Seems like a bundle, search.conduit + wisdom tool bar + welcome to ngnix!

[keen2215]

Hello,

Not sure exactly what happened since this is a laptop for office-use only. The only download that'd be suspicious was a download from CNET, it was the screenhunter's free version.

Any help would be greatly appreciated, I've updated and ran Malwarebyte's Anti-Malware but the problem still persist...if not getting worse.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Dick Chen at 15:30:08 on 2012-04-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4012.1649 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\TrueSuite\TrueSuite.Service.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe

C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\IPEVO\P2V\P2V.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Dick Chen\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe

C:\Program Files (x86)\COOLINGTECH SOFTWARE R&D CENTER\COOLINGTECH SOFTWARE R&D CENTER\AveoSTI.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Sony\VAIO Care\VCPerfService.exe

C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Sony\VAIO Care\listener.exe

C:\Windows\system32\wbem\wmiprvse.exe

c:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files\Sony\VAIO Care\VCSystemTray.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Sony\VAIO Care\VCService.exe

C:\Program Files\Sony\VAIO Care\VCAgent.exe

C:\Windows\System32\vds.exe

C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

C:\Program Files\Sony\VAIO Care\VCAdmin.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\TrueSuite\TrueSuite.WeblogonHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - mscoree.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

uRun: [Point of View] "C:\Program Files (x86)\IPEVO\P2V\P2V.exe" -startup

uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [Wisdom-soft ScreenHunter 6.0 Free] 0

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [Google Update] "C:\Users\Dick Chen\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AveoSTI] C:\Program Files (x86)\COOLINGTECH SOFTWARE R&D CENTER\COOLINGTECH SOFTWARE R&D CENTER\AveoSTI.exe

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\DICKCH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dick Chen\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\DICKCH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{401D7FEA-3431-4CC6-A939-1CDF6C94CAD5} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{401D7FEA-3431-4CC6-A939-1CDF6C94CAD5}\155716C69647970294E6E602D4962716D61627 : DhcpNameServer = 10.128.128.128

TCP: Interfaces\{401D7FEA-3431-4CC6-A939-1CDF6C94CAD5}\649637865627D616E6 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{401D7FEA-3431-4CC6-A939-1CDF6C94CAD5}\669637865627D616E6 : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - mscoree.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll

BHO-X64: TSBHO Class - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AveoSTI] C:\Program Files (x86)\COOLINGTECH SOFTWARE R&D CENTER\COOLINGTECH SOFTWARE R&D CENTER\AveoSTI.exe

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

.

============= SERVICES / DRIVERS ===============

.

R0 dlkmdldr;dlkmdldr;C:\Windows\system32\drivers\dlkmdldr.sys --> C:\Windows\system32\drivers\dlkmdldr.sys [?]

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-12 661504]

R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-7-13 249648]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-11-14 921664]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-11-14 995392]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-13 135952]

R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2012-4-10 8498608]

R2 FPLService;TrueSuiteService;C:\Program Files\TrueSuite\TrueSuite.Service.exe [2011-4-26 294216]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-13 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-13 2413056]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-19 654408]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-8-24 430136]

R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-23 1153368]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-2-23 105024]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-13 2656536]

R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-3-13 535176]

R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-3-13 955832]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\system32\DRIVERS\ATSwpWDF.sys --> C:\Windows\system32\DRIVERS\ATSwpWDF.sys [?]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-11-14 1355840]

R3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys --> C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [?]

R3 dlkmd;dlkmd;C:\Windows\system32\drivers\dlkmd.sys --> C:\Windows\system32\drivers\dlkmd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys --> C:\Windows\system32\DRIVERS\iwdbus.sys [?]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]

R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-20 54432]

R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]

R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-2 116648]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253088]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?]

S3 AVEO;USB2.0 PC Camera;C:\Windows\system32\DRIVERS\AVEOdcnt.sys --> C:\Windows\system32\DRIVERS\AVEOdcnt.sys [?]

S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-9-15 195320]

S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-3-13 245760]

S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-2 116648]

S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys --> C:\Windows\system32\drivers\intelaud.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-1-4 340240]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]

S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]

S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]

S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-9-1 894624]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-9-8 549408]

S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-04-24 20:28:16 -------- d-----w- C:\Users\Dick Chen\AppData\Local\blekkotb

2012-04-24 15:28:01 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{403F38CF-96B8-4B47-BDAA-4CD64535A691}\mpengine.dll

2012-04-24 00:13:57 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Windows Live

2012-04-24 00:13:39 -------- d-----w- C:\Users\Dick Chen\AppData\Local\{8CF3B0E0-50C2-47B7-976C-66CE44C6AC2A}

2012-04-23 19:23:28 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-04-23 19:23:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-04-20 19:10:59 -------- d-----w- C:\Windows\System32\drivers\UMDF\zh-CN

2012-04-20 19:10:58 -------- d-----w- C:\Windows\System32\drivers\UMDF\ja-JP

2012-04-20 19:10:57 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-BR

2012-04-20 19:10:56 -------- d-----w- C:\Windows\System32\drivers\UMDF\pt-PT

2012-04-20 19:10:56 -------- d-----w- C:\Windows\System32\drivers\UMDF\nl-NL

2012-04-20 19:10:55 -------- d-----w- C:\Windows\System32\drivers\UMDF\it-IT

2012-04-20 19:10:54 -------- d-----w- C:\Windows\System32\drivers\UMDF\fr-FR

2012-04-20 19:10:54 -------- d-----w- C:\Windows\System32\drivers\UMDF\de-DE

2012-04-20 19:10:53 -------- d-----w- C:\Windows\System32\drivers\UMDF\es-ES

2012-04-19 18:08:40 -------- d-----w- C:\Users\Dick Chen\AppData\Roaming\Malwarebytes

