TechSpot

Possible virus on my home computer

By Laina emmanuel
Apr 27, 2012
  1. Dear all, thank you for helping me clean my office computer.
    Now is the turn of the home computer! I downloaded a Winzip yesterday and somehow it seems to have messed up my computer, and now I have an extra toolbar with the "Winzip logo" and :Back up your PC with Carbonite" logo. Also my homepage has changed to search.conduit.com.

    All help appreciated!

    Here are the logs from the various runs.

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.04.26.02

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Laina :: LAINA-VAIO [administrator]

    27-04-2012 14:45:46
    mbam-log-2012-04-27 (14-45-46).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 200370
    Time elapsed: 4 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-27 15:18:49
    Windows 6.1.7600
    Running: 69mbojn4.exe
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27b11
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004ea88340
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\f07bcbe79202
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27b11 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004ea88340 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\f07bcbe79202 (not active ControlSet)
    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by Laina at 15:24:58 on 2012-04-27
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3950.1057 [GMT 5.5:30]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Users\Laina\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\ProgramData\DatacardService\HWDeviceService64.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
    C:\Program Files\Sony\VAIO Care\VCSpt.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Care\VCsystray.exe
    C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    C:\Windows\SysWOW64\DllHost.exe
    C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Sony\VAIO Care\VCPerfService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\KeePass Password Safe\KeePass.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Laina\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\Magic-i Visual Effects.exe
    C:\Program Files\Sony\VAIO Care\listener.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
    uDefault_Page_URL = hxxp://sony.msn.com
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    mURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - C:\PROGRA~2\WINZIP~2\wzwmcie.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    uRun: [Google Update] "C:\Users\Laina\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun: [SpySweeperRegister] C:\Program Files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Laina\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Laina\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 202.56.230.5 202.56.230.6
    TCP: Interfaces\{4BB1C911-110A-490A-94E5-0B0A895097EC} : DhcpNameServer = 202.56.230.5 202.56.230.6
    TCP: Interfaces\{4BB1C911-110A-490A-94E5-0B0A895097EC}\1496274756C60277962756C6563737 : DhcpNameServer = 202.56.215.54 202.56.215.55
    TCP: Interfaces\{4BB1C911-110A-490A-94E5-0B0A895097EC}\3555441414E4 : DhcpNameServer = 192.168.2.1 192.168.1.1
    TCP: Interfaces\{4BB1C911-110A-490A-94E5-0B0A895097EC}\360727D277966696D23627 : DhcpNameServer = 202.56.230.5 202.56.230.6
    TCP: Interfaces\{4BB1C911-110A-490A-94E5-0B0A895097EC}\A414147414F50323 : DhcpNameServer = 203.192.246.2 203.192.246.3
    TCP: Interfaces\{4BB1C911-110A-490A-94E5-0B0A895097EC}\B4165737475767 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{7CA2AF07-39C3-4B4B-89C4-D1BB3B5C7098} : NameServer = 202.56.230.5,202.56.230.6
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    BHO-X64: WinZipBar - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~2\wzwmcie.dll
    BHO-X64: WinZip Courier BHO - No File
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun-x64: [SpySweeperRegister] C:\Program Files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-26 44768]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-24 13336]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
    R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
    R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
    R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2010-11-16 252416]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-16 2320920]
    R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-11-16 575856]
    R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-18 851824]
    R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-10 537456]
    R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-10 384880]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2010-11-16 836608]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
    R3 huawei_enumerator;huawei_enumerator;C:\Windows\system32\DRIVERS\ew_jubusenum.sys --> C:\Windows\system32\DRIVERS\ew_jubusenum.sys [?]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
    R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-7 304496]
    R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-11-16 1250160]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176]
    S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-11-16 104960]
