Trojan horse help (redirecting searches)

JBhunter45 · 05-Jul-2012, 09:44 PM #1

AVG showed Trojan horse Dropper.Generic_c.MMI and now Trojan horse BeckDoor.Generic15.AXLA on the laptop.
Tried removing the hreat but it fails.

1. HijackThisLog:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:35:30 PM, on 7/5/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\DAP\DAP.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb165?a=6OyH4oMKfK&i=26
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SPEEDBIT1 - {2C9771B0-3307-4122-849A-8697E7CA5BCC} - C:\Program Files (x86)\SpeedBit Toolbar\Toolbar\tbcore3.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: SBCONVERT - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~1\SEARCH~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SBCONVERT - {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: LinkVerifierBHO - {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: Download Accelerator Plus Integration - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O3 - Toolbar: att.net Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SpeedBit - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files (x86)\SpeedBit Toolbar\Toolbar\tbcore3.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKLM\..\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - HKLM\..\Run: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
O4 - HKCU\..\Run: [DAP10] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
O8 - Extra context menu item: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames...1.cab60096.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor....cab102118.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O16 - DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} (WebBrowserType Class) - https://pattcw.att.motive.com/wizlet...nstaller64.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll (file missing)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Sprint Con App Svc (CASprint) - SmithMicro Inc. - C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe
O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NovaCore SDK Service (NvtlService) - Unknown owner - C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - SmithMicro Inc. - C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareReso urceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 19975 bytes

2a. DDS Log:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Jeff at 21:36:39 on 2012-07-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4014.2271 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoCast.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\DAP\DAP.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\Dwm.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Sprint\Sprint SmartView\WiMaxRpcServer.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = hxxp://mystart.incredibar.com/mb165?a=6OyH4oMKfK&i=26
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Bar =
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SPEEDBIT1 Class: {2c9771b0-3307-4122-849a-8697e7ca5bcc} - C:\Program Files (x86)\SpeedBit Toolbar\Toolbar\tbcore3.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: SBCONVERT Class: {31b27f2d-6bc6-451b-b3d2-4eab36b2fc3b} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO: SearchPredictObj Class: {389943b0-c3a2-4e69-82cb-8596a84cb3dc} - C:\PROGRA~2\SEARCH~1\SEARCH~1.DLL
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: SBCONVERT Class: {92a9acf4-9333-43ae-9698-db283326f87f} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: SpeedBit Link Verification Helper: {d5974a72-c81c-4dc3-be77-a8a7bbc8864e} - C:\Program Files (x86)\DAP\LinkVerifier.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: Download Accelerator Plus Integration: {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB: att.net Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: SpeedBit: {ebfcd017-bcad-42c3-9ed5-89dbdfc59171} - C:\Program Files (x86)\SpeedBit Toolbar\Toolbar\tbcore3.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
TB: Incredibar Toolbar: {f9639e4a-801b-4843-aee3-03d9da199e77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
uRun: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk"
uRun: [DAP10] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
mRun: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - C:\Program Files (x86)\DAP\dapverify.htm
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
LSP: mswsock.dll
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809}\84F6D656 : DhcpNameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809}\84F6D65602D202344525335303 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809}\A556E69716474716 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{F080DE39-A95A-4ECD-9EF4-659C412F3AD6} : DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: SPEEDBIT1 Class: {2C9771B0-3307-4122-849A-8697E7CA5BCC} - C:\Program Files (x86)\SpeedBit Toolbar\Toolbar\tbcore3.dll
BHO-X64: SPEEDBIT1 - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: SBCONVERT Class: {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
BHO-X64: SBCONVERT - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
BHO-X64: Web Assistant Helper - No File
BHO-X64: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~1\SEARCH~1.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO-X64: Incredibar.com Helper Object - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
BHO-X64: SBCONVERT - No File
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - C:\Program Files (x86)\DAP\LinkVerifier.dll
BHO-X64: LinkVerifierBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: Download Accelerator Plus Integration: {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL
BHO-X64: Download Accelerator Plus Integration - No File
BHO-X64: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\grabber.dll
BHO-X64: GrabberObj Class - No File
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
TB-X64: att.net Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: SpeedBit: {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files (x86)\SpeedBit Toolbar\Toolbar\tbcore3.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
TB-X64: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
mRun-x64: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe"
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-6-13 5161080]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 DeviceMonitorService;DeviceMonitorService;C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-6-5 87400]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-5 654408]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-6-4 116632]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-1-11 82944]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-7-2 65657]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-12-31 259192]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-12-11 104960]
R2 Web Assistant Updater;Web Assistant Updater;C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [2012-7-5 185856]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-12-11 571248]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 135664]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 257224]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; [x]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-6-8 124224]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 135664]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\system32\DRIVERS\motusbdevice.sys --> C:\Windows\system32\DRIVERS\motusbdevice.sys [?]
S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-9-22 43028328]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;C:\Windows\system32\DRIVERS\nwusbser2.sys --> C:\Windows\system32\DRIVERS\nwusbser2.sys [?]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TVICHW64;TVICHW64;\??\C:\Windows\system32\DRIVERS\TVICHW64.SYS --> C:\Windows\system32\DRIVERS\TVICHW64.SYS [?]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-12-11 110960]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128]
S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 370024]
.
=============== Created Last 30 ================
.
2012-07-06 01:19:32 -------- d-----w- C:\Program Files (x86)\Perion
2012-07-06 01:19:26 -------- d-----w- C:\Program Files (x86)\Incredibar.com
2012-07-06 01:19:20 -------- d-----w- C:\Program Files\Web Assistant
2012-07-06 01:19:00 388096 ----a-r- C:\Users\Jeff\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-06 01:18:59 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-07-05 22:16:06 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Malwarebytes
2012-07-05 22:15:59 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-05 22:15:59 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-05 22:15:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-03 20:58:23 -------- d-----w- C:\Users\Jeff\AppData\Roaming\SpeedyPC Software
2012-07-03 20:58:23 -------- d-----w- C:\Users\Jeff\AppData\Roaming\DriverCure
2012-07-03 20:58:14 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-07-03 00:53:40 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-03 00:26:11 -------- d-----w- C:\Users\Jeff\.gstreamer-0.10
2012-07-03 00:25:21 -------- d-----w- C:\Users\Jeff\AppData\Local\Motorola
2012-07-03 00:25:15 -------- d-----w- C:\Binaries
2012-07-03 00:25:13 -------- d-----w- C:\ProgramData\Nero
2012-07-03 00:25:13 -------- d-----w- C:\Program Files (x86)\Motorola Media Link
2012-07-03 00:25:01 -------- d-----w- C:\ProgramData\Motorola
2012-07-03 00:24:42 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Motorola Mobility
2012-07-03 00:24:42 -------- d-----w- C:\Temp
2012-07-03 00:24:21 -------- d-----w- C:\Program Files (x86)\Motorola Mobility
2012-07-03 00:24:21 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2012-07-03 00:22:53 -------- d-----w- C:\Program Files\Motorola Inc
2012-07-03 00:22:53 -------- d-----w- C:\Program Files\Common Files\Motorola Shared
2012-07-03 00:22:39 -------- d-----w- C:\Users\Jeff\AppData\Roaming\Motorola
2012-07-03 00:22:39 -------- d-----w- C:\Program Files (x86)\Motorola
2012-07-03 00:21:44 -------- d-----w- C:\Users\Jeff\AppData\Roaming\MotoCast
2012-06-22 13:51:34 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 13:51:11 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 13:50:55 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 13:50:55 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-14 20:03:56 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-10 01:35:54 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
.
==================== Find3M ====================
.
2012-06-21 11:39:38 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-21 11:39:38 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-10 01:35:49 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-05 00:14:39 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2011-10-31 17:24:42 481 ----a-w- C:\Program Files (x86)\1031201113244216.bat
.
============= FINISH: 21:37:51.60 ===============

