Google redirect, and restart loop

Inactive
By Elmorell
Oct 9, 2011
Topic Status:
Not open for further replies.
  1. So I've been seeing my Google searches redirect to sketchy search sites for a few days... ran Malwarebytes and thought I got rid of it, but apparently not, because I now have some sort of boot virus. My computer is stuck in a restart cycle... I log into my user account and I have a black desktop with half of my icons missing (including malwarebytes), get a lot of error messages related to Startup Repair, and then it gives me the option to download that (which I assume is a trojan) or restart. I can't access safe mode--when I do a hard reboot, I don't get the option to choose safe mode, instead I get another Startup Repair message. I have access to other computers that I can download repair files to, if that helps. Anyone have a solution?

    Thanks in advance
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I don't know what OS you're using, but try the following and see if it handles the loop. Since you cannot boot into Safe Mode, you would begin on Step 8. Screen shots will help:

    Startup Repair Infinite Loop Recovery
    http://www.sevenforums.com/tutorials/139576-startup-repair-infinite-loop-recovery.html
    ====================================
    If you are successful in resolving the loop, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ========================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  3. Elmorell

    Elmorell Newcomer, in training Topic Starter Posts: 38

    After trying that fix, I was able to boot into Safe Mode, although when I tried to boot into normal mode, the loop persisted. After running MBAM in Safe Mode and restarting, I was then able to boot into normal mode without the loop. I ran MBAM again in Normal Mode, but wasn't able to run GMER in normal mode--I ran it in safe mode instead. Then I booted back into normal mode and ran DDS. The logfiles are copy-pasted below--thanks for all your help.

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7917

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 8.0.7601.17514

    10/10/2011 3:01:50 PM
    mbam-log-2011-10-10 (15-01-50).txt

    Scan type: Quick scan
    Objects scanned: 177765
    Time elapsed: 3 minute(s), 37 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\Users\jmorell\AppData\Local\Temp\7197.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    c:\Users\jmorell\AppData\Local\Temp\RelPost.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


    The GMER log was blank--it definitely scanned, but it didn't look like it found anything, and the log is just a blank .txt document.

