TechSpot

Possible Infection?

By Val1717
Dec 20, 2010
  1. Hi there,

    I recently tried to clean out my downloads folder and discovered that I was unable to delete a particular video file (Godfather). No matter what I do, I can't seem to get rid of this file. I also noticed that my computer is running and peaking at around 90% cpu usage (even when idle at times), even though I have next to nothing running. Please help.

    Regards
     
  2. Val1717

    Val1717 TS Rookie Topic Starter

    Sorry for the double post. I managed to delete the file in Safe Mode. However, I would still like to see if there is the possibility of anything that could be affecting my computer. Thank you, again.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If you would like us to check the system for malware, please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.
     
  4. Val1717

    Val1717 TS Rookie Topic Starter

    Thank you for the quick reply:

    MBAM Log:

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5391

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 7.0.6001.18000

    12/25/2010 12:28:05 AM
    mbam-log-2010-12-25 (00-28-05).txt

    Scan type: Quick scan
    Objects scanned: 153094
    Time elapsed: 2 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    *****************************************************

    GMER Log:

    BLANK LOG

    *****************************************************
    DDS.txt:

    DDS (Ver_10-12-12.02) - NTFS_AMD64
    Run by Cyrus at 0:31:17.36 on Sat 12/25/2010
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3962.2528 [GMT -8:00]

    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\ehome\ehsched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Users\Cyrus\Desktop\i0gdl6z7.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Cyrus\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [googletalk] C:\Users\Cyrus\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
    mRun: [VWLASU] "C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe"
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    StartupFolder: C:\Users\Cyrus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
    Notify: VESWinlogon - VESWinlogon.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    mRun-x64: [RtHDVCpl] RAVCpl64.exe
    mRun-x64: [Skytel] Skytel.exe
    mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Cyrus\AppData\Roaming\Mozilla\Firefox\Profiles\2r3z2r1e.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.usc.edu/
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Users\Cyrus\AppData\Roaming\Mozilla\plugins\npicaN.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

    ============= SERVICES / DRIVERS ===============

    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2007-1-14 55024]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-20 121936]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-20 20048]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-20 61008]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-20 40384]
    R2 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2009-10-20 47632]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2007-1-14 104960]
    R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2008-11-12 407392]
    R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-9-3 446464]
    R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-5-5 583360]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2007-1-14 19968]
    R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2008-11-12 293376]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2008-8-28 4745216]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2008-11-12 11392]
    R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2008-11-12 393728]
    S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-20 40384]
    S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-20 40384]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2008-11-12 36392]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-8-10 93184]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2007-1-14 103712]
    S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDms.exe [2007-1-14 353568]
    S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Sony\VAIO Media plus\SOHDs.exe [2007-1-14 62752]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-1-14 369952]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2007-1-14 108832]

    =============== Created Last 30 ================

    2010-12-25 08:25:11 -------- d-----w- C:\Users\Cyrus\AppData\Roaming\Malwarebytes
    2010-12-25 08:24:56 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-25 08:24:55 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-12-25 08:24:52 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-12-25 08:24:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-12-24 07:13:45 83249512 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc44D3.tmp
    2010-12-22 01:01:15 3765288 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2010-12-22 01:01:12 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{8B1CD772-8AB3-43C4-92D6-3224CFBEF9AD}\mpengine.dll
    2010-12-22 01:01:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-12-20 09:05:19 38848 ----a-w- C:\Windows\avastSS.scr
    2010-12-20 09:03:28 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2010-12-20 09:02:34 -------- d-----w- C:\PROGRA~3\Alwil Software
    2010-12-20 08:54:58 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
    2010-12-20 08:20:19 -------- d-----w- C:\Program Files (x86)\Panda Security
    2010-12-20 07:40:58 -------- d-----w- C:\Users\Cyrus\AppData\Roaming\SUPERAntiSpyware.com
    2010-12-20 07:40:58 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
    2010-12-20 07:40:55 -------- d-----w- C:\PROGRA~3\!SASCORE
    2010-12-20 07:40:51 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2010-12-19 07:18:55 -------- d-----w- C:\Program Files\iPod
    2010-12-19 07:18:53 -------- d-----w- C:\Program Files\iTunes
    2010-12-19 07:18:53 -------- d-----w- C:\Program Files (x86)\iTunes
    2010-12-19 07:18:53 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2010-12-19 07:14:49 -------- d-----w- C:\Program Files\Bonjour
    2010-12-19 07:14:49 -------- d-----w- C:\Program Files (x86)\Bonjour
    2010-11-30 01:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-11-30 01:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-11-27 09:04:54 719872 ----a-w- C:\Windows\SysWow64\devil.dll
    2010-11-27 09:04:54 308224 ----a-w- C:\Windows\SysWow64\avisynth.dll