2b. Attach Log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/10/2010 8:49:19 PM
System Uptime: 7/5/2012 9:20:41 PM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz | N/A | 917/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 457 GiB total, 15.482 GiB free.
E: is Removable
G: is CDROM ()
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP238: 6/22/2012 9:50:22 AM - Windows Update
RP239: 7/2/2012 11:48:44 AM - Scheduled Checkpoint
RP240: 7/2/2012 8:22:01 PM - Installed MotoCast
RP241: 7/3/2012 3:25:34 PM - Windows Update
RP242: 7/5/2012 9:18:29 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
AC3Filter (remove only)
AC3Filter 1.63b
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Apple Application Support
Apple Software Update
Applian FLV and Media Player 3.1.1.12
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
att.net Internet Mail
att.net Toolbar
AVG PC Tuneup 2011
Bing Rewards Client Installer
Compatibility Pack for the 2007 Office system
D3DX10
dBpoweramp Windows Media Audio 10 Codec
DivX Player
DivX Setup
Download Accelerator Plus (DAP)
Driver Whiz
Evernote
Federal Premium 2011 Ammunition
FLV Player 2.0 (build 25)
Freemake Video Downloader
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Incredibar Toolbar on IE
InstaCodecs
Intel(R) Turbo Boost Technology Driver
Java Auto Updater
Java(TM) 6 Update 32
Junk Mail filter update
Malwarebytes Anti-Malware version 1.61.0.1400
Media Gallery
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MotoCast
Motorola Device Manager
Motorola Device Software Update
MOTOROLA MEDIA LINK
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Picasa 3
PMB
PMB VAIO Edition Guide
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
QuickBooks Financial Center
QuickTime
Realtek High Definition Audio Driver
Remote Keyboard
Remote Play with PlayStation 3
Remote Play with PlayStation®3
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951)
Setting Utility Series
Shooting Sports USA - May 2012
SmartWi Connection Utility
Sony Home Network Library
SpeedBit Toolbar
SpeedBit Video Downloader
Sql Server Customer Experience Improvement Program
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO - Remote Keyboard
VAIO Care
VAIO Care Update
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story Template Data
VAIO OOBE and Startup Assistant
VAIO Personalization Manager
VAIO Power Management
VAIO Survey
VAIO Transfer Support
VAIO Update
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.6195
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
VLC media player 1.0.5
VobSub v2.05 (Remove Only)
VU5x86
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xvid 1.1.2 final uninstall
XviD MPEG-4 Codec
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
7/5/2012 9:23:08 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/5/2012 9:23:08 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/5/2012 9:21:27 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/5/2012 9:21:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
7/5/2012 9:21:26 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/5/2012 9:21:25 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/3/2012 3:33:47 PM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.
7/2/2012 8:26:04 PM, Error: Service Control Manager [7031] - The Motorola Device Manager Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
7/2/2012 8:24:24 PM, Error: Service Control Manager [7030] - The PST Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/2/2012 8:17:52 PM, Error: cdrom [11] - The driver detected a controller error on \Device\CdRom0.
.
==== End Of File ===========================