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514
    Run by jmorell at 15:15:14 on 2011-10-10
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6125.4627 [GMT -4:00]
    .
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Users\jmorell\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
    C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uDefault_Page_URL = hxxp://sony.msn.com
    uStart Page = my.daemon-search.com
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    uRun: [googletalk] C:\Users\jmorell\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun: [<NO NAME>]
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: DhcpNameServer = 128.112.129.111 128.112.129.32 128.112.128.1
    TCP: Interfaces\{72F73F73-2D2A-430D-89B4-1FEFA3FC1842} : DhcpNameServer = 128.112.129.111 128.112.129.32 128.112.128.1
    TCP: Interfaces\{72F73F73-2D2A-430D-89B4-1FEFA3FC1842}\245727E65637370284F65737560235470214E64627567737 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{72F73F73-2D2A-430D-89B4-1FEFA3FC1842}\3516E646F677E62424 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{72F73F73-2D2A-430D-89B4-1FEFA3FC1842}\8497164747F575962756C6563737 : DhcpNameServer = 4.2.2.1
    TCP: Interfaces\{72F73F73-2D2A-430D-89B4-1FEFA3FC1842}\B496C6D61627E6F636B6021427D637 : DhcpNameServer = 4.2.2.2 8.8.8.8
    TCP: Interfaces\{E2F7B73E-EAEF-4FD1-9963-5448EF0CF059} : DhcpNameServer = 128.112.133.220 128.112.128.1 128.112.129.32
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO-X64: SmartSelect - No File
    TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
    mRun-x64: [(Default)]
    mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
    mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\bi65epm3.default\
    FF - component: C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPCltInst11.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R?2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-6-2 259192]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-6-16 1143416]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSviA64.sys [2011-6-16 488056]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-2 13336]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-6-14 130008]
    R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-2-15 47104]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    R2 rimspci;rimspci;C:\Windows\system32\DRIVERS\rimssne64.sys --> C:\Windows\system32\DRIVERS\rimssne64.sys [?]
    R2 risdsnpe;risdsnpe;C:\Windows\system32\DRIVERS\risdsnxc64.sys --> C:\Windows\system32\DRIVERS\risdsnxc64.sys [?]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-3-20 378472]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-6-2 852160]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-6-13 136824]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-6-2 105024]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-6-2 2656280]
    S2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-6-2 550080]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
    S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
    S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
    S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-19 546608]
    S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-19 385336]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-19 99104]
    S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-6-2 44736]
    S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-6-2 1021112]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-10-10 19:00:56 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5C7B63F1-D165-44EE-8A53-9FCAF0F01327}\mpengine.dll
    2011-09-26 05:21:32 -------- d-----w- C:\Users\jmorell\AppData\Roaming\RStudio
    2011-09-26 05:15:06 -------- d-----w- C:\Users\jmorell\AppData\Local\RStudio-Desktop
    2011-09-26 05:11:42 -------- d-----w- C:\Program Files\RStudio
    2011-09-26 05:09:44 -------- d-----w- C:\Program Files\R
    2011-09-22 23:59:39 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
    2011-09-22 23:59:20 -------- d-----w- C:\Users\jmorell\AppData\Local\Microsoft Help
    2011-09-22 03:27:55 -------- d-----w- C:\Users\jmorell\AppData\Roaming\Malwarebytes
    2011-09-22 03:27:48 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-09-22 03:27:45 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-09-22 03:27:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    .
    ==================== Find3M ====================
    .
    2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-15 20:25:32 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 15:16:36.81 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 6/13/2011 8:43:42 PM
    System Uptime: 10/10/2011 3:12:34 PM (0 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM) i7-2720QM CPU @ 2.20GHz | N/A | 792/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 450 GiB total, 272.433 GiB free.
    D: is Removable
    E: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP44: 9/19/2011 3:00:17 AM - Windows Update
    RP45: 9/22/2011 7:58:43 PM - Installed Microsoft Office Home and Student 2010
    RP46: 9/22/2011 8:04:15 PM - Configured Microsoft Office Home and Student 2010
    RP47: 9/23/2011 3:00:20 AM - Windows Update
    RP48: 9/24/2011 3:01:14 AM - Windows Update
    RP49: 9/27/2011 10:09:53 AM - Windows Update
    RP50: 9/30/2011 12:02:27 PM - Windows Update
    RP51: 10/4/2011 10:08:02 AM - Windows Update
    RP48: 10/10/2011 3:00:07 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    Adobe Acrobat 9 Standard
    Adobe Acrobat 9.4.1 - CPSID_83708
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop Elements 9
    Adobe Premiere Elements 9
    Adobe Reader X MUI
    Amazon Unbox Video
    Apple Application Support
    Apple Software Update
    Application Manager for VAIO
    ArcSoft Magic-i Visual Effects 2
    ArcSoft WebCam Companion 4
    Assassin's Creed Brotherhood
    Assassin's Creed II
    Audiosurf
    Bing Bar
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Call of Duty: Modern Warfare 2
    D3DX10
    Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dragon Age II
    Elements 9 Organizer
    Elements STI Installer
    Google Talk (remove only)
    iLinc 11 Client
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 22
    Junk Mail filter update
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Mesh Runtime
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_CRT_x86
    Mozilla Firefox 6.0.2 (x86 en-US)
    Mozilla Thunderbird (3.1.13)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Norton Internet Security
    NVIDIA 3D Vision Video Player
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Oasis2Service 1.0
    OOBE
    PMB
    PMB VAIO Edition Guide
    PMB VAIO Edition Plug-in
    Portal 2
    PunkBuster Services
    QuickTime
    Realtek High Definition Audio Driver
    Remote Keyboard
    Remote Play with PlayStation 3
    Renesas Electronics USB 3.0 Host Controller Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Excel 2010 (KB2553070)
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft PowerPoint 2010 (KB2519975)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Word 2010 (KB2345000)
    SmartSound Quicktracks for Premiere Elements 9.0
    SSLx86
    Steam
    System Requirements Lab CYRI
    Ubisoft Game Launcher
    UCINET 6
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2523113)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft OneNote 2010 (KB2493983)
    Update for Microsoft Outlook Social Connector (KB2583935)
    VAIO - Media Gallery
    VAIO - PMB VAIO Edition Guide
    VAIO - PMB VAIO Edition Plug-in
    VAIO - Remote Keyboard
    VAIO - Remote Play with PlayStation®3
    VAIO Care
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO Easy Connect
    VAIO Event Service
    VAIO Gate
    VAIO Gate Default
    VAIO Hardware Diagnostics
    VAIO Help and Support
    VAIO Improvement
    VAIO Manual
    VAIO Messenger
    VAIO Quick Web Access
    VAIO Sample Contents
    VAIO Satisfaction Survey.
    VAIO Smart Network
    VAIO Transfer Support
    VAIO Update
    VCCx86
    VESx86
    VIx86
    VWSTx86
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/5/2011 2:30:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    10/10/2011 3:08:42 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2011 3:08:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/10/2011 3:08:42 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/10/2011 3:08:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/10/2011 3:08:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/10/2011 3:08:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/10/2011 3:08:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/10/2011 3:08:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
    10/10/2011 3:08:15 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2011 3:08:15 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2011 3:08:15 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2011 3:08:15 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2011 3:08:15 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2011 3:08:15 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2011 3:08:15 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2011 3:08:15 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/10/2011 3:08:15 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2011 3:08:15 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/10/2011 3:08:15 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    .
    ==== End Of File ===========================