    ==================== Find3M ====================

    2010-10-07 20:36:16 96544 ----a-w- C:\Windows\System32\dnssd.dll
    2010-10-07 20:36:16 237856 ----a-w- C:\Windows\System32\dnssdX.dll
    2010-10-07 20:36:16 119584 ----a-w- C:\Windows\System32\dns-sd.exe
    2010-10-07 20:23:02 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
    2010-10-07 20:23:02 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
    2010-10-07 20:23:02 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
    2010-09-28 23:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
    2010-09-28 23:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll

    ============= FINISH: 0:31:58.56 ===============

    ********************************************************************

    Attach.txt:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/23/2009 12:10:48 AM
    System Uptime: 12/25/2010 12:22:24 AM (0 hours ago)

    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | N/A | 2000/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 223 GiB total, 144.585 GiB free.
    D: is Removable
    E: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet 6500 E709n
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 6500 E709n
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: HP Color LaserJet 3600
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet 3600
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart D110 series
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer: HP
    Name: Photosmart D110 series
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart D110 series
    Device ID: ROOT\MULTIFUNCTION\0003
    Manufacturer: HP
    Name: Photosmart D110 series
    PNP Device ID: ROOT\MULTIFUNCTION\0003
    Service:

    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Officejet J4680 series
    Device ID: ROOT\MULTIFUNCTION\0004
    Manufacturer: HP
    Name: Officejet J4680 series
    PNP Device ID: ROOT\MULTIFUNCTION\0004
    Service:

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64
    PNP Device ID: ROOT\NET\0000
    Service: vpnva

    ==== System Restore Points ===================


    ==== Installed Programs ======================


    6500_E709_BasicWeb
    6500_E709_Help_BasicWeb
    AC3Filter 1.63b
    Acrobat.com
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Reader 9.4.1
    Adobe Stock Photos 1.0
    AOL Instant Messenger
    Apple Application Support
    Apple Software Update
    ArcSoft Magic-i Visual Effects 2
    ArcSoft WebCam Companion 2
    AutoUpdate
    avast! Free Antivirus
    BitTorrent
    BlackBerry Desktop Software 6.0
    bpd_scan
    BPDSoftware_Ini
    BufferChm
    Cisco AnyConnect VPN Client
    Citrix XenApp Web Plugin
    Click to Disc
    Click to Disc Editor
    Compatibility Pack for the 2007 Office system
    D1600
    DivX Codec
    DivX Version Checker
    DJ_SF_06_D1600_SW_Min
    Google Talk (remove only)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    HPPhotoGadget
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) SE Runtime Environment 6
    Malwarebytes' Anti-Malware
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Mozilla Firefox (3.6.13)
    MSVCRT
    MSXML 4.0 SP2 Parser and SDK
    Music Transfer
    Octoshape add-in for Adobe Flash Player
    OpenMG Secure Module 5.1.00
    Primo
    QuickBooks Simple Start 2009
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy Media Creator 10 LJ
    Scan
    Setting Utility Series
    SmartWebPrinting
    Sony Picture Utility
    Sony Video Shared Library
    SpywareBlaster 4.4
    SupportSoft Assisted Service
    Toolbox
    VAIO Content Folder Setting
    VAIO Content Folder Watcher
    VAIO Content Metadata Intelligent Analyzing Manager
    VAIO Content Metadata Manager Setting
    VAIO Content Metadata XML Interface Library
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data Basic
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Help and Support
    VAIO Launcher
    VAIO Media plus
    VAIO Media plus Opening Movie
    VAIO Movie Story
    VAIO Movie Story Template Data
    VAIO My Memory Center
    VAIO Original Function Setting
    VAIO Power Management
    VAIO Update 4
    VAIO Wallpaper Contents
    VAIO Wireless Wizard
    VC80CRTRedist - 8.0.50727.762
    Viewpoint Media Player
    WebReg
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinDVD for VAIO
    WinPcap 4.1.1
    WinRAR archiver
    WM Recorder 14
    Yahoo! Messenger