kevinf80 · 06-Jul-2012, 03:06 AM #2

Download Farbar Recovery Scan Toolx64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options I give two methods, use whichever is convenient for you.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select Your Country as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Kevin

JBhunter45 · 06-Jul-2012, 10:06 AM #3

Scan result of Farbar Recovery Scan Tool Version: 05-07-2012 01
Ran by SYSTEM at 06-07-2012 09:58:03
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2009-11-02] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11106408 2011-03-01] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-11-11] (Synaptics Incorporated)
HKLM-x32\...\Run: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup [80384 2009-10-05] (Sony Electronics Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a [75072 2010-06-08] (Sprint)
HKLM-x32\...\Run: [RDVCHG] "C:\Program Files (x86)\Sprint\Sprint SmartView\RDVCHG.exe" [316736 2010-06-08] (C-motech Co.,Ltd)
HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462408 2012-04-04] (Malwarebytes Corporation)
HKU\Jeff\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-12-11] (Google Inc.)
HKU\Jeff\...\Run: [DownloadAccelerator] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP [3774680 2012-07-03] (Speedbit Ltd.)
HKU\Jeff\...\Run: [MotoCast] "C:\Program Files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [x]
HKU\Jeff\...\Run: [DAP10] "C:\Program Files (x86)\DAP\DAP.EXE" /STARTUP [3774680 2012-07-03] (Speedbit Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Services (Whitelisted) ======

3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5161080 2012-06-12] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
3 CASprint; "C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe" /n "CASprint" [124224 2010-06-08] (SmithMicro Inc.)
2 DeviceMonitorService; "C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe" [87400 2012-06-05] (Nero AG)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-04-30] (Alcatel-Lucent)
2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [116632 2012-06-04] ()
3 MSSQL$DDNI; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe" -sDDNI [43028328 2011-09-22] (Microsoft Corporation)
2 NvtlService; "C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe" [82944 2010-01-11] ()
2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola)
3 Roxio UPnP Renderer 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [313840 2009-08-31] (Sonic Solutions)
2 Roxio Upnp Server 10; "C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe" [362992 2009-08-31] (Sonic Solutions)
2 SampleCollector; "C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata" [259192 2011-01-29] (Sony Corporation)
3 SprintRcAppSvc; "C:\Program Files (x86)\Sprint\Sprint SmartView\RcAppSvc.exe" /n "SprintRcAppSvc" [120128 2010-06-08] (SmithMicro Inc.)
4 SQLAgent$DDNI; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE" -i DDNI [370024 2011-09-22] (Microsoft Corporation)
2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareReso urceManager.exe" [74496 2010-09-27] (Sony Corporation)
2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-06-06] ()