2012-04-19 18:06:32 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-19 18:06:31 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-19 18:06:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-19 18:03:30 301904 ----a-w- C:\Windows\System32\drivers\dlkmd.sys

2012-04-19 18:03:30 15184 ----a-w- C:\Windows\System32\drivers\dlkmdldr.sys

2012-04-19 17:24:08 -------- d-----w- C:\Program Files\DisplayLink Core Software

2012-04-19 17:19:29 0 ----a-w- C:\Windows\SysWow64\dlumd9.dll

2012-04-19 17:19:29 0 ----a-w- C:\Windows\SysWow64\dlumd11.dll

2012-04-19 17:19:29 0 ----a-w- C:\Windows\SysWow64\dlumd10.dll

2012-04-19 17:19:29 0 ----a-w- C:\Windows\System32\dlumd9.dll

2012-04-19 17:19:29 0 ----a-w- C:\Windows\System32\dlumd11.dll

2012-04-19 17:19:29 0 ----a-w- C:\Windows\System32\dlumd10.dll

2012-04-19 17:19:27 2071040 ----a-w- C:\Windows\System32\DisplayLinkUsbCo64_6.1.32700.0.dll

2012-04-19 17:19:27 17408 ----a-w- C:\Windows\System32\drivers\DisplayLinkUsbPort_6.1.32700.0.sys

2012-04-18 18:32:42 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Wisdom-soft

2012-04-18 18:22:38 -------- d-----w- C:\Users\Dick Chen\AppData\Local\CRE

2012-04-18 18:22:34 -------- d-----w- C:\Program Files (x86)\Conduit

2012-04-18 18:22:33 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Conduit

2012-04-15 21:47:25 -------- d-----w- C:\PFiles

2012-04-11 06:20:00 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-04-11 06:20:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-04-11 06:17:39 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-11 06:17:39 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-11 06:17:39 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-11 06:17:38 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-11 06:17:38 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-11 06:17:38 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-11 06:17:38 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-11 04:24:20 1137072 ----a-w- C:\Windows\System32\dlumd64.dll

2012-04-11 04:24:17 943536 ----a-w- C:\Windows\SysWow64\dlumd32.dll

2012-04-11 04:24:12 105904 ----a-w- C:\Windows\System32\DLTmmB.dll

2012-04-11 04:24:11 102832 ----a-w- C:\Windows\System32\ManageTMMLifeTime.dll

2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-04-01 04:22:42 -------- d-----w- C:\Program Files\iPod

2012-04-01 04:22:41 -------- d-----w- C:\Program Files\iTunes

2012-04-01 04:22:41 -------- d-----w- C:\Program Files (x86)\iTunes

2012-03-31 21:15:09 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-03-31 04:48:13 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-03-29 23:53:32 -------- d-----w- C:\Users\Dick Chen\AppData\Local\ATI

2012-03-28 23:45:53 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Real

2012-03-28 23:25:15 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Sony

2012-03-27 16:46:53 -------- d-----w- C:\Program Files (x86)\Cisco

2012-03-27 16:46:03 -------- d--h--w- C:\Windows\System32\WLANProfiles

2012-03-26 20:12:00 19464 ----a-w- C:\Windows\System32\drivers\AWOPFilterDriver.sys

2012-03-26 20:10:10 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Downloaded Installations

2012-03-26 20:10:05 -------- d-----w- C:\dell

2012-03-26 18:14:55 -------- d-----w- C:\Users\Dick Chen\AppData\Local\Alienware

2012-03-26 18:14:48 -------- d-----w- C:\Program Files\Alienware

.

==================== Find3M ====================

.

2012-04-13 19:15:34 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-03 21:05:04 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2012-03-28 23:45:17 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-03-21 05:30:36 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-03-14 01:15:26 74703 ----a-w- C:\Windows\SysWow64\mfc45.dll

2012-03-13 08:06:06 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-03-13 07:35:29 0 ----a-w- C:\Windows\ativpsrm.bin

2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-15 18:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys

2012-02-15 18:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-07 18:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 15:31:01.27 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 3/13/2012 7:53:32 AM

System Uptime: 4/24/2012 3:18:17 PM (0 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core i5-2450M CPU @ 2.50GHz | N/A | 2501/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 452 GiB total, 294.185 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP47: 4/14/2012 10:43:05 PM - Windows Update

RP48: 4/15/2012 2:47:02 PM - Installed Windows Media Player Firefox Plugin

RP49: 4/18/2012 9:56:53 PM - Windows Update

RP50: 4/19/2012 10:01:40 AM - Installed DisplayLink Core Software

RP51: 4/19/2012 10:02:03 AM - Installed DisplayLink Graphics

RP52: 4/19/2012 10:23:38 AM - Installed DisplayLink Core Software

RP53: 4/19/2012 10:34:39 AM - Installed DisplayLink Graphics

RP55: 4/20/2012 12:09:01 PM - Installed Zune 4.8

RP56: 4/22/2012 3:21:49 PM - Windows Update

RP57: 4/24/2012 9:38:09 AM - Installed VAIO Update 5

RP58: 4/24/2012 1:51:31 PM - Windows Backup

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

2007 Microsoft Office system

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Connect Add-in

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Reader X (10.1.3) MUI

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Apple Application Support

Apple Software Update

Application Manager for VAIO

ArcSoft Magic-i Visual Effects 2

ArcSoft WebCam Companion 4

BarTender UltraLite 9.20

Bing Bar

Brother MFL-Pro Suite MFC-7360N

Brother P-touch Editor 5.0

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Catalyst Control Center Profiles Mobile