    ==== End Of File ===========================
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    These logs look pretty good- let run the following to make sure:


    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
    =================================
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    You need to update Java:
    Check this site. Java Updates Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
     
  6. Val1717

    Val1717 TS Rookie Topic Starter

    Holiday has been killin' me. I'll post what I find after I do this. Thank you for your help!
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No problem- I'm running behind. Take your time.
     
  8. Val1717

    Val1717 TS Rookie Topic Starter

    Happy New Year!

    ESET LOG:

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=f7314e96e115d7409b091f5f79cd223a
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-01-02 01:43:46
    # local_time=2011-01-01 05:43:46 (-0800, Pacific Standard Time)
    # country="United States"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=768 16777215 100 0 0 0 0 0
    # compatibility_mode=5892 16776573 100 56 533386 130527585 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=163432
    # found=0
    # cleaned=0
    # scan_time=3747

    *****************************************

    Just an FYI, while running combofix: Windows notified that it could not close "PEV.cfxxe."

    Combofix Log:

    ComboFix 11-01-01.01 - Cyrus 01/01/2011 18:02:44.1.2 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3962.2213 [GMT -8:00]
    Running from: c:\users\Cyrus\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Install.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-02 to 2011-01-02 )))))))))))))))))))))))))))))))
    .

    2011-01-02 02:14 . 2011-01-02 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-02 02:14 . 2011-01-02 02:14 -------- d-----w- c:\users\Cyrus\AppData\Local\temp
    2011-01-01 03:44 . 2011-01-01 03:44 -------- d-----w- c:\users\Cyrus\AppData\Local\{8B439BEF-4A2C-41CF-AE6F-B8C072EECCBB}
    2010-12-31 06:05 . 2010-12-31 06:05 -------- d-----w- c:\users\Cyrus\AppData\Local\{B5305135-33C5-4A95-A56F-619E65F324CE}
    2010-12-30 06:16 . 2010-12-30 06:16 -------- d-----w- c:\users\Cyrus\AppData\Local\{923BD3E2-147E-4183-919A-A9A0BAD1DA3D}
    2010-12-29 08:31 . 2010-12-29 13:23 -------- d-----w- c:\users\Cyrus\AppData\Local\{72CBA11C-A3E3-48D6-BF7A-FEBD422E0F95}
    2010-12-29 08:31 . 2010-12-29 08:31 -------- d-----w- c:\users\Cyrus\AppData\Local\{79268C15-4210-4DB9-958D-E41F9862E76D}
    2010-12-28 08:16 . 2010-12-28 08:16 -------- d-----w- c:\users\Cyrus\AppData\Local\{C92CDEDA-1EF0-4BEA-AC99-17732A810128}
    2010-12-27 04:50 . 2010-12-27 04:50 -------- d-----w- c:\users\Cyrus\AppData\Local\{D4DEBF4A-107B-4A19-A87B-34CD3744BA3C}
    2010-12-26 10:30 . 2010-12-26 10:30 -------- d-----w- c:\program files (x86)\Pure Motion
    2010-12-26 10:30 . 2010-12-26 10:30 -------- d-----w- c:\program files (x86)\Sonic Foundry
    2010-12-26 10:30 . 2010-12-26 10:38 -------- d-----w- c:\program files (x86)\DebugMode
    2010-12-26 09:54 . 2010-12-26 10:04 -------- d-----w- c:\users\Cyrus\AppData\Roaming\vlc
    2010-12-26 09:54 . 2010-12-26 09:54 -------- d-----w- c:\program files (x86)\VideoLAN