    S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\Windows\system32\DRIVERS\ew_hwusbdev.sys --> C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176]
    S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
    S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-21 108400]
    S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
    S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-21 67952]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-10 101232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-04-26 07:24:36--------d-----w-C:\Users\Laina\AppData\Local\WinZip
    2012-04-26 06:42:1269000----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2F5A1F8C-9AFB-4F95-A192-890404C1870C}\offreg.dll
    2012-04-26 06:39:47--------d-----w-C:\ProgramData\WinZipEC
    2012-04-26 06:39:46--------d-----w-C:\Program Files (x86)\WinZip Courier
    2012-04-26 06:39:44--------d-----w-C:\Windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP
    2012-04-26 06:38:03--------d-----w-C:\Program Files (x86)\Conduit
    2012-04-26 06:38:00--------d-----w-C:\Users\Laina\AppData\Local\Conduit
    2012-04-26 06:37:59--------d-----w-C:\Program Files (x86)\WinZipBar
    2012-04-26 03:40:0853080----a-w-C:\Windows\System32\drivers\aswRdr2.sys
    2012-04-26 03:38:178917360----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2F5A1F8C-9AFB-4F95-A192-890404C1870C}\mpengine.dll
    .
    ==================== Find3M ====================
    .
    2012-04-04 10:26:4024904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-03-07 00:15:1941184----a-w-C:\Windows\avastSS.scr
    2012-03-07 00:04:06819032----a-w-C:\Windows\System32\drivers\aswSnx.sys
    2012-03-07 00:01:5269976----a-w-C:\Windows\System32\drivers\aswMonFlt.sys
    2012-02-01 08:00:04414368----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 15:25:18.20 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 23-07-2011 18:30:52
    System Uptime: 26-04-2012 18:05:51 (21 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz | N/A | 911/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 284 GiB total, 189.075 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP44: 12-01-2012 16:07:55 - Scheduled Checkpoint
    RP45: 22-01-2012 19:08:37 - Scheduled Checkpoint
    RP46: 30-01-2012 21:46:40 - Scheduled Checkpoint
    RP47: 03-02-2012 08:58:50 - VAIO Care Automatic Restore Point
    RP48: 10-02-2012 20:48:04 - Scheduled Checkpoint
    RP49: 21-04-2012 11:04:09 - Scheduled Checkpoint
    RP50: 26-04-2012 12:02:41 - Installed WinZip 16.5
    .
    ==== Installed Programs ======================
    .
    .
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Illustrator CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Reader X (10.0.1)
    Adobe Setup
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Apple Application Support
    Apple Software Update
    ArcSoft Magic-i Visual Effects 2
    ArcSoft WebCam Companion 3
    avast! Free Antivirus
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compendium 2.0 Beta 1
    Dropbox
    Git version 1.7.6-preview20110708
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Intel(R) Turbo Boost Technology Driver
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 29
    Junk Mail filter update
    KeePass Password Safe 1.20
    Malwarebytes Anti-Malware version 1.61.0.1400
    Media Gallery
    Microsoft Choice Guard
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    MiKTeX 2.9
    MSVCRT
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Norton Online Backup
    OpenOffice.org 3.3
    PDF Settings
    PMB
    PMB VAIO Edition Guide
    PMB VAIO Edition plug-in (Click to Disc)
    PMB VAIO Edition plug-in (VAIO Image Optimizer)
    PMB VAIO Edition plug-in (VAIO Movie Story)
    Prepare Your VAIO
    Quantum GIS Wroclaw 1.7.0 Wroclaw
    QuickTime
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    SciPlore MindMapping
    Skype Click to Call
    Skype™ 5.5
    Strawberry Perl
    Tata Photon+
    TexMakerX 2.1
    VAIO - Media Gallery
    VAIO - PMB VAIO Edition Guide
    VAIO - PMB VAIO Edition plug-in (Click to Disc)
    VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
    VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
    VAIO Care
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data
    VAIO Gate
    VAIO Gate Default
    VAIO Hardware Diagnostics
    VAIO Manual
    VAIO Media plus
    VAIO Media plus Opening Movie
    VAIO Movie Story Template Data
    VAIO Quick Web Access
    VAIO Sample Contents
    VAIO Smart Network
    VAIO Transfer Support
    VAIO Update
    VLC media player 1.1.8
    Webroot Software Installer
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinZip Courier
    WinZipBar Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    27-04-2012 15:24:41, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    27-04-2012 15:24:41, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    27-04-2012 15:24:41, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    27-04-2012 12:20:38, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    21-04-2012 10:12:17, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I'll be glad to help with the malware.