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

COOLINGTECH SOFTWARE R&D CENTER

CoolingTech version 2.0

Core FTP LE

D3DX10

Dropbox

eReg

Evernote v. 4.5.4

FDUx86

FileZilla Client 3.5.3

Google Chrome

Google Earth Plug-in

Google Update Helper

HL-4150CDN

Intel PROSet Wireless

Intel® Display Audio Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® WiDi

Java Auto Updater

Java 6 Update 31

Junk Mail filter update

Keyboard Shortcuts

KUx86

Malwarebytes Anti-Malware version 1.61.0.1400

Media Go

Mesh Runtime

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MozBackup 1.5.1

Mozilla Thunderbird 11.0.1 (x86 en-US)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

OKI Color Swatch Utility

OKI Network Extension

OOBE

P2V version 2.0.4.0

PDF Settings

PlayStation®Network Downloader

PlayStation®Store

PMB

PMB VAIO Edition Guide

PMB VAIO Edition Plug-in

PX Profile Update

Quick Web Access

QuickTime

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek PCIE Card Reader

Remote Keyboard

Renesas Electronics USB 3.0 Host Controller Driver

Safari

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

SendBlaster 2

Skype Click to Call

Skype™ 5.8

Spybot - Search & Destroy

SSLx86

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VAIO - Media Gallery

VAIO - PMB VAIO Edition Guide

VAIO - PMB VAIO Edition Plug-in

VAIO - Remote Keyboard

VAIO Control Center

VAIO CPU Fan Diagnostic

VAIO Data Restore Tool

VAIO Help and Support

VAIO Improvement

VAIO Manual

VAIO Sample Contents

VAIO Satisfaction Survey.

VAIO Smart Network

VAIO Update

VCCx86

VHD

VIx86

VMLx86

VSNx86

VSSTx86

VU5x86

VWSTx86

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

4/24/2012 8:25:14 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/24/2012 8:23:20 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

4/24/2012 3:20:07 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

4/23/2012 9:36:11 PM, Error: Service Control Manager [7022] - The Diagnostic Service Host service hung on starting.

4/23/2012 9:34:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/23/2012 4:10:03 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.278.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80072ee2 Error description: The operation timed out

4/23/2012 12:09:20 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/23/2012 11:41:55 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.278.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode

4/23/2012 11:41:55 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

4/23/2012 11:33:49 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

4/23/2012 11:32:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

4/23/2012 11:32:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

4/23/2012 11:32:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

4/23/2012 11:32:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

4/23/2012 11:32:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

4/23/2012 11:31:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

4/23/2012 11:31:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

4/23/2012 11:31:41 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

4/23/2012 11:30:42 PM, Error: Service Control Manager [7022] - The Server service hung on starting.

4/23/2012 11:30:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

4/23/2012 11:30:30 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

4/23/2012 11:30:24 PM, Error: Service Control Manager [7011] - A timeout (60000 milliseconds) was reached while waiting for a transaction response from the Spooler service.

4/23/2012 11:29:57 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

4/23/2012 11:03:10 PM, Error: Service Control Manager [7001] - The HomeGroup Listener service depends on the Server service which failed to start because of the following error: After starting, the service hung in a start-pending state.

4/22/2012 9:19:23 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/21/2012 9:08:21 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/20/2012 9:34:25 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/20/2012 6:02:41 PM, Error: Service Control Manager [7031] - The DisplayLinkManager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

4/19/2012 9:59:44 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

4/19/2012 9:55:51 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/19/2012 9:00:31 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/19/2012 12:58:58 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/19/2012 12:08:52 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000094, 0xfffff8800485b1eb, 0xfffff8800b74e6f8, 0xfffff8800b74df50). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041912-22167-01.

4/19/2012 12:02:07 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/19/2012 11:03:35 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/19/2012 10:25:29 AM, Error: Service Control Manager [7030] - The DisplayLinkManager service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

4/19/2012 10:13:48 AM, Error: Service Control Manager [7011] - A timeout (60000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

4/19/2012 10:11:48 AM, Error: Service Control Manager [7011] - A timeout (60000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

4/18/2012 9:47:02 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/18/2012 9:46:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/18/2012 10:52:06 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MACBOOKPRO-DA6B that believes that it is the master browser for the domain on transport NetBT_Tcpip_{401D7FEA-3431-4CC6-A939-1CDF6C94CAD5}. The master browser is stopping or an election is being forced.

4/17/2012 9:12:00 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

4/17/2012 8:33:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.

.

==== End Of File ===========================

DDS.txt

Attach.txt

[LDTate]

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

[keen2215]

<P>Hello Larry,<BR><BR>Thank you very much for your assistance. I'll try to be as clear as possible describing how the computer behaves, and will have a c/p MBAM log at the end of this post.</P>

<P></P>

<P>So far I've had the following issues:</P>

<P>1. Homepage was redirected, while originally was set to be google.com, it was redirected to "search.conduit" and would search with bing/search.conduit. </P>

<P>2. An extension on chrome called "wisdom toolbar" was installed by itself, I've manually removed it and it hasn't come back since then. (I used "remove extension" within google chrome's setting)</P>

<P>3. After a few hours the homepage was redirected again, this time it's redirected to a page that says "Welcome to nginx!" </P>

<P></P>

<P>I've tried to follow my friend's suggestion using spybot and deleted a few items that seemed to be suspicious according to the scan, the issues above seem to be gone after deleting those items, but here's the problem now:</P>

<P></P>

<P>1. MBAM doesn't seem to be able to find anything after the spybot's scan, even after the latest update.</P>

<P>2. However, usually after I browse around with chrome after about 30 mins or so, if I run spybot again, it usually finds issues again, sometimes 2, sometimes 5 malicious items. If I deleted them, they come back within the next few minutes or so.</P>

<P>3. Chrome is acting extremely slow right now, when doing web browsing, many websites can only display partial images, those undisplayed images either show "404 Forbidden" or "Welcome to ngnix!"</P>