    Let me know what else you need, or what the next steps are... thanks!
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay, we made progress on two points. Let's go for broke! You'll want to run the following in Normal Mode and if Combofix offers the Recovery Console, accept it.

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once installed, you should see a blue screen prompt that says:
      The Recovery Console was successfully installed.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    Please post the entire log with heading resembling this:
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ====================================
    Remind me to bring your attention to all the programs and processes that Sony pre-loads and ask if you're ever gone through them to remove what you don't need and to change the Services Startup Type to Manual instead of Automatic. I'll give you the info you need then.

    Please go on to next reply when finished with the above.
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    To continue:

    Please update Java: Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    ----------------------------------
    There is usually malware in the Java cache when there is an outdated version of Java, so that needs to be cleared:
    1. . Click Start > Control Panel.
    2. . Double-click the Java icon [​IMG] in the Control Panel.
    3. . Click Settings under Temporary Internet Files.
      http://www.java.com/en/img/download/5000020303.jpg[/b]
      There are three options on this window to clear the cache.(Version dependent)
      [o]. Delete Files
      [o]. View Applications
      [o]. View Applets
      [*]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [*]. Click OK on Temporary Files Settings window. [/list]
  6. Elmorell

    Elmorell Newcomer, in training Topic Starter Posts: 38

    I ran both of those tools and uninstalled Java and reinstalled it... when I ran ESET though, it found 11 items and removed them, but I never got an option (that I saw, I might have missed it) to save a log--instead I just clicked "Finish" and got a little ad for buying the full version, which I exited out of. Should I re-run the scan and try and get a log from that, to make sure I didn't miss it?