    Please give me a few minutes to look over these logs. In the meantime, you can go ahead and run the following:

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =========================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ============================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Just a note to let you know that I have the WinZip Toolbar and Conduit Engine ready to remove. We will run that through Combofix when you have run the scan and given me the log.

    Here are 2 important tips for you:
    1. Always check a download screen for any pre-checked items. This is frequently the source of extra BHO and TB.
    2. When installing a program, always choose 'Custom' install' over 'Standard' if it's available. This will allow you NOT to include bundles software. You may not always get the choice, but if you do, take it.
     
  4. Laina emmanuel

    Laina emmanuel TS Rookie Topic Starter Posts: 41

    Hi Bobbye,

    Thank you for the help! Appreciate it.
    I have been trying to install Eset and everytime it stalls with the message Unexpected error 2002. Could you tell me what to do next?

    Best
    Laina
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Remove whatever Eset you downloaded first.

    If you're using Internet Explorer, begin with #1, then continue with #4.

    If you're using Chrome, start with #1-then do #3. Continue with #4.

    If it still won't run, use Internet Explorer.

    Please go ahead with Combofix.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I have noted each of your 2 Active threads: [Home PC] and [Office PC] to help clarify you are working on 2 different systems.

    Do you plan to go ahead with this thread? There are numerous entries that need to be removed. I can do that with script after you have run Combofix.
     
  7. Laina emmanuel

    Laina emmanuel TS Rookie Topic Starter Posts: 41

    Hi Bobbye,

    Yes I do indeed intend to work on this.
    I ran ESET today. It gave me no errors. As for the combofix, I have pasted below the logs. Apologies for the delay