<P></P>

<P>I'm not sure running spybot was a smart choice, and I normally don't use other web browser besides chrome, so I wouldn't be able to tell if they are all having troubles. Please let me know how we should proceed, I appreciate your help!</P>

<P></P>

<P></P>

<P>Below is the scan resort from MBAM:</P>

<P></P>

<P></P>

<DIV>Malwarebytes Anti-Malware (Trial) 1.61.0.1400</DIV>

<DIV>www.malwarebytes.org</DIV>

<DIV></DIV>

<DIV>Database version: v2012.04.25.06</DIV>

<DIV></DIV>

<DIV>Windows 7 Service Pack 1 x64 NTFS</DIV>

<DIV>Internet Explorer 9.0.8112.16421</DIV>

<DIV>Dick Chen :: DICKCHEN-VAIO [administrator]</DIV>

<DIV></DIV>

<DIV>Protection: Enabled</DIV>

<DIV></DIV>

<DIV>4/25/2012 9:49:43 AM</DIV>

<DIV>mbam-log-2012-04-25 (09-49-43).txt</DIV>

<DIV></DIV>

<DIV>Scan type: Full scan</DIV>

<DIV>Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM</DIV>

<DIV>Scan options disabled: P2P</DIV>

<DIV>Objects scanned: 439696</DIV>

<DIV>Time elapsed: 1 hour(s), 3 minute(s), 7 second(s)</DIV>

<DIV></DIV>

<DIV>Memory Processes Detected: 0</DIV>

<DIV>(No malicious items detected)</DIV>

<DIV></DIV>

<DIV>Memory Modules Detected: 0</DIV>

<DIV>(No malicious items detected)</DIV>

<DIV></DIV>

<DIV>Registry Keys Detected: 0</DIV>

<DIV>(No malicious items detected)</DIV>

<DIV></DIV>

<DIV>Registry Values Detected: 0</DIV>

<DIV>(No malicious items detected)</DIV>

<DIV></DIV>

<DIV>Registry Data Items Detected: 0</DIV>

<DIV>(No malicious items detected)</DIV>

<DIV></DIV>

<DIV>Folders Detected: 0</DIV>

<DIV>(No malicious items detected)</DIV>

<DIV></DIV>

<DIV>Files Detected: 0</DIV>

<DIV>(No malicious items detected)</DIV>

<DIV></DIV>

<DIV>(end)</DIV>

[LDTate]

Before posting back the results, make sure you turn off the switch at the top left that looks like a light switch (Toggle Editing Mode. It's right above the B.

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have XP SP3, use the XP SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[keen2215]

(This is a repost due to the poor format of the previous post)

Hello Larry,

Thank you very much for your assistance. I'll try to be as clear as possible describing how the computer behaves, and will have a c/p MBAM log at the end of this post.

So far I've had the following issues:

1. Homepage was redirected, while originally was set to be google.com, it was redirected to "search.conduit" and it would search with bing/search.conduit instead of google when I try to use the search bar.

2. An extension on chrome called "wisdom toolbar" was installed by itself, I've manually removed it and it hasn't come back since then. (I used "remove extension" within google chrome's setting)

3. After a few hours the homepage was redirected again, this time it's redirected to a page that says "Welcome to nginx!"

I've tried to follow a friend's suggestion using spybot and deleted a few items that seemed to be suspicious according to the scan, the issues above seem to be gone after deleting those items, but here's the problem now:

1. MBAM doesn't seem to be able to find anything after the spybot scan, even after the latest update.

2. However, usually after I browse around with chrome after about 30 mins or so, if I run spybot again, it usually finds issues again, sometimes 2, sometimes 5 malicious items. If I deleted them, they come back within the next few minutes or so. (Again MBAM doesn't seem to find them)

3. Chrome is acting extremely slow right now, when doing web browsing, many websites can only display partial images, those undisplayed images either show "404 Forbidden" or "Welcome to ngnix!". I'm quite certain this isn't about my internet connection since everyone else' computer can view these sites' images like usual.

I'm not sure running spybot was a wise choice, and I normally don't use other web browser besides chrome, so I wouldn't be able to tell if they are all having troubles. Please let me know how we should proceed, I appreciate your help!

Below is the scan resort from MBAM:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.25.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Dick Chen :: DICKCHEN-VAIO [administrator]

Protection: Enabled

4/25/2012 9:49:43 AM

mbam-log-2012-04-25 (09-49-43).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 439696

Time elapsed: 1 hour(s), 3 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[LDTate]

Cool

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have XP SP3, use the XP SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[keen2215]

Hi Larry,

Thanks again for the prompt reply, I've ran CF without creating windows recovery console. At the moment I can't really tell if there's anything changed since I could only see the difference by running spybot, should I perform a scan by spybot to see if it found anything?

Please see the log below after running ComboFix:

ComboFix 12-04-25.02 - Dick Chen 04/25/2012 11:47:28.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4012.1785 [GMT -7:00]

Running from: c:\users\Dick Chen\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\COOLINGTECH SOFTWARE R&D CENTER\COOLINGTECH SOFTWARE R&D CENTER\TvBOxtitle.ax

c:\programdata\Roaming

c:\windows\SysWow64\dlumd10.dll

c:\windows\SysWow64\dlumd11.dll

c:\windows\SysWow64\dlumd9.dll

c:\windows\SysWow64\MailBee.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))

.

.