    Combofix log:

    ComboFix 11-10-11.02 - jmorell 10/11/2011 12:41:51.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6125.4273 [GMT -4:00]
    Running from: c:\users\jmorell\Downloads\ComboFix.exe
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\jmorell\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    c:\users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\bi65epm3.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}
    c:\users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\bi65epm3.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}\chrome.manifest
    c:\users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\bi65epm3.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}\chrome\xulcache.jar
    c:\users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\bi65epm3.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}\defaults\preferences\xulcache.js
    c:\users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\bi65epm3.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}\install.rdf
    c:\users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\n4ddeicq.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}
    c:\users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\n4ddeicq.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}\chrome.manifest
    c:\users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\n4ddeicq.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}\chrome\xulcache.jar
    c:\users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\n4ddeicq.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}\defaults\preferences\xulcache.js
    c:\users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\n4ddeicq.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}\install.rdf
    c:\users\jmorell\Documents\~WRL0003.tmp
    c:\users\jmorell\Documents\~WRL0005.tmp
    c:\users\jmorell\Documents\~WRL0107.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-11 16:52 . 2011-10-11 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-11 16:01 . 2011-10-11 16:01 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D52D61B-5E69-45CD-8A17-C899B8A6DBB3}\offreg.dll
    2011-10-11 16:01 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1D52D61B-5E69-45CD-8A17-C899B8A6DBB3}\mpengine.dll
    2011-09-26 05:21 . 2011-09-26 05:21 -------- d-----w- c:\users\jmorell\AppData\Roaming\RStudio
    2011-09-26 05:15 . 2011-10-09 23:39 -------- d-----w- c:\users\jmorell\AppData\Local\RStudio-Desktop
    2011-09-26 05:09 . 2011-09-26 05:09 -------- d-----w- c:\program files\R
    2011-09-22 23:59 . 2011-09-22 23:59 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
    2011-09-22 23:59 . 2011-09-22 23:59 -------- d-----w- c:\users\jmorell\AppData\Local\Microsoft Help
    2011-09-22 23:59 . 2011-09-24 07:02 -------- d-----w- c:\programdata\Microsoft Help
    2011-09-22 03:27 . 2011-09-22 03:27 -------- d-----w- c:\users\jmorell\AppData\Roaming\Malwarebytes
    2011-09-22 03:27 . 2011-09-22 03:27 -------- d-----w- c:\programdata\Malwarebytes
    2011-09-22 03:27 . 2011-10-10 18:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-09-22 03:27 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-22 05:22 . 2011-08-09 19:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-22 04:54 . 2011-08-09 19:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-07-16 05:41 . 2011-08-09 19:15 362496 ----a-w- c:\windows\system32\wow64win.dll
    2011-07-16 05:41 . 2011-08-09 19:15 243200 ----a-w- c:\windows\system32\wow64.dll
    2011-07-16 05:41 . 2011-08-09 19:15 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2011-07-16 05:39 . 2011-08-09 19:15 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2011-07-16 05:37 . 2011-08-09 19:15 421888 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 05:21 . 2011-08-09 19:15 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 04:29 . 2011-08-09 19:15 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26 . 2011-08-09 19:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-16 04:25 . 2011-08-09 19:15 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2011-07-16 04:24 . 2011-08-09 19:15 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2011-07-16 04:24 . 2011-08-09 19:15 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2011-07-16 04:15 . 2011-08-09 19:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-09 19:15 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2011-07-16 02:21 . 2011-08-09 19:15 2048 ----a-w- c:\windows\SysWow64\user.exe
    2011-07-16 02:17 . 2011-08-09 19:15 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-09 19:15 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-09 19:15 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-09 19:15 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-15 20:25 . 2011-07-15 20:25 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "googletalk"="c:\users\jmorell\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-08-20 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-3-24 1219360]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
    R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-02-19 546608]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-20 1143416]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-11 488056]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
    S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-02-15 47104]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]
    S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys [x]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-03-20 378472]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-07 2656280]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-02-15 550080]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-02-28 852160]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
    S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-06-14 136824]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
    S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-03-30 1021112]
    .
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-07 11776104]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-07 2188904]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = my.daemon-search.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 128.112.129.111 128.112.129.32 128.112.128.1
    FF - ProfilePath - c:\users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\bi65epm3.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
    --
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-10-11 12:57:05
    ComboFix-quarantined-files.txt 2011-10-11 16:57
    .
    Pre-Run: 291,580,489,728 bytes free
    Post-Run: 291,137,101,824 bytes free
    .
    - - End Of File - - C94171D5DB1D1FF357BB4FEE2BCA6AAA
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Yes, please run it again and include the entire log, from the header down.
    --------------------------------
    When you click Start in the Eset scan, you will get the following Window:
    [​IMG]
    The first line is pre-checked with 'Removed Found Threats.'
    You need to Uncheck this box.

