\59srchmn.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
WebBrowser-{DE1540E3-8F32-491F-9868-E0B9C191CDD7} - (no file)
WebBrowser-{2BE1E5A2-F105-4BEF-A622-88FE50899422} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"=hex:51,66,7a,6c,4c,1d,38,12,4e,a0,d4,
c8,f8,fd,f7,04,ce,b0,dc,11,68,88,dc,3d
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"=hex:51,66,7a,6c,4c,1d,38,12,cc,76,af,
a7,b5,51,e8,03,d5,55,10,07,d2,08,45,68
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:80,bd,14,25,39,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-12-27 18:52:55
ComboFix-quarantined-files.txt 2012-12-28 00:52
.
Pre-Run: 202,418,593,792 bytes free
Post-Run: 201,567,453,184 bytes free
.
- - End Of File - - C0E023E3B593D79EAF06C5701C1E6D1D


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_33
Run by KAREN at 18:58:24 on 2012-12-27
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.1723 [GMT -6:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3185123
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uURLSearchHooks: SocialSearchBar Toolbar: {2be1e5a2-f105-4bef-a622-88fe50899422} - C:\Program Files (x86)\SocialSearchBar\prxtbSoci.dll
mURLSearchHooks: SocialSearchBar Toolbar: {2be1e5a2-f105-4bef-a622-88fe50899422} - C:\Program Files (x86)\SocialSearchBar\prxtbSoci.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SocialSearchBar Toolbar: {2be1e5a2-f105-4bef-a622-88fe50899422} - C:\Program Files (x86)\SocialSearchBar\prxtbSoci.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: SocialSearchBar Toolbar: {2BE1E5A2-F105-4BEF-A622-88FE50899422} - C:\Program Files (x86)\SocialSearchBar\prxtbSoci.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: SocialSearchBar Toolbar: {2be1e5a2-f105-4bef-a622-88fe50899422} - C:\Program Files (x86)\SocialSearchBar\prxtbSoci.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
mRun: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"
mRun: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: NameServer = 192.168.1.1 68.238.96.12
TCP: Interfaces\{1B9892C1-A666-4D28-B6C8-4451C27DC4AD} : DHCPNameServer = 198.224.159.135 198.224.158.135
TCP: Interfaces\{EA76C314-95C8-4BDC-985B-84146B72CD34} : DHCPNameServer = 192.168.1.1 68.238.96.12
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
x64-Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - LocalServer32 - <no file>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\KAREN\AppData\Roaming\Mozilla\Firefox\Profiles\x4scr48k.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3185123&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bc59fa66c-2bec-4dc5-8e03-869f674b65d2%7D&mid=7e140ad243c992beb2235945d10005f4-3bbabc88c974d9c5f299a83227263b858039b3a9&ds=AVG&v=11.0.0.9&lang=en&pr=pr&d=2012-05-14%2017%3A43%3A31&sap=ku&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-10-5 111456]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-5-9 55024]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-11-11 30568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-26 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-3-30 682344]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-16 14112]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-4-23 141344]
R2 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-5-9 167424]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-5-9 104960]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-4-23 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-1-14 5184872]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-11 711112]
R2 yksvc;Marvell Yukon Service;C:\Windows\System32\svchost.exe -k yksvcs [2008-1-20 27648]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-5-9 19968]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-4-23 126464]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-3-30 24176]
R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-8-29 4745216]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-4-23 11392]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-4-23 403968]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-6 5814392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9d08c70dc6129;Google Update Service (gupdate1c9d08c70dc6129);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-5-9 133104]
S2 Norton Internet Security;Norton Internet Security; [x]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-2 1025352]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-4-23 36392]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-4-23 300032]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2012-3-26 22528]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-5-9 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-5-9 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-5-9 390440]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-5-9 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-5-9 91432]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-5-9 394536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-5-9 110376]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-5 89920]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
ShellExec: VCExporterLaunch.exe: open="C:\Program Files (x86)\Sony\VAIO VP Utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2012-12-17 09:05:35 67413224 ----a-w- C:\Windows\System32\mrt.exe
2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-15 19:39:16 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-15 19:39:16 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll
2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-11-13 01:55:22 2770432 ----a-w- C:\Windows\System32\win32k.sys
2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-11 20:40:18 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
2012-10-22 19:02:44 154464 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2012-10-15 09:48:50 63328 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-10-05 09:32:50 111456 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-10-02 09:30:38 185696 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
============= FINISH: 18:58:41.02 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/28/2009 12:22:58 PM
System Uptime: 12/27/2012 6:08:34 PM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 Duo CPU T6500 @ 2.10GHz | N/A | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 187.802 GiB free.
D: is Removable
E: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP537: 10/20/2012 10:43:57 AM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers
RP538: 11/1/2012 6:25:15 PM - Scheduled Checkpoint
RP539: 11/5/2012 12:58:02 PM - VAIO Care Automatic Restore Point
RP540: 11/16/2012 3:00:44 AM - Windows Update
RP541: 11/17/2012 1:55:46 PM - Installed AVG 2013
RP542: 11/17/2012 1:57:33 PM - Installed AVG 2013