2012-04-25 18:54 . 2012-04-25 18:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-25 18:54 . 2012-04-25 18:54 -------- d-----w- c:\users\ADMINI~1\AppData\Local\temp

2012-04-25 16:55 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{51D3F373-550E-4BF6-8896-F03EC6DCED38}\mpengine.dll

2012-04-24 20:28 . 2012-04-24 20:28 -------- d-----w- c:\users\Dick Chen\AppData\Local\blekkotb

2012-04-24 00:13 . 2012-04-24 00:13 -------- d-----w- c:\users\Dick Chen\AppData\Local\Windows Live

2012-04-23 19:23 . 2012-04-24 06:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-23 19:23 . 2012-04-24 05:42 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-CN

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES

2012-04-20 19:09 . 2012-04-20 19:11 -------- d-----w- c:\program files\Zune

2012-04-19 18:08 . 2012-04-19 18:08 -------- d-----w- c:\users\Dick Chen\AppData\Roaming\Malwarebytes

2012-04-19 18:06 . 2012-04-19 18:06 -------- d-----w- c:\programdata\Malwarebytes

2012-04-19 18:06 . 2012-04-19 18:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-19 18:06 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-19 18:03 . 2012-04-11 04:24 301904 ----a-w- c:\windows\system32\drivers\dlkmd.sys

2012-04-19 18:03 . 2012-04-11 04:24 15184 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys

2012-04-19 17:24 . 2012-04-19 17:27 -------- d-----w- c:\program files\DisplayLink Core Software

2012-04-19 17:19 . 2012-04-19 17:19 0 ----a-w- c:\windows\system32\dlumd9.dll

2012-04-19 17:19 . 2012-04-19 17:19 0 ----a-w- c:\windows\system32\dlumd11.dll

2012-04-19 17:19 . 2012-04-19 17:19 0 ----a-w- c:\windows\system32\dlumd10.dll

2012-04-19 17:19 . 2012-04-19 17:19 2071040 ----a-w- c:\windows\system32\DisplayLinkUsbCo64_6.1.32700.0.dll

2012-04-19 17:19 . 2012-04-19 17:19 17408 ----a-w- c:\windows\system32\drivers\DisplayLinkUsbPort_6.1.32700.0.sys

2012-04-18 18:32 . 2012-04-18 18:32 -------- d-----w- c:\users\Dick Chen\AppData\Local\Wisdom-soft

2012-04-18 18:22 . 2012-04-18 18:22 -------- d-----w- c:\users\Dick Chen\AppData\Local\CRE

2012-04-18 18:22 . 2012-04-18 18:22 -------- d-----w- c:\program files (x86)\Conduit

2012-04-18 18:22 . 2012-04-19 17:32 -------- d-----w- c:\users\Dick Chen\AppData\Local\Conduit

2012-04-15 21:47 . 2012-04-15 21:47 -------- d-----w- C:\PFiles

2012-04-11 06:20 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-11 06:20 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-04-11 06:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 06:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 06:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-11 06:17 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 06:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 06:17 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-11 06:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-11 04:24 . 2012-04-11 04:24 1137072 ----a-w- c:\windows\system32\dlumd64.dll

2012-04-11 04:24 . 2012-04-11 04:24 943536 ----a-w- c:\windows\SysWow64\dlumd32.dll

2012-04-11 04:24 . 2012-04-11 04:24 105904 ----a-w- c:\windows\system32\DLTmmB.dll

2012-04-11 04:24 . 2012-04-11 04:24 102832 ----a-w- c:\windows\system32\ManageTMMLifeTime.dll

2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-04-02 21:22 . 2012-04-20 22:33 -------- d-----w- c:\program files (x86)\Google

2012-04-01 04:24 . 2012-04-01 04:24 -------- d-----w- c:\program files (x86)\Safari

2012-04-01 04:22 . 2012-04-01 04:22 -------- d-----w- c:\program files\iPod

2012-04-01 04:22 . 2012-04-01 04:22 -------- d-----w- c:\program files\iTunes

2012-04-01 04:22 . 2012-04-01 04:22 -------- d-----w- c:\program files (x86)\iTunes

2012-03-31 21:15 . 2012-04-13 19:15 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-31 04:48 . 2012-04-13 19:15 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\users\Dick Chen\AppData\Roaming\ATI

2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\users\Dick Chen\AppData\Local\ATI

2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\programdata\ATI

2012-03-28 23:45 . 2012-03-28 23:45 -------- d-----w- c:\users\Dick Chen\AppData\Local\Real

2012-03-28 23:45 . 2012-03-30 23:40 -------- d-----w- c:\program files (x86)\Real

2012-03-28 23:25 . 2012-03-28 23:25 -------- d-----w- c:\users\Dick Chen\AppData\Local\Sony

2012-03-28 23:24 . 2012-03-28 23:24 -------- d-----w- c:\users\Dick Chen\AppData\Roaming\Sony

2012-03-27 16:47 . 2012-03-27 16:47 -------- d-----w- c:\users\ADMINI~1\Roaming

2012-03-27 16:47 . 2012-03-27 16:47 -------- d-----w- c:\programdata\Intel

2012-03-27 16:46 . 2012-03-27 16:46 -------- d-----w- c:\program files (x86)\Cisco

2012-03-27 16:46 . 2012-03-27 16:46 -------- d--h--w- c:\windows\system32\WLANProfiles

2012-03-26 20:12 . 2012-03-26 20:10 19464 ----a-w- c:\windows\system32\drivers\AWOPFilterDriver.sys

2012-03-26 20:10 . 2012-03-26 20:10 -------- d-----w- c:\users\Dick Chen\AppData\Local\Downloaded Installations

2012-03-26 20:10 . 2012-03-26 20:10 -------- d-----w- C:\dell

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 19:15 . 2012-03-13 08:29 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-13 08:46 . 2012-03-13 15:33 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-04-03 21:05 . 2012-03-13 22:07 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-03-28 23:45 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-03-21 05:30 . 2012-03-21 05:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-14 01:15 . 2012-03-14 01:15 74703 ----a-w- c:\windows\SysWow64\mfc45.dll