    ComboFix 12-04-28.01 - Laina 02-05-2012 23:20:03.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3950.2105 [GMT 5.5:30]
    Running from: c:\users\Laina\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\Mpeg2Data.ax
    c:\windows\SysWow64\MSDvbNP.ax
    c:\windows\SysWow64\MSNP.ax
    c:\windows\SysWow64\psisrndr.ax
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-02 17:55 . 2012-05-02 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-01 17:20 . 2012-05-02 17:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7245536-F8A4-401F-8022-FA31456D5583}\offreg.dll
    2012-05-01 17:18 . 2012-04-17 21:33 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7245536-F8A4-401F-8022-FA31456D5583}\mpengine.dll
    2012-04-29 21:50 . 2012-03-06 06:43 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-29 21:50 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-04-29 21:50 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-04-29 21:38 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-29 21:38 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-29 21:38 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-29 21:38 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-29 21:38 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-04-29 21:38 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2012-04-29 21:38 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-04-28 21:45 . 2011-06-15 09:58 106496 ----a-w- c:\windows\system32\odbccu32.dll
    2012-04-28 21:45 . 2011-06-15 09:58 212992 ----a-w- c:\windows\system32\odbctrac.dll
    2012-04-28 21:45 . 2011-06-15 09:58 163840 ----a-w- c:\windows\system32\odbccp32.dll
    2012-04-28 21:45 . 2011-06-15 09:58 106496 ----a-w- c:\windows\system32\odbccr32.dll
    2012-04-28 21:45 . 2011-06-15 09:58 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
    2012-04-28 21:45 . 2011-06-15 09:04 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
    2012-04-28 21:45 . 2011-06-15 09:04 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
    2012-04-28 21:45 . 2011-06-15 09:04 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
    2012-04-28 21:45 . 2011-06-15 09:04 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
    2012-04-28 21:45 . 2011-06-15 09:04 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
    2012-04-28 21:45 . 2011-06-15 09:04 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
    2012-04-28 21:38 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
    2012-04-28 21:38 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
    2012-04-28 21:32 . 2011-12-28 03:59 499200 ----a-w- c:\windows\system32\drivers\afd.sys
    2012-04-28 15:43 . 2012-02-03 04:16 3143168 ----a-w- c:\windows\system32\win32k.sys
    2012-04-28 15:43 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2012-04-28 15:43 . 2012-02-10 06:17 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
    2012-04-28 15:43 . 2012-02-10 05:41 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2012-04-28 15:43 . 2012-02-10 06:18 1541120 ----a-w- c:\windows\system32\DWrite.dll
    2012-04-28 15:43 . 2012-02-10 06:17 902656 ----a-w- c:\windows\system32\d2d1.dll
    2012-04-28 15:43 . 2012-02-10 05:41 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2012-04-28 15:43 . 2012-02-10 06:17 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
    2012-04-28 15:43 . 2012-02-10 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2012-04-28 15:43 . 2012-02-10 05:41 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-04-28 15:43 . 2012-02-10 05:41 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2012-04-28 15:43 . 2012-02-10 05:41 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2012-04-28 15:42 . 2011-09-29 16:24 1897328 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-04-28 15:32 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2012-04-28 15:32 . 2011-08-17 05:27 288256 ----a-w- c:\windows\system32\MSNP.ax
    2012-04-28 15:32 . 2011-08-17 05:27 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2012-04-28 15:32 . 2011-08-17 04:26 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2012-04-28 15:32 . 2011-08-17 05:27 104960 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2012-04-28 15:32 . 2011-08-17 05:27 75776 ----a-w- c:\windows\system32\MSDvbNP.ax
    2012-04-28 15:31 . 2011-08-15 05:08 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2012-04-28 15:31 . 2011-08-15 04:25 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
    2012-04-28 15:07 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
    2012-04-28 15:07 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
    2012-04-28 15:07 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
    2012-04-28 15:07 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
    2012-04-28 15:07 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2012-04-28 15:07 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2012-04-28 15:07 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
    2012-04-28 15:07 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2012-04-28 15:07 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-04-28 15:07 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2012-04-28 14:55 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
    2012-04-28 14:55 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-04-28 14:51 . 2012-02-23 04:48 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-04-28 14:46 . 2012-04-28 14:46 -------- d-----w- c:\program files (x86)\ESET
    2012-04-28 14:34 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
    2012-04-28 14:34 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2012-04-28 14:34 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll
    2012-04-28 14:34 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
    2012-04-28 14:34 . 2012-02-15 04:47 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-04-28 14:34 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
    2012-04-28 14:34 . 2012-01-25 06:27 76288 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-04-28 14:34 . 2012-01-25 06:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-04-28 14:34 . 2012-01-25 06:20 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-04-26 07:24 . 2012-04-26 07:24 -------- d-----w- c:\users\Laina\AppData\Local\WinZip
    2012-04-26 06:39 . 2012-04-26 06:39 -------- d-----w- c:\program files (x86)\WinZip Courier
    2012-04-26 06:39 . 2012-04-26 06:39 -------- d-----w- c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP
    2012-04-26 06:38 . 2012-04-26 06:38 -------- d-----w- c:\program files (x86)\Conduit
    2012-04-26 06:38 . 2012-04-26 06:38 -------- d-----w- c:\users\Laina\AppData\Local\Conduit
    2012-04-26 06:37 . 2012-04-26 06:38 -------- d-----w- c:\program files (x86)\WinZipBar
    2012-04-26 06:36 . 2012-04-26 06:36 -------- d-----w- c:\programdata\WinZip
    2012-04-26 03:40 . 2012-03-07 00:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-04 10:26 . 2011-07-24 11:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-07 00:15 . 2011-07-28 08:13 41184 ----a-w- c:\windows\avastSS.scr
    2012-03-07 00:15 . 2011-07-28 08:13 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2012-03-07 00:15 . 2011-07-24 09:25 258520 ----a-w- c:\windows\system32\aswBoot.exe
    2012-03-07 00:04 . 2011-07-28 08:14 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-03-07 00:04 . 2011-07-28 08:14 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2012-03-07 00:01 . 2011-07-28 08:14 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2012-03-07 00:01 . 2011-07-28 08:14 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-07 00:01 . 2011-07-28 08:14 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    .
     
  8. Laina emmanuel

    Laina emmanuel TS Rookie Topic Starter Posts: 41

    ((((((((((((((((((((((((((((( SnapShot@2012-04-28_14.05.37 )))))))))))))))))))))))))))))))))))))))))
    Edit: Total of 6 full posts of Multiple SnapShot entries reviewed and removed by Bobbye. 5 of the posts have been deleted.
     