========================== Drivers (Whitelisted) =============

3 ArcSoftKsUFilter; C:\Windows\System32\Drivers\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
3 motusbdevice; C:\Windows\System32\Drivers\motusbdevice.sys [11776 2011-11-08] (Motorola Inc)
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2010-06-08] (Novatel Wireless Inc.)
3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2010-06-08] (Novatel Wireless Inc.)
3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [213376 2010-06-08] (Novatel Wireless Inc.)
3 PCTINDIS5X64; \??\C:\Windows\system32\PCTINDIS5X64.SYS [43032 2010-06-08] (Smith Micro Inc.)
3 TVICHW64; C:\Windows\System32\Drivers\TVICHW64.sys [21200 2010-07-18] (EnTech Taiwan)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
3 AVG Security Toolbar Service; [x]
3 cpuz132; \??\C:\Users\Jeff\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]
3 DFUBTUSB; [x]
2 IAStorDataMgrSvc; [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-05 17:38 - 2012-07-05 17:38 - 00034883 ____A C:\Users\Jeff\Desktop\DDS.txt
2012-07-05 17:38 - 2012-07-05 17:38 - 00010867 ____A C:\Users\Jeff\Desktop\Attach.txt
2012-07-05 17:35 - 2012-07-05 17:35 - 00019977 ____A C:\Users\Jeff\Desktop\hijackthis.log
2012-07-05 17:34 - 2012-07-05 17:34 - 00000824 ____A C:\Users\Jeff\Desktop\'hosts'.txt
2012-07-05 17:19 - 2012-07-05 17:19 - 00002971 ____A C:\Users\Jeff\Desktop\HiJackThis.lnk
2012-07-05 17:19 - 2012-07-05 17:19 - 00000447 ____A C:\user.js
2012-07-05 17:19 - 2012-07-05 17:19 - 00000000 ____D C:\Program Files\Web Assistant
2012-07-05 17:19 - 2012-07-05 17:19 - 00000000 ____D C:\Program Files (x86)\Perion
2012-07-05 17:19 - 2012-07-05 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-07-05 17:19 - 2012-07-05 17:19 - 00000000 ____D C:\Program Files (x86)\Incredibar.com
2012-07-05 17:18 - 2012-07-05 17:18 - 01402880 ____A C:\Users\Jeff\Desktop\HiJackThis.msi
2012-07-05 17:18 - 2012-07-05 17:18 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-07-05 14:16 - 2012-07-05 14:16 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Malwarebytes
2012-07-05 14:15 - 2012-07-05 14:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-05 14:15 - 2012-07-05 14:15 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-05 14:15 - 2012-04-04 11:56 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 12:58 - 2012-07-05 14:03 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-03 12:58 - 2012-07-03 12:58 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\SpeedyPC Software
2012-07-03 12:58 - 2012-07-03 12:58 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\DriverCure
2012-07-03 11:26 - 2012-07-03 11:26 - 00261900 ____A C:\Windows\msxml4-KB973685-enu.LOG
2012-07-02 16:53 - 2012-07-02 16:53 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-02 16:26 - 2012-07-06 05:53 - 00000000 ____D C:\Users\Jeff\.gstreamer-0.10
2012-07-02 16:26 - 2012-07-03 08:20 - 00000000 ____D C:\Users\Jeff\Desktop\New folder
2012-07-02 16:25 - 2012-07-02 16:25 - 00000000 ____D C:\Users\Jeff\AppData\Local\Motorola
2012-07-02 16:25 - 2012-07-02 16:25 - 00000000 ____D C:\Users\All Users\Nero
2012-07-02 16:25 - 2012-07-02 16:25 - 00000000 ____D C:\Users\All Users\Motorola
2012-07-02 16:25 - 2012-07-02 16:25 - 00000000 ____D C:\Program Files (x86)\Motorola Media Link
2012-07-02 16:25 - 2012-07-02 16:25 - 00000000 ____D C:\Binaries
2012-07-02 16:24 - 2012-07-02 16:25 - 00000000 ____D C:\Program Files (x86)\Motorola Mobility
2012-07-02 16:24 - 2012-07-02 16:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motusbdevice_01007.Wdf
2012-07-02 16:24 - 2012-07-02 16:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Motousbnet_01007.Wdf
2012-07-02 16:24 - 2012-07-02 16:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motfilt_01007.Wdf
2012-07-02 16:24 - 2012-07-02 16:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgpfl_01007.Wdf
2012-07-02 16:24 - 2012-07-02 16:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgp_01007.Wdf
2012-07-02 16:24 - 2012-07-02 16:24 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Motorola Mobility
2012-07-02 16:22 - 2012-07-02 16:24 - 00000000 ____D C:\Program Files (x86)\Motorola
2012-07-02 16:22 - 2012-07-02 16:22 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Motorola
2012-07-02 16:22 - 2012-07-02 16:22 - 00000000 ____D C:\Program Files\Motorola Inc
2012-07-02 16:22 - 2012-07-02 16:22 - 00000000 ____D C:\Program Files\Common Files\Motorola Shared
2012-07-02 16:21 - 2012-07-06 05:55 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\MotoCast
2012-06-22 05:51 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 05:51 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 05:51 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 05:51 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 05:51 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 05:51 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 05:51 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 05:50 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 05:50 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-19 05:55 - 2012-06-19 05:55 - 00399501 ____A C:\Users\Jeff\Desktop\Vltor Weapon Systems Store - Shopping Cart_php.mht
2012-06-14 23:01 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 23:01 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 23:01 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 23:01 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 23:01 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 23:01 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 23:01 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 23:01 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 23:01 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 23:01 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 23:01 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 23:01 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 23:01 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 23:01 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 23:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 23:01 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 23:01 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 23:01 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 23:01 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 23:01 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 23:01 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 23:01 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 23:01 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 23:01 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 23:01 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 23:01 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 23:01 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 23:01 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 12:03 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 12:03 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 12:03 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 12:03 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 12:03 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 12:03 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 12:03 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 12:03 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 12:03 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 12:03 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 12:03 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 12:03 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 12:03 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 12:03 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 12:03 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-14 12:03 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 12:03 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 18:07 - 2012-06-13 18:08 - 00290288 ____A C:\Windows\Minidump\061312-46831-01.dmp
2012-06-09 17:35 - 2012-06-09 17:36 - 10284272 ____A C:\Users\Jeff\Documents\dap10.exe
2012-06-09 17:35 - 2012-06-09 17:35 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-09 17:35 - 2012-06-09 17:35 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-09 17:35 - 2012-06-09 17:35 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-09 17:35 - 2012-06-09 17:35 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-09 13:53 - 2012-06-09 13:53 - 00290368 ____A C:\Windows\Minidump\060912-46737-01.dmp
2012-06-08 05:20 - 2012-06-13 18:07 - 481820311 ____A C:\Windows\MEMORY.DMP
2012-06-08 05:20 - 2012-06-08 05:20 - 00290264 ____A C:\Windows\Minidump\060812-44023-01.dmp