2012-03-13 22:08 . 2012-03-13 22:08 53248 ----a-r- c:\users\Dick Chen\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-03-13 18:09 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-03-13 15:33 . 2012-03-13 15:33 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68EA3E99-778D-46D9-966D-ED19F8C7A6F3}\gapaengine.dll

2012-03-13 08:06 . 2012-03-13 08:06 951680 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-02-17 06:38 . 2012-03-13 17:12 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 17:12 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 17:12 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 17:12 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-10 06:36 . 2012-03-14 16:44 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 16:44 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34 . 2012-03-14 16:45 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Wisdom-soft ScreenHunter 6.0 Free"="0" [X]

"Point of View"="c:\program files (x86)\IPEVO\P2V\P2V.exe" [2011-09-02 1228800]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-25 651832]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"AveoSTI"="c:\program files (x86)\COOLINGTECH SOFTWARE R&D CENTER\COOLINGTECH SOFTWARE R&D CENTER\AveoSTI.exe" [2010-04-15 32768]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Dick Chen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-3-21 1014112]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-11-15 921664]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-11-15 995392]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 116648]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]

R3 AVEO;USB2.0 PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-11-15 1355840]

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 116648]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-01-04 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-09-01 894624]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-09-08 549408]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-12 661504]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-13 135952]

S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-04-11 8498608]

S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2011-04-26 294216]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-24 2413056]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-25 430136]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-12-01 260768]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-27 2656536]

S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-09-20 535176]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-09-30 955832]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [x]

S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [x]

S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:15]

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 21:22]

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 21:22]

.

2012-04-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702091899-3835716337-4143874838-1000Core.job

- c:\users\Dick Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 20:27]

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702091899-3835716337-4143874838-1000UA.job

- c:\users\Dick Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 20:27]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Seagull Drivers"="ssdal_nc.exe startup" [X]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-16 2179688]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-28 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-28 416024]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 421192]

"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 308040]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-11-15 10358784]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-01-04 1935120]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{6dfc55bb-bfff-485a-9709-90c3fdf6db58} - (no file)

Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe

HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-04-25 11:56:41

ComboFix-quarantined-files.txt 2012-04-25 18:56

.

Pre-Run: 315,469,742,080 bytes free

Post-Run: 315,345,440,768 bytes free

.

- - End Of File - - 52B8C580EA0F6A7CF0747B7BB2453B85

[LDTate]

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\system32\dlumd9.dll
c:\windows\system32\dlumd11.dll
c:\windows\system32\dlumd10.dll

Folder::
c:\users\Dick Chen\AppData\Local\Conduit
c:\users\Dick Chen\AppData\Local\Wisdom-soft
c:\users\Dick Chen\AppData\Local\CRE
c:\program files (x86)\Conduit

ClearJavaCache::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wisdom-soft ScreenHunter 6.0 Free"=-

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

[keen2215]

Hi Larry,

I did as instructed and seems like CF was trying to restart my computer (I was away and when I came back I saw Windows 7 showing all the programs that need to be closed before shut down/force shut down option). I canceled it to save a file I had with Mircosoft Office Word then manually restarted the computer.

I'm not sure exactly what's happening but the computer rebooted without showing the log in screen, it now has black screen a the mouse cursor. (It does respond to my mouse movement)

Should I force shut down with the power button and restart it again to see how it goes? Or I should do something else?

Thanks again for the help.

[LDTate]

Try Alt/Ctrl/Del and see if that opens.

If so, select ShutDown. Then restart.

If it doesn't show the taskmanager, force the shutdown and restart

[keen2215]

Hi Larry,

So I waited and looks like the computer was successfully restarted with a CF log showing.

I'm using another computer to reply you right now, it seems like some registry was deleted during the process and I can no longer access Google Chrome or IE. These are the only web browsers I have in the moment, and every time I try to double click any of them, an error message popped up and shows:

C:\Users\Dick Chen\AppData\Local\Google\Chrome\Application\chrome.exe

Illegal operation attempted on a registry key that has been marked for deletion.

I wouldn't be able to provide you the log since the computer we were previously working on now cannot open a web browser, how should we proceed from here?

Thank you!

[LDTate]

Looks like that "Junk" really took over your browsers.

Using the computer you're on now, go here and Save The setup file to a flash / thumb drive.

http://www.mozilla.org/en-US/firefox/new/

Now copy the setup to the infected pc and run it.

[LDTate]

You could also try restarting first

[keen2215]

Thanks Larry, a simple restarted helped and I didn't have to use another computer.

Here's the new log created by CF:

ComboFix 12-04-25.02 - Dick Chen 04/25/2012 13:45:25.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4012.1494 [GMT -7:00]

Running from: c:\users\Dick Chen\Desktop\ComboFix.exe

Command switches used :: c:\users\Dick Chen\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\dlumd10.dll"

"c:\windows\system32\dlumd11.dll"

"c:\windows\system32\dlumd9.dll"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Conduit

c:\program files (x86)\Conduit\Community Alerts\Alert.dll

c:\users\Dick Chen\AppData\Local\Conduit

c:\users\Dick Chen\AppData\Local\CRE

c:\users\Dick Chen\AppData\Local\CRE\loemjcdefhdidbjiflmobkpjohbfefee.crx

c:\users\Dick Chen\AppData\Local\Wisdom-soft

c:\windows\system32\dlumd10.dll

c:\windows\system32\dlumd11.dll

c:\windows\system32\dlumd9.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))

.

.