    2010-12-26 09:47 . 2010-12-26 09:47 -------- d-----w- c:\program files\DivX
    2010-12-26 09:45 . 2010-12-26 09:51 -------- d-----w- c:\programdata\DivX
    2010-12-26 09:39 . 2010-12-26 09:39 -------- d-----w- c:\program files (x86)\Xvid
    2010-12-26 09:39 . 2009-06-08 00:25 77824 ----a-w- c:\windows\SysWow64\xvid.ax
    2010-12-26 09:39 . 2009-06-08 00:24 180224 ----a-w- c:\windows\SysWow64\xvidvfw.dll
    2010-12-26 09:39 . 2009-06-08 00:16 819200 ----a-w- c:\windows\SysWow64\xvidcore.dll
    2010-12-26 02:36 . 2010-12-26 02:37 -------- d-----w- c:\users\Cyrus\AppData\Local\{C4F4119E-74EB-494B-B64F-9F1C5E45551C}
    2010-12-26 02:28 . 2010-12-26 02:28 -------- d-----w- c:\program files\Windows Live
    2010-12-26 02:26 . 2010-12-29 08:31 -------- d-----w- c:\users\Cyrus\AppData\Local\Windows Live
    2010-12-26 02:00 . 2010-12-26 02:00 -------- d-----w- c:\windows\SysWow64\spool
    2010-12-26 02:00 . 2010-12-26 02:00 -------- d-----w- c:\program files (x86)\Windows Portable Devices
    2010-12-26 02:00 . 2010-12-26 02:00 -------- d-----w- c:\program files\Windows Portable Devices
    2010-12-26 01:20 . 2009-10-08 21:08 234496 ----a-w- c:\windows\SysWow64\oleacc.dll
    2010-12-26 01:20 . 2009-10-08 21:07 4096 ----a-w- c:\windows\SysWow64\oleaccrc.dll
    2010-12-26 01:20 . 2009-10-08 21:08 555520 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
    2010-12-26 01:15 . 2009-09-10 02:00 92672 ----a-w- c:\windows\SysWow64\UIAnimation.dll
    2010-12-26 01:15 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\SysWow64\UIRibbon.dll
    2010-12-26 01:15 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
    2010-12-26 01:11 . 2010-11-03 10:53 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
    2010-12-26 01:11 . 2010-11-03 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
    2010-12-26 01:10 . 2009-09-10 15:27 1486848 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
    2010-12-26 01:10 . 2009-09-10 14:58 1418752 ----a-w- c:\program files (x86)\Windows Media Player\setup_wm.exe
    2010-12-26 01:10 . 2009-09-10 14:58 310784 ----a-w- c:\windows\SysWow64\unregmp2.exe
    2010-12-26 01:10 . 2009-10-23 17:10 714240 ----a-w- c:\windows\SysWow64\timedate.cpl
    2010-12-26 01:10 . 2010-05-04 19:13 231424 ----a-w- c:\windows\SysWow64\msshsq.dll
    2010-12-26 01:09 . 2010-01-25 12:00 471552 ----a-w- c:\windows\SysWow64\secproc_isv.dll
    2010-12-26 01:09 . 2010-01-25 12:00 471552 ----a-w- c:\windows\SysWow64\secproc.dll
    2010-12-26 01:09 . 2010-01-25 12:00 152576 ----a-w- c:\windows\SysWow64\secproc_ssp_isv.dll
    2010-12-26 01:09 . 2010-01-25 12:00 152064 ----a-w- c:\windows\SysWow64\secproc_ssp.dll
    2010-12-26 01:09 . 2010-01-25 08:21 526336 ----a-w- c:\windows\SysWow64\RMActivate_isv.exe
    2010-12-26 01:09 . 2010-01-25 08:21 346624 ----a-w- c:\windows\SysWow64\RMActivate_ssp_isv.exe
    2010-12-26 01:09 . 2010-01-25 08:21 518144 ----a-w- c:\windows\SysWow64\RMActivate.exe
    2010-12-26 01:09 . 2010-01-25 08:21 347136 ----a-w- c:\windows\SysWow64\RMActivate_ssp.exe
    2010-12-26 01:09 . 2010-01-25 11:58 332288 ----a-w- c:\windows\SysWow64\msdrm.dll
    2010-12-26 01:07 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\SysWow64\gameux.dll
    2010-12-26 01:07 . 2010-08-26 16:33 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
    2010-12-26 01:07 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