============ 3 Months Modified Files ========================

2012-07-06 05:55 - 2010-01-14 11:42 - 01071567 ____A C:\Windows\WindowsUpdate.log
2012-07-06 05:55 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-06 05:55 - 2009-07-13 20:45 - 00014144 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-06 05:51 - 2011-12-01 07:39 - 00021395 ____A C:\Windows\setupact.log
2012-07-06 05:51 - 2009-12-11 05:42 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-06 05:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-06 05:42 - 2009-07-13 21:13 - 00836832 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-06 05:37 - 2012-04-17 14:52 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-06 05:37 - 2009-12-11 05:42 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-05 17:54 - 2011-12-06 04:15 - 00026530 ____A C:\Windows\PFRO.log
2012-07-05 17:38 - 2012-07-05 17:38 - 00034883 ____A C:\Users\Jeff\Desktop\DDS.txt
2012-07-05 17:38 - 2012-07-05 17:38 - 00010867 ____A C:\Users\Jeff\Desktop\Attach.txt
2012-07-05 17:35 - 2012-07-05 17:35 - 00019977 ____A C:\Users\Jeff\Desktop\hijackthis.log
2012-07-05 17:34 - 2012-07-05 17:34 - 00000824 ____A C:\Users\Jeff\Desktop\'hosts'.txt
2012-07-05 17:19 - 2012-07-05 17:19 - 00002971 ____A C:\Users\Jeff\Desktop\HiJackThis.lnk
2012-07-05 17:19 - 2012-07-05 17:19 - 00000447 ____A C:\user.js
2012-07-05 17:18 - 2012-07-05 17:18 - 01402880 ____A C:\Users\Jeff\Desktop\HiJackThis.msi
2012-07-05 16:54 - 2010-06-29 09:54 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-07-03 11:26 - 2012-07-03 11:26 - 00261900 ____A C:\Windows\msxml4-KB973685-enu.LOG
2012-07-02 16:24 - 2012-07-02 16:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motusbdevice_01007.Wdf
2012-07-02 16:24 - 2012-07-02 16:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Motousbnet_01007.Wdf
2012-07-02 16:24 - 2012-07-02 16:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motfilt_01007.Wdf
2012-07-02 16:24 - 2012-07-02 16:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgpfl_01007.Wdf
2012-07-02 16:24 - 2012-07-02 16:24 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgp_01007.Wdf
2012-06-21 03:39 - 2012-04-17 14:52 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-21 03:39 - 2011-05-21 07:02 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-19 05:55 - 2012-06-19 05:55 - 00399501 ____A C:\Users\Jeff\Desktop\Vltor Weapon Systems Store - Shopping Cart_php.mht
2012-06-14 23:32 - 2009-07-13 20:45 - 00453912 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-14 23:08 - 2010-02-14 18:04 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-13 18:08 - 2012-06-13 18:07 - 00290288 ____A C:\Windows\Minidump\061312-46831-01.dmp
2012-06-13 18:07 - 2012-06-08 05:20 - 481820311 ____A C:\Windows\MEMORY.DMP
2012-06-09 17:36 - 2012-06-09 17:35 - 10284272 ____A C:\Users\Jeff\Documents\dap10.exe
2012-06-09 17:35 - 2012-06-09 17:35 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-06-09 17:35 - 2012-06-09 17:35 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-06-09 17:35 - 2012-06-09 17:35 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-06-09 17:35 - 2012-06-09 17:35 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-06-09 17:35 - 2010-05-08 02:29 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-06-09 13:53 - 2012-06-09 13:53 - 00290368 ____A C:\Windows\Minidump\060912-46737-01.dmp
2012-06-09 13:53 - 2009-07-13 21:08 - 00032648 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-08 05:20 - 2012-06-08 05:20 - 00290264 ____A C:\Windows\Minidump\060812-44023-01.dmp
2012-06-04 13:51 - 2012-06-04 13:51 - 02328580 ____A C:\Users\Jeff\Documents\Attachments_2012_06_4.zip
2012-06-02 14:19 - 2012-06-22 05:51 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 05:51 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 05:51 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 05:51 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 05:51 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 05:51 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 05:51 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-22 05:50 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-22 05:50 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-22 17:09 - 2012-05-22 17:08 - 00013974 ____A C:\Windows\IE9_main.log
2012-05-17 18:47 - 2012-06-14 23:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-14 23:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-14 23:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-14 23:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-14 23:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-14 23:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-14 23:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-14 23:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-14 23:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-14 23:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-14 23:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-14 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-14 23:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-14 23:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-14 23:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-14 23:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-14 23:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-14 23:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-14 23:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-14 23:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-14 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-14 23:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-14 23:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-14 23:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-14 23:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-14 23:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-14 23:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-14 23:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-14 17:32 - 2012-06-14 12:03 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-10 06:57 - 2012-05-10 06:57 - 00739592 ____A C:\Users\Jeff\Desktop\ACE Your Shopping Cart.mht
2012-05-10 06:47 - 2012-05-10 06:47 - 00963149 ____A C:\Users\Jeff\Desktop\MFI Shopping Cart.mht
2012-05-09 08:11 - 2012-05-09 08:11 - 00216803 ____A C:\Users\Jeff\Documents\2011 Alumacraft Classic 165CS.mht
2012-05-04 16:17 - 2012-05-04 16:17 - 00835798 ____A C:\Users\Jeff\Documents\SOLD FS New Troy Rear Folding Battle Sight, $80 shipped US_ - AR15_COM.mht
2012-05-04 16:14 - 2012-05-04 16:14 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-04 03:06 - 2012-06-14 12:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-14 12:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-14 12:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-14 12:03 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-14 12:03 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-14 12:03 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-14 12:03 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-14 12:03 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-14 12:03 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-14 12:03 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-14 12:03 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-14 12:03 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-14 12:03 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-14 12:03 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 00:50 - 2012-04-19 00:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys
2012-04-11 06:06 - 2011-12-31 10:23 - 00000000 ____A C:\Windows\Model.log
2012-04-11 06:06 - 2010-07-18 09:25 - 00000021 ____A C:\Windows\Model.txt