2012-04-25 20:52 . 2012-04-25 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-24 20:28 . 2012-04-24 20:28 -------- d-----w- c:\users\Dick Chen\AppData\Local\blekkotb

2012-04-24 00:13 . 2012-04-24 00:13 -------- d-----w- c:\users\Dick Chen\AppData\Local\Windows Live

2012-04-23 19:23 . 2012-04-24 06:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-04-23 19:23 . 2012-04-24 05:42 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\zh-CN

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE

2012-04-20 19:10 . 2012-04-20 19:10 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES

2012-04-20 19:09 . 2012-04-20 19:11 -------- d-----w- c:\program files\Zune

2012-04-19 18:08 . 2012-04-19 18:08 -------- d-----w- c:\users\Dick Chen\AppData\Roaming\Malwarebytes

2012-04-19 18:06 . 2012-04-19 18:06 -------- d-----w- c:\programdata\Malwarebytes

2012-04-19 18:06 . 2012-04-19 18:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-19 18:06 . 2012-04-04 22:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-19 18:03 . 2012-04-11 04:24 301904 ----a-w- c:\windows\system32\drivers\dlkmd.sys

2012-04-19 18:03 . 2012-04-11 04:24 15184 ----a-w- c:\windows\system32\drivers\dlkmdldr.sys

2012-04-19 17:24 . 2012-04-19 17:27 -------- d-----w- c:\program files\DisplayLink Core Software

2012-04-19 17:19 . 2012-04-19 17:19 2071040 ----a-w- c:\windows\system32\DisplayLinkUsbCo64_6.1.32700.0.dll

2012-04-19 17:19 . 2012-04-19 17:19 17408 ----a-w- c:\windows\system32\drivers\DisplayLinkUsbPort_6.1.32700.0.sys

2012-04-15 21:47 . 2012-04-15 21:47 -------- d-----w- C:\PFiles

2012-04-11 06:20 . 2012-02-28 06:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-04-11 06:20 . 2012-02-28 01:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-04-11 06:17 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-11 06:17 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-11 06:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-11 06:17 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-11 06:17 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-11 06:17 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-11 06:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-11 04:24 . 2012-04-11 04:24 1137072 ----a-w- c:\windows\system32\dlumd64.dll

2012-04-11 04:24 . 2012-04-11 04:24 943536 ----a-w- c:\windows\SysWow64\dlumd32.dll

2012-04-11 04:24 . 2012-04-11 04:24 105904 ----a-w- c:\windows\system32\DLTmmB.dll

2012-04-11 04:24 . 2012-04-11 04:24 102832 ----a-w- c:\windows\system32\ManageTMMLifeTime.dll

2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

2012-04-02 21:22 . 2012-04-20 22:33 -------- d-----w- c:\program files (x86)\Google

2012-04-01 04:24 . 2012-04-01 04:24 -------- d-----w- c:\program files (x86)\Safari

2012-04-01 04:22 . 2012-04-01 04:22 -------- d-----w- c:\program files\iPod

2012-04-01 04:22 . 2012-04-01 04:22 -------- d-----w- c:\program files\iTunes

2012-04-01 04:22 . 2012-04-01 04:22 -------- d-----w- c:\program files (x86)\iTunes

2012-03-31 21:15 . 2012-04-13 19:15 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-31 04:48 . 2012-04-13 19:15 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\users\Dick Chen\AppData\Roaming\ATI

2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\users\Dick Chen\AppData\Local\ATI

2012-03-29 23:53 . 2012-03-29 23:53 -------- d-----w- c:\programdata\ATI

2012-03-28 23:45 . 2012-03-28 23:45 -------- d-----w- c:\users\Dick Chen\AppData\Local\Real

2012-03-28 23:45 . 2012-03-30 23:40 -------- d-----w- c:\program files (x86)\Real

2012-03-28 23:25 . 2012-03-28 23:25 -------- d-----w- c:\users\Dick Chen\AppData\Local\Sony

2012-03-28 23:24 . 2012-03-28 23:24 -------- d-----w- c:\users\Dick Chen\AppData\Roaming\Sony

2012-03-27 16:47 . 2012-03-27 16:47 -------- d-----w- c:\users\ADMINI~1\Roaming

2012-03-27 16:47 . 2012-03-27 16:47 -------- d-----w- c:\programdata\Intel

2012-03-27 16:46 . 2012-03-27 16:46 -------- d-----w- c:\program files (x86)\Cisco

2012-03-27 16:46 . 2012-03-27 16:46 -------- d--h--w- c:\windows\system32\WLANProfiles

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-13 19:15 . 2012-03-13 08:29 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-13 08:46 . 2012-03-13 15:33 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-04-03 21:05 . 2012-03-13 22:07 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-03-28 23:45 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-03-26 20:10 . 2012-03-26 20:12 19464 ----a-w- c:\windows\system32\drivers\AWOPFilterDriver.sys

2012-03-21 05:30 . 2012-03-21 05:30 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-14 01:15 . 2012-03-14 01:15 74703 ----a-w- c:\windows\SysWow64\mfc45.dll

2012-03-13 22:08 . 2012-03-13 22:08 53248 ----a-r- c:\users\Dick Chen\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe

2012-03-13 18:09 . 2011-03-29 01:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-03-13 15:33 . 2012-03-13 15:33 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68EA3E99-778D-46D9-966D-ED19F8C7A6F3}\gapaengine.dll

2012-03-13 08:06 . 2012-03-13 08:06 951680 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-02-17 06:38 . 2012-03-13 17:12 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-13 17:12 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-13 17:12 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-13 17:12 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-15 18:01 . 2012-02-15 18:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys

2012-02-15 18:01 . 2012-02-15 18:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll

2012-02-10 06:36 . 2012-03-14 16:44 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 16:44 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-03 04:34 . 2012-03-14 16:45 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-04-25_18.54.55 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-13 14:54 . 2012-04-25 20:38 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-03-13 14:54 . 2012-04-25 16:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-03-13 14:54 . 2012-04-25 20:38 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2012-03-13 14:54 . 2012-04-25 16:46 65536 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-04-25 16:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-04-25 20:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-04-25 16:43 . 2012-04-25 16:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-25 20:54 . 2012-04-25 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-04-25 20:54 . 2012-04-25 20:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-04-25 16:43 . 2012-04-25 16:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 05:01 . 2012-04-25 20:54 525868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-04-25 04:46 525868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-03-13 15:51 . 2012-04-25 20:54 4752388 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2702091899-3835716337-4143874838-1000-8192.dat

+ 2012-03-13 15:51 . 2012-04-25 20:54 4307860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2702091899-3835716337-4143874838-1000-12288.dat

- 2012-03-13 15:51 . 2012-04-25 04:46 4307860 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2702091899-3835716337-4143874838-1000-12288.dat

- 2012-03-13 14:46 . 2012-04-25 04:46 4190540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2012-03-13 14:46 . 2012-04-25 20:54 4190540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Point of View"="c:\program files (x86)\IPEVO\P2V\P2V.exe" [2011-09-02 1228800]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-25 651832]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"AveoSTI"="c:\program files (x86)\COOLINGTECH SOFTWARE R&D CENTER\COOLINGTECH SOFTWARE R&D CENTER\AveoSTI.exe" [2010-04-15 32768]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Dick Chen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-3-21 1014112]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-12 661504]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-13 135952]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 116648]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-12-01 260768]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-27 2656536]

R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-09-20 535176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]

R3 AVEO;USB2.0 PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys [x]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-09-15 195320]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-11-15 1355840]

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 116648]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-01-04 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]

R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]

R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-09-01 894624]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-09-08 549408]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-27 101600]

R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]

R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-13 249648]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-11-15 921664]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-11-15 995392]

S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2012-04-11 8498608]

S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2011-04-26 294216]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-10-24 2413056]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-25 430136]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-09-30 955832]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [x]

S3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_6.1.32700.0.sys [x]

S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:15]

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 21:22]

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-02 21:22]

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702091899-3835716337-4143874838-1000Core.job

- c:\users\Dick Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 20:27]

.

2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2702091899-3835716337-4143874838-1000UA.job

- c:\users\Dick Chen\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-24 20:27]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Dick Chen\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Seagull Drivers"="ssdal_nc.exe startup" [X]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-16 2179688]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-28 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-28 416024]

"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [bU]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]

"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 421192]

"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 308040]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-11-15 10358784]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2012-01-04 1935120]

"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"NCInstallQueue"="netman.dll" [2009-07-14 360448]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe

c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

c:\windows\SysWOW64\DllHost.exe

c:\windows\SysWOW64\DllHost.exe

.

**************************************************************************

.

Completion time: 2012-04-25 14:12:52 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-25 21:12

ComboFix2.txt 2012-04-25 18:56

.

Pre-Run: 314,658,500,608 bytes free

Post-Run: 314,620,776,448 bytes free

.

- - End Of File - - 650FEAC60237F11A4DC98FC5CBF8B072

[LDTate]

Do you know what this folder is?

c:\users\Dick Chen\AppData\Local\blekkotb

Also let me know how it's running.

[keen2215]

Hi Larry,

I have no idea where it came from, but I do recall there was something similar (though not 100% sure) that was on my program list under control panel. I've manually removed it via "uninstall or change a program." and it is currently not on my program list (it didn't come back...yet?)

Right now the computer is running OK, I don't see any obvious problems, and I haven't seen the "welcome to ngnix!" since we started troubleshooting.

Please advise how we should move forward, the folder you mentioned does seem suspicious.

Thank you!

[LDTate]

I would delete that folder.

Lets uninstall Combofix and then give it a couple days and see how it goes.

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

• Click START run
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  

For Vista / Windows 7

• Click START Search
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  

[keen2215]

Hi Larry,

I've manually deleted that folder and cleared it from recycle bin.

Combofix is uninstalled.

Is there any additional check we should run at the moment? Or we will wait and see?

I'm very thankful for your assistance, seeing the files deleted already made me feel much better!

[LDTate]

You can run a updated MBAM and SpyBot scan if you like.

[keen2215]

Hi Larry,

I've updated both MBAM and Spybot and scanned with both of them. (One scan at a time)

MBAM doesn't seem to be finding anything, while Spybot seems to find something; I'm not sure how to find a log created by Spybot, but they are tracking cookie from DoubleClick.net, total of 2 entries under my browser.

I do recall that I've seen this from my previous Spybot scan and have removed/fixed them via Spybot, yet it seems like they just came back...should I also try to run a scan by Super AntiSpyware?

Please advise how we should move forward, thank you!

[LDTate]

You'll always have / get cookies when you do anything on the web.

I always run a cleaner at night to remove cookies / temp files.

Are you using FireFox?

[LDTate]

Download TFC to your desktop

• Close any open windows.
  
• Double click the TFC icon to run the program
  
• TFC will close all open programs itself in order to run,
  
• Click the Start button to begin the process.
  
• Allow TFC to run uninterrupted.
  
• The program should not take long to finish it's job
  
• Once its finished it should automatically reboot your machine,
  
• if it doesn't, manually reboot to ensure a complete clean
  

[keen2215]

Hi Larry,

I've done the cleaning. Quick question, the TFC work like CCleaner?

Also, do you suggest any additional scans (i.e. By SAS or updated Skybot again)?

Again, very thankful for your time and assistance, sincerely appreciated!

[LDTate]

CCleaner can do more harm than good if not used correctly.

TFC is safe as it won't remove registry items, just the junk.

As far as I know SAS won't remove anything unless you buy the paid for version.

I think you're clean.

[keen2215]

Thank you very much for all the help Larry, I truly appreciate all your time, thanks again!