RP543: 11/19/2012 3:00:26 AM - Windows Update
RP544: 11/19/2012 7:49:17 PM - Scheduled Checkpoint
RP545: 12/10/2012 6:41:50 PM - VAIO Care Automatic Restore Point
RP546: 12/12/2012 7:02:38 PM - Scheduled Checkpoint
RP547: 12/13/2012 2:26:13 PM - Scheduled Checkpoint
RP548: 12/17/2012 3:00:30 AM - Windows Update
RP549: 12/21/2012 4:37:44 PM - Windows Update
RP550: 12/21/2012 5:06:38 PM - Windows Update
RP551: 12/21/2012 5:38:26 PM - Windows Update
RP552: 12/26/2012 10:39:29 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
Adobe Shockwave Player 11.6
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 2
AVG 2013
AVG Security Toolbar
Bonjour
Choice Guard
Click to Disc
Click to Disc Editor
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Election Tracker Toolbar
FriendsChecker
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Envy 100 D410 series Basic Device Software
HP Envy 100 D410 series Help
HP Envy 100 D410 series Product Improvement Study
HP Photo Creations
HP Update
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
iTunes
Java Auto Updater
Java™ 6 Update 33
Java™ SE Runtime Environment 6
Junk Mail filter update
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Music Transfer
OpenMG Secure Module 5.3.00
PokerStars
PokerStars.net
Primo
QuickBooks Financial Center
QuickBooks Simple Start 2009
Realtek High Definition Audio Driver
Regi
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Runtime
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Setting Utility Series
SmartWi Connection Utility
SocialSearchBar Toolbar
Sony Home Network Library
Sony Picture Utility
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 9
Splashtop
SupportSoft Assisted Service
swMSM
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Care
VAIO Content Folder Setting
VAIO Content Folder Watcher
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO My Memory Center
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO Power Management
VAIO Presentation Support
VAIO Startup Assistant
VAIO Survey
VAIO Update 4
VAIO Wallpaper Contents
VD64Inst
Verizon Mobile Broadband Drivers
Verizon Wireless MiFi-2200 Firmware Updates
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Visual Studio 2010 x64 Redistributables
VZAccess Manager
WIDCOMM Bluetooth Software
WinASO Registry Optimizer 4.5.2
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker Beta
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinDVD BD for VAIO
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
12/27/2012 9:44:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
12/27/2012 9:44:14 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/27/2012 9:44:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/27/2012 6:49:37 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
12/27/2012 6:48:45 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/27/2012 6:10:36 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/27/2012 6:10:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DMICall SRTSP SRTSPX
12/27/2012 6:10:36 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
12/27/2012 6:10:36 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
12/27/2012 6:08:55 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\DMICall.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
12/26/2012 7:32:18 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/26/2012 6:01:28 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/26/2012 5:52:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
12/26/2012 5:52:34 PM, Error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/26/2012 5:52:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
12/26/2012 5:52:13 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/26/2012 5:52:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
12/26/2012 5:45:31 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/26/2012 5:22:32 PM, Error: Service Control Manager [7034] - The Google Update Service (gupdate1c9d08c70dc6129) service terminated unexpectedly. It has done this 1 time(s).
12/26/2012 11:03:06 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/24/2012 7:34:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Entertainment UPnP Client Adapter service to connect.
12/24/2012 7:34:57 PM, Error: Service Control Manager [7000] - The VAIO Entertainment UPnP Client Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2012 7:34:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service Vcsw with arguments "" in order to run the server: {AD824619-9A64-4DFF-9426-4111B582A967}
12/24/2012 7:34:27 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/24/2012 7:32:41 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer QuickBooks PDF Converter with shared resource name QuickBooks PDF Converter. Error 2114. The printer cannot be used by others on the network.
12/23/2012 12:02:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SampleCollector service.
12/21/2012 5:41:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
12/21/2012 5:07:59 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070002: Windows Live Essentials 2011 (KB2434419).
12/21/2012 4:54:34 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/21/2012 4:42:11 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
12/21/2012 4:34:26 PM, Error: Service Control Manager [7034] - The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
12/20/2012 7:56:37 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.65 for the Network Card with network address 0022FB808710 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

#4 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 30 December 2012 - 01:27 AM

Hi,


Run TFC by OldTimer to clear temporary files:
  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.



  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.



Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Export the threats found (if any), and post them here.


Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.



Next, download my Security Check from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 tqh

tqh

    Advanced Member

  • Honorary Members
  • PipPipPip
  • 116 posts

Posted 01 January 2013 - 01:48 PM

Hey. Thanks for your help. I already left town and so no longer have access to the computer. They took the computer to their computer guy and he said everything looked fine. So I guess you can close the topic, I hope the guy knows what he is talking about. Thanks again.

#6 screen317

screen317

    MBAM Sentinel

  • Moderators
  • PipPipPipPipPipPip
  • 19,486 posts
  • Gender:Male
  • Location:New Haven, CT

Posted 01 January 2013 - 01:49 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Chris Fistonich
Research Team

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users