ZeroAccess:
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\@
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\L
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\U
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\L\00000004.@
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\L\1afb2d56
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\L\201d3dde
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\L\55490ac4
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\U\00000004.@
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\U\00000008.@
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\U\000000cb.@
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\U\80000000.@
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\U\80000032.@
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\U\80000064.@

ZeroAccess:
C:\Users\Jeff\AppData\Local\{b48149d0-024f-59c0-5c68-f53ca5cb8084}
C:\Users\Jeff\AppData\Local\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\@
C:\Users\Jeff\AppData\Local\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\L
C:\Users\Jeff\AppData\Local\{b48149d0-024f-59c0-5c68-f53ca5cb8084}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 4014.09 MB
Available physical RAM: 3382.22 MB
Total Pagefile: 4012.24 MB
Available Pagefile: 3374.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:457.21 GB) (Free:14.73 GB) NTFS
2 Drive e: (Recovery) (Fixed) (Total:8.45 GB) (Free:0.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (ILOGIC) (Removable) (Total:1.97 GB) (Free:1.96 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 2014 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 8 GB 1024 KB
Partition 2 Primary 100 MB 8 GB
Partition 3 Primary 457 GB 8 GB

=========================================================================== =======

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 8 GB Healthy Hidden

=========================================================================== =======

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

=========================================================================== =======

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 457 GB Healthy

=========================================================================== =======

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 2013 MB 16 KB

=========================================================================== =======

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G ILOGIC FAT Removable 2013 MB Healthy

=========================================================================== =======

==========================================================

Last Boot: 2012-07-02 07:42

======================= End Of Log ==========================

kevinf80 · 06-Jul-2012, 10:20 AM #4

Thanks for the log, we need to do a search for a replacement services.exe, do the following please:

Boot to System Recovery Options and run FRST as you did to get the log.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Click Search button and post the log (Search.txt) it makes to your reply.

Kevin...