    2010-12-26 00:43 . 2010-12-26 00:44 -------- d-----w- c:\windows\SysWow64\ca-ES
    2010-12-26 00:43 . 2010-12-26 00:43 -------- d-----w- c:\windows\SysWow64\eu-ES
    2010-12-26 00:43 . 2010-12-26 00:43 -------- d-----w- c:\windows\SysWow64\vi-VN
    2010-12-26 00:09 . 2009-04-11 07:28 876032 ----a-w- c:\windows\SysWow64\wer.dll
    2010-12-25 23:25 . 2010-12-25 23:25 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
    2010-12-25 23:20 . 2010-09-06 16:20 9728 ----a-w- c:\windows\SysWow64\sscore.dll
    2010-12-25 23:20 . 2010-09-06 16:19 17920 ----a-w- c:\windows\SysWow64\netevent.dll
    2010-12-25 23:20 . 2010-03-05 14:01 420352 ----a-w- c:\windows\SysWow64\vbscript.dll
    2010-12-25 23:20 . 2009-08-24 11:36 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
    2010-12-25 23:18 . 2010-05-27 20:08 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2010-12-25 21:31 . 2010-11-16 20:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{47240EEA-EF62-4EAD-A2C5-83B259A662AF}\mpengine.dll
    2010-12-25 21:14 . 2010-02-20 23:06 24064 ----a-w- c:\windows\SysWow64\nshhttp.dll
    2010-12-25 21:14 . 2010-02-20 23:05 30720 ----a-w- c:\windows\SysWow64\httpapi.dll
    2010-12-25 20:54 . 2009-11-08 18:55 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
    2010-12-25 20:54 . 2009-11-08 18:55 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
    2010-12-25 20:54 . 2009-11-08 18:55 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
    2010-12-25 20:54 . 2009-11-08 18:55 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
    2010-12-25 20:54 . 2009-11-08 18:55 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
    2010-12-25 20:42 . 2010-10-19 04:56 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-12-25 20:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
    2010-12-25 20:39 . 2010-11-02 06:03 638232 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
    2010-12-25 20:37 . 2009-03-08 11:40 115712 ----a-w- c:\program files\Internet Explorer\ielowutil.exe
    2010-12-25 20:37 . 2009-03-08 11:34 115712 ----a-w- c:\program files (x86)\Internet Explorer\ielowutil.exe
    2010-12-25 20:37 . 2009-03-08 11:32 72704 ----a-w- c:\windows\SysWow64\admparse.dll
    2010-12-25 20:37 . 2009-03-08 11:33 18944 ----a-w- c:\windows\SysWow64\corpol.dll
    2010-12-25 20:01 . 2009-09-10 16:48 218624 ----a-w- c:\windows\SysWow64\msv1_0.dll
    2010-12-25 20:00 . 2009-07-15 12:39 313344 ----a-w- c:\windows\SysWow64\wmpdxm.dll
    2010-12-25 20:00 . 2009-07-15 10:21 43520 ----a-w- c:\windows\SysWow64\msdxm.tlb
    2010-12-25 20:00 . 2009-07-15 10:21 18432 ----a-w- c:\windows\SysWow64\amcompat.tlb
    2010-12-25 19:58 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
    2010-12-25 19:58 . 2009-06-10 11:41 2868224 ----a-w- c:\windows\SysWow64\mf.dll
    2010-12-25 19:58 . 2009-04-11 06:28 98816 ----a-w- c:\windows\SysWow64\mfps.dll
    2010-12-25 19:58 . 2009-04-11 06:27 53248 ----a-w- c:\windows\SysWow64\rrinstaller.exe
    2010-12-25 19:58 . 2009-04-11 06:27 24576 ----a-w- c:\windows\SysWow64\mfpmp.exe
    2010-12-25 19:58 . 2009-04-11 04:54 2048 ----a-w- c:\windows\SysWow64\mferror.dll
    2010-12-25 19:58 . 2009-07-17 13:54 71680 ----a-w- c:\windows\SysWow64\atl.dll
    2010-12-25 19:57 . 2010-08-31 15:44 531968 ----a-w- c:\windows\SysWow64\comctl32.dll