    Please use the same Eset download rescan. I'd like you to leave the full log from the header down> that should show me what was removed. This is important information. I need to see what the malware was and where it was located.
  8. Elmorell

    Elmorell Newcomer, in training Topic Starter Posts: 38

    This is the ESET log redone:

    C:\Qoobox\Quarantine\C\Users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\bi65epm3.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\bi65epm3.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
    C:\Qoobox\Quarantine\C\Users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\n4ddeicq.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
    C:\Qoobox\Quarantine\C\Users\jmorell\AppData\Roaming\Mozilla\Firefox\Profiles\n4ddeicq.default\extensions\{648632c8-039b-4221-98cb-a6e0f97b644c}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
    C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-10a36600 a variant of Java/Agent.DT trojan
    C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-29ec4e77 a variant of Java/Agent.DT trojan
    C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-2d9281a3 a variant of Java/Agent.DT trojan
    C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-3ea26470 a variant of Java/Agent.DT trojan
    C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-59117a89 a variant of Java/Agent.DT trojan
    C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-6f991377 a variant of Java/Agent.DT trojan
    C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5234f035-52acd25d a variant of Java/Agent.DU trojan
  9. Elmorell

    Elmorell Newcomer, in training Topic Starter Posts: 38

    That's the entire log, I didn't see a header like the one you described. Where would it be located?
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    This is okay. It shows the 11 items. The entries in the Qoobox have been quarantined by Combofix. The others are in the Java cache.As I explained in Reply #5, Malware gets there usually when there is outdated versions of Java on the system. I left instructions previously to update Java and empty the Java cache- did you do that before running the Eset scan? See my Reply #5.

    I'd like you to empty the cache again: See Reply #5
    =============================
    Run this to be sure: Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      
      :Files  
      C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-10a36600 
      C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-29ec4e77 
      C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-2d9281a3 
      C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-3ea26470 
      C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-59117a89 
      C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-6f991377 C:\Users\jmorell\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5234f035-52acd25d
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ==================================
    Update the Adobe Reader please to V10:Adobe Reader site You have some v8 and some v9 entries> Uninstall any earlier updates as they are vulnerabilities.
    ================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
    DDS::
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: SmartSelect - No File
    Driver::
    BBSvc
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply./
    ===========================================
    A Note about the BingBar
    I put the BingBar browser helper object and the toolbar in the script for removal. If you downloaded this intentionally, keep tabs on it. I am seeing what is referred to as the Bing/Zugo bar. Bing is okay- Zugo is not. I haven't been able to find the source of the combination- whether it is pre-checked item on some download screens or the combination is included on some web sites.

    If you want to put it back on your system, make sure you d/l from the homesite. It also has an update Service. To my thinking, toolbars don't need to contact the internet every day, all day, looking for updates! How often does a toolbar get an update?!

    To address that, you should disable the Service:
    Start> Run> type in services.msc> enter> right click on BBSvc> change the startup Type to Disabled> Stop the Service.
    Exit
  11. Elmorell

    Elmorell Newcomer, in training Topic Starter Posts: 38

    I'm not sure why, but the logs together ended up being over 300000 characters--rather than splitting it up into 5+ posts, I've attached 2 .txt files that are parts one and two of my post.

    Attached Files:

     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please use however many posts you need. It's too time consuming for me to have to copy and paste entries if I have to ID them.

    Sometimes there is a long section in the middle of Combofix, but I can't predict it.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.