JBhunter45 · 06-Jul-2012, 10:51 AM #5

Farbar Recovery Scan Tool Version: 05-07-2012 01
Ran by SYSTEM at 2012-07-06 10:28:31
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

kevinf80 · 06-Jul-2012, 12:22 PM #6

OK, continue:

Step 1

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Code:

start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\SysWOW64\%APPDATA%
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084}
C:\Users\Jeff\AppData\Local\{b48149d0-024f-59c0-5c68-f53ca5cb8084}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
end

Now please enter System Recovery Options as you did to get the log.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Step 2

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

Ensure that Combofix is saved directly to the Desktop <--- Very important

Before saving Combofix to the Desktop re-name to Gotcha.exe as below:
Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
Close any open browsers and any other programs you might have running
Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
Instructions for running Combofix available Here if required.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the two logs in next reply please, also give update on current issues/concerns..

Kevin

JBhunter45 · 06-Jul-2012, 09:25 PM #7

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 05-07-2012 01
Ran by SYSTEM at 2012-07-06 21:20:18 Run:1
Running from G:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\ser vices.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\SysWOW64\%APPDATA% moved successfully.
C:\Windows\Installer\{b48149d0-024f-59c0-5c68-f53ca5cb8084} moved successfully.
C:\Users\Jeff\AppData\Local\{b48149d0-024f-59c0-5c68-f53ca5cb8084} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====

JBhunter45 · 06-Jul-2012, 10:24 PM #8

ComboFix 12-07-06.02 - Jeff 07/06/2012 21:34:10.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4014.2684 [GMT -4:00]
Running from: c:\users\Jeff\Desktop\Gotcha.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Incredibar.com
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
c:\program files (x86)\SpeedBit Toolbar\Toolbar\tbhelper.dll
c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\program files\Web Assistant\ExTEnsion32.dll
c:\windows\SysWow64\SET6722.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-06 13:53 . 2012-07-06 13:53 -------- d-----w- C:\FRST
2012-07-06 01:19 . 2012-07-06 01:19 -------- d-----w- c:\program files (x86)\Perion
2012-07-06 01:19 . 2012-07-06 01:19 447 ----a-w- C:\user.js
2012-07-06 01:19 . 2012-07-07 01:51 -------- d-----w- c:\program files\Web Assistant
2012-07-06 01:19 . 2012-07-06 01:19 388096 ----a-r- c:\users\Jeff\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-06 01:18 . 2012-07-06 01:18 -------- d-----w- c:\program files (x86)\Trend Micro
2012-07-05 22:16 . 2012-07-05 22:16 -------- d-----w- c:\users\Jeff\AppData\Roaming\Malwarebytes
2012-07-05 22:15 . 2012-07-05 22:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-05 22:15 . 2012-07-05 22:15 -------- d-----w- c:\programdata\Malwarebytes
2012-07-05 22:15 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 20:58 . 2012-07-03 20:58 -------- d-----w- c:\users\Jeff\AppData\Roaming\SpeedyPC Software
2012-07-03 20:58 . 2012-07-03 20:58 -------- d-----w- c:\users\Jeff\AppData\Roaming\DriverCure
2012-07-03 20:58 . 2012-07-05 22:03 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-03 00:26 . 2012-07-07 01:24 -------- d-----w- c:\users\Jeff\.gstreamer-0.10
2012-07-03 00:25 . 2012-07-03 00:25 -------- d-----w- c:\users\Jeff\AppData\Local\Motorola
2012-07-03 00:25 . 2012-07-03 00:25 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-07-03 00:25 . 2012-07-03 00:25 -------- d-----w- C:\Binaries
2012-07-03 00:25 . 2012-07-03 00:25 -------- d-----w- c:\programdata\Nero
2012-07-03 00:25 . 2012-07-03 00:25 -------- d-----w- c:\program files (x86)\Motorola Media Link
2012-07-03 00:25 . 2012-07-03 00:25 -------- d-----w- c:\programdata\Motorola
2012-07-03 00:24 . 2012-07-07 01:57 -------- d-----w- C:\Temp
2012-07-03 00:24 . 2012-07-03 00:24 -------- d-----w- c:\users\Jeff\AppData\Roaming\Motorola Mobility
2012-07-03 00:24 . 2012-07-03 00:25 -------- d-----w- c:\program files (x86)\Motorola Mobility
2012-07-03 00:22 . 2012-07-03 00:22 -------- d-----w- c:\program files\Motorola Inc
2012-07-03 00:22 . 2012-07-03 00:22 -------- d-----w- c:\program files\Common Files\Motorola Shared
2012-07-03 00:22 . 2012-07-03 00:24 -------- d-----w- c:\program files (x86)\Motorola
2012-07-03 00:22 . 2012-07-03 00:22 -------- d-----w- c:\users\Jeff\AppData\Roaming\Motorola
2012-07-03 00:21 . 2012-07-07 01:30 -------- d-----w- c:\users\Jeff\AppData\Roaming\MotoCast
2012-06-22 13:51 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 13:51 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 13:51 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:51 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 13:51 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 13:51 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 13:51 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:50 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:50 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-14 20:03 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-10 01:35 . 2012-06-10 01:35 476960 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 11:39 . 2012-04-17 22:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-21 11:39 . 2011-05-21 15:02 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-10 01:35 . 2010-05-08 10:29 472864 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-05 00:14 . 2012-05-05 00:14 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 08:50 . 2012-04-19 08:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2011-10-31 17:24 . 2011-10-31 17:24 481 ----a-w- c:\program files (x86)\1031201113244216.bat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2C9771B0-3307-4122-849A-8697E7CA5BCC}]
2011-12-15 01:50 2660000 ----a-w- c:\program files (x86)\SpeedBit Toolbar\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
2012-06-10 01:37 2660016 ----a-w- c:\program files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}]
2012-06-10 01:37 2660016 ----a-w- c:\program files (x86)\SPEEDbit Video Downloader\Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}]
2012-07-03 19:33 428712 ----a-w- c:\program files (x86)\DAP\LinkVerifier.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"= "c:\program files (x86)\SpeedBit Toolbar\Toolbar\tbcore3.dll" [2011-12-15 2660000]
.
[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-11 39408]
"DownloadAccelerator"="c:\program files (x86)\DAP\DAP.EXE" [2012-07-03 3774680]
"MotoCast"="c:\program files (x86)\Motorola Mobility\MotoCast\MotoLauncher.lnk" [2012-07-03 2051]
"DAP10"="c:\program files (x86)\DAP\DAP.EXE" [2012-07-03 3774680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2010-06-08 75072]
"RDVCHG"="c:\program files (x86)\Sprint\Sprint SmartView\RDVCHG.exe" [2010-06-08 316736]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-01 03:20 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 135664]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-06-06 185856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 257224]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service; [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2010-06-08 124224]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 135664]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 151040]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2012-01-25 22016]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 27136]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys [2011-11-08 11776]
R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2011-09-22 43028328]
R3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2.sys [2010-06-08 213376]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [2010-06-08 43032]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [2010-07-18 21200]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-09 110960]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-19 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 370024]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-06-13 5161080]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [2012-06-05 87400]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-06-05 116632]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2010-01-11 82944]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2011-09-02 65657]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-11-12 84512]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 11:39]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 13:42]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-11 13:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]
2012-06-06 13:15 201728 ----a-w- c:\program files\Web Assistant\Extension64.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2010-02-18 17:01 396800 ----a-w- c:\program files (x86)\DAP\DAPIELoader64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-02 16395880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-01 11106408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://us.mg6.mail.yahoo.com/neo/launch?.rand=25hba690aipps
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: &Verify with DAP - c:\program files (x86)\DAP\dapverify.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Name-Space Handler: FTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
Name-Space Handler: HTTP\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~2\DAP\dapie.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-incredibar - c:\program files (x86)\Incredibar.com\incredibar\1.5.11.14\uninstall.exe
AddRemove-Yahoo! Mail - c:\windows\system32\regsvr32
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_ 3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Speedbit\SbUpdate\SBUpdate.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Completion time: 2012-07-06 22:17:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 02:17
.
Pre-Run: 8,797,745,152 bytes free
Post-Run: 9,467,187,200 bytes free
.
- - End Of File - - 02F97FE486086B4E08B240E6F284FB97