    2010-12-25 19:57 . 2010-06-17 18:34 16361984 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
    2010-12-25 19:57 . 2010-06-17 16:47 150528 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
    2010-12-25 19:57 . 2009-04-11 07:11 336896 ----a-w- c:\program files\Movie Maker\WMM2AE.dll
    2010-12-25 19:57 . 2009-04-11 07:11 26624 ----a-w- c:\program files\Movie Maker\WMM2EXT.dll
    2010-12-25 19:57 . 2009-06-04 12:07 2066432 ----a-w- c:\windows\SysWow64\mstscax.dll
    2010-12-25 19:57 . 2009-04-11 06:28 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll
    2010-12-25 19:57 . 2009-04-11 06:28 136192 ----a-w- c:\windows\SysWow64\aaclient.dll
    2010-12-25 19:57 . 2010-10-28 13:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2010-12-25 19:55 . 2010-10-12 17:43 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
    2010-12-25 19:54 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\SysWow64\quartz.dll
    2010-12-25 19:54 . 2009-12-04 18:30 12288 ----a-w- c:\windows\SysWow64\tsbyuv.dll
    2010-12-25 19:54 . 2009-12-04 18:28 31744 ----a-w- c:\windows\SysWow64\msvidc32.dll
    2010-12-25 19:54 . 2009-12-04 18:28 22528 ----a-w- c:\windows\SysWow64\msyuv.dll
    2010-12-25 19:54 . 2009-12-04 18:28 123904 ----a-w- c:\windows\SysWow64\msvfw32.dll
    2010-12-25 19:54 . 2009-12-04 18:28 13312 ----a-w- c:\windows\SysWow64\msrle32.dll
    2010-12-25 19:54 . 2009-12-04 18:28 82944 ----a-w- c:\windows\SysWow64\mciavi32.dll
    2010-12-25 19:54 . 2009-12-04 18:28 50176 ----a-w- c:\windows\SysWow64\iyuv_32.dll
    2010-12-25 19:54 . 2009-12-04 18:27 91136 ----a-w- c:\windows\SysWow64\avifil32.dll
    2010-12-25 19:54 . 2010-08-20 16:05 867328 ----a-w- c:\windows\SysWow64\wmpmde.dll
    2010-12-25 19:45 . 2010-11-04 18:55 352768 ----a-w- c:\windows\SysWow64\taskschd.dll
    2010-12-25 19:45 . 2010-11-04 18:55 270336 ----a-w- c:\windows\SysWow64\taskcomp.dll
    2010-12-25 19:45 . 2010-11-04 16:34 171520 ----a-w- c:\windows\SysWow64\taskeng.exe
    2010-12-25 09:08 . 2009-08-07 02:24 35552 ----a-w- c:\windows\SysWow64\wups.dll
    2010-12-25 09:08 . 2009-08-07 02:23 575704 ----a-w- c:\windows\SysWow64\wuapi.dll
    2010-12-25 09:08 . 2009-08-07 01:44 87552 ----a-w- c:\windows\SysWow64\wudriver.dll
    2010-12-25 09:08 . 2009-08-07 03:23 171608 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2010-12-25 09:08 . 2009-08-07 02:44 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
    2010-12-25 08:28 . 2010-12-27 00:10 -------- d-----w- c:\users\Cyrus\Logs
    2010-12-25 08:25 . 2010-12-25 08:25 -------- d-----w- c:\users\Cyrus\AppData\Roaming\Malwarebytes
    2010-12-25 08:24 . 2010-12-21 02:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2010-12-25 08:24 . 2010-12-25 08:24 -------- d-----w- c:\programdata\Malwarebytes
    2010-12-25 08:24 . 2010-12-25 08:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2010-12-20 09:05 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-20 09:02 . 2010-12-31 20:06 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2010-12-20 09:02 . 2010-12-20 09:02 -------- d-----w- c:\programdata\Alwil Software
    2010-12-20 09:02 . 2010-12-20 09:02 -------- d-----w- c:\program files\Alwil Software
    2010-12-20 08:54 . 2010-12-20 08:55 -------- d-----w- c:\program files (x86)\SpywareBlaster