kevinf80 · 07-Jul-2012, 04:59 AM #9

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:

ClearJavaCache::
Killall::
Folder::
c:\program files\Web Assistant
c:\program files (x86)\SpeedBit Toolbar
File::
c:\program files (x86)\1031201113244216.bat
Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{2C9771B0-3307-4122-849A-8697E7CA5BCC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}"=-
[-HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[-HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[-HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}]

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Next,

Run ESET Online Scan

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

Check
Click the button.
Accept any security warnings from your browser.
Check
Leave the tick out of remove found threats
Push the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Post those two logs, also give update on any issues or concerns..

Kevin

JBhunter45 · 02:41 PM

combofix

kevinf80 · 07-Jul-2012, 02:09 PM **#11**

That CF log is from the third run and is from a full scan not a Script run as per the instructons in reply #9 what happened to the log from that scan? It should be in C:\Qoobox and listed as ComboFix2.txt possibly?, can I see that please

JBhunter45 · 07-Jul-2012, 02:19 PM **#12**

Just edited the above post. Is that the right file?
I am running ESET scan now.
The redirects have seemed ot stop, Google still warns of a program trying to change browser settings.

kevinf80 · 07-Jul-2012, 02:38 PM **#13**

Nope that is from initial run of Combofix...

JBhunter45 · 07-Jul-2012, 02:40 PM **#14**

OK, I'll rerun combofix when ESET is finished. It found 10 items and is 97% complete on the scan.

kevinf80 · 07-Jul-2012, 03:15 PM **#15**

No need to re-run CF, I wanted to see the script fix log. Just post the ESET log and give an update on issues/concerns

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Trojan horse help (redirecting searches)

Find the solution to your computer problem!

Find the solution to your
computer problem!