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
    2010-11-10 10:54 . 2010-11-10 10:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
    2010-11-10 10:26 . 2010-11-10 10:26 73728 ----a-r- c:\users\Cyrus\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\liteico.exe.827545C6_7013_4DE1_8E6C_DAEE4C57F54A.exe
    2010-11-10 10:26 . 2010-11-10 10:26 73728 ----a-r- c:\users\Cyrus\AppData\Roaming\Microsoft\Installer\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}\ARPICON.exe
    2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
    2010-10-07 20:23 . 2010-10-07 20:23 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
    2010-10-07 20:23 . 2010-10-07 20:23 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
    2010-10-07 20:23 . 2010-10-07 20:23 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "googletalk"="c:\users\Cyrus\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 152064]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
    "VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-14 421160]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]

    c:\users\Cyrus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-10-14 1062440]
    QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-9-11 984352]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""

    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-11-07 36392]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Sony\VAIO Media plus\SOHCImp.exe [2008-10-21 103712]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Sony\VAIO Media plus\SOHDms.exe [2008-10-21 353568]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Sony\VAIO Media plus\SOHDs.exe [2008-10-21 62752]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-10-02 369952]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2008-09-19 108832]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-07-12 55856]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-26 834544]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-31 62032]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 47632]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-09-05 407392]
    S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-09-04 446464]
    S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2010-05-06 583360]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 19968]
    S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2008-08-26 293376]
    S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [2008-08-29 4745216]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-08-22 11392]
    S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [2008-05-31 393728]

    .

    --------- x86-64 -----------


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-06 151064]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-06 209432]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-06 181784]
    "RtHDVCpl"="RAVCpl64.exe" [2008-09-16 6430208]
    "Skytel"="Skytel.exe" [2008-09-16 1826816]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-19 1560872]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = about:blank
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
    FF - ProfilePath - c:\users\Cyrus\AppData\Roaming\Mozilla\Firefox\Profiles\2r3z2r1e.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.usc.edu/
    FF - prefs.js: network.proxy.type - 4
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    .
    - - - - ORPHANS REMOVED - - - -

    Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
    Notify-VESWinlogon - VESWinlogon.dll
    AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Cyrus\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
    "ThreadingModel"="Apartment"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker2"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-01-01 18:25:59
    ComboFix-quarantined-files.txt 2011-01-02 02:25

    Pre-Run: 156,002,648,064 bytes free
    Post-Run: 155,597,402,112 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
    - - End Of File - - 34782AE38646862CE9FEAB332698F705
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    And a Happy New year to you also! I keep wondering where 2010 went- it's couldn't have been 356 days long- it went to fast!

    Logs look good. You might want to check these processes out when you have some time. Like all computer manufacturers, Sony send their systems out with a lot of preloaded programs and apps. I find that most users don't use most of them or have any idea they're loading and can be removed if not being used. So check on these when you can: this might help address>>
    VAIO Content Folder Setting
    VAIO Content Folder Watcher
    VAIO Content Metadata Intelligent Analyzing Manager
    VAIO Content Metadata Manager Setting
    VAIO Content Metadata XML Interface Library
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data Basic
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Help and Support
    VAIO Launcher
    VAIO Media plus
    VAIO Media plus Opening Movie
    VAIO Movie Story
    VAIO Movie Story Template Data
    VAIO My Memory Center
    VAIO Original Function Setting
    VAIO Power Management
    VAIO Update 4
    VAIO Wallpaper Contents
    VAIO Wireless Wizard
    Sony Picture Utility
    Sony Video Shared Library
    WinDVD for VAIO


    They are all legitimate processes. None need to be removed, all or most don't need to start on boot and run in the background.

    Have you been able to delete the Godfather file yet?
     
  10. Val1717

    Val1717 TS Rookie Topic Starter

    Godfather file? Elaborate please.
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    So sorry- I lost you during the holidays!

    Your Post #1:
    I missed this:
    Are you till having problems with high usage? Did you review the list of processes I left and take them off of Startup? Did you notice less CPU usage after doing that?
     
  12. Val1717

    Val1717 TS Rookie Topic Starter

    Not a problem. I've been very busy myself. Actually, no problems as of late. I think that file had something to do with it. I think we're good to close this thread. Thank you for all of your help!
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay then. You're very welcome!
    Time to Remove all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...