  9. Laina emmanuel

    Laina emmanuel TS Rookie Topic Starter Posts: 41

    + 2012-04-29 22:38 . 2012-04-29 22:38 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8faae16c7c6fb3be53270b0879bcd444\System.Design.ni.dll
    + 2012-04-29 22:27 . 2012-04-29 22:27 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\067813cb31e755868704728b65fa534d\System.Design.ni.dll
    - 2011-07-24 22:21 . 2011-07-24 22:21 10578432 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\067813cb31e755868704728b65fa534d\System.Design.ni.dll
    + 2012-04-29 22:37 . 2012-04-29 22:37 14322688 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ce2694c7fc535229857eb49c1aab0ab3\PresentationFramework.ni.dll
    - 2011-07-24 22:21 . 2011-07-24 22:21 14322688 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\118b9815bb56f8abb7005b4789398749\PresentationFramework.ni.dll
    + 2012-04-29 22:28 . 2012-04-29 22:28 14322688 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\118b9815bb56f8abb7005b4789398749\PresentationFramework.ni.dll
    + 2012-04-29 22:37 . 2012-04-29 22:37 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e90b68d2cdbe9cccc58e96422c9cb614\PresentationCore.ni.dll
    - 2011-07-24 22:20 . 2011-07-24 22:20 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\71c72471fecdfbf89838f9a30130b774\PresentationCore.ni.dll
    + 2012-04-29 22:27 . 2012-04-29 22:27 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\71c72471fecdfbf89838f9a30130b774\PresentationCore.ni.dll
    - 2011-07-24 22:20 . 2011-07-24 22:20 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\4bb86b63144619ce968a81b49d4af178\mscorlib.ni.dll
    + 2012-04-29 22:26 . 2012-04-29 22:26 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\4bb86b63144619ce968a81b49d4af178\mscorlib.ni.dll
    + 2012-04-29 22:36 . 2012-04-29 22:36 11490304 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1ec9ca97505278a1f18ce928f0ab6d7f\mscorlib.ni.dll
    + 2011-04-07 03:12 . 2011-04-07 03:12 194340864 c:\windows\Installer\6c0df2b.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\WinZipBar\prxtbWinZ.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"= "c:\program files (x86)\WinZipBar\prxtbWinZ.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-09 98304]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
    "SpySweeperRegister"="c:\program files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe" [2009-10-23 2522992]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    .
    c:\users\Laina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Laina\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200439]
    Ime File REG_SZ GOOGLEINPUT_HI.IME
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176]
    R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
    S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
    S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
    S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-09 836608]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 07:45]
    .
    2012-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 07:45]
    .
    2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4209082703-1912581465-3447260716-1000Core.job
    - c:\users\Laina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-24 09:00]
    .
    2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4209082703-1912581465-3447260716-1000UA.job
    - c:\users\Laina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-24 09:00]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 202.56.215.54 202.56.215.55
    TCP: Interfaces\{7CA2AF07-39C3-4B4B-89C4-D1BB3B5C7098}: NameServer = 202.56.230.5,202.56.230.6
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{50FAFAF0-70A9-419D-A109-FA4B4FFD4E37} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-05-02 23:27:37
    ComboFix-quarantined-files.txt 2012-05-02 17:57
    ComboFix2.txt 2012-04-28 14:09
    .
    Pre-Run: 200,917,495,808 bytes free
    Post-Run: 200,712,777,728 bytes free
    .
    - - End Of File - - 1332BB60D5D5E9B875B9C9351B5759DB
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm finishing up some script for you to run through Combofix to remove some processes, but I thought I'd mention this since the problem began with Win Zip:

    First, downloading that program has added multiple extra entries to the system. In addition to the program itself, it sprinkled the WinZipBar all over the place> Search, TB, BHO and I haven even gotten to registry entries yet! This is most likely a 'conduit' toolbar which explains that entry.

    Are you aware that Windows 7 has a "compression tool/extractor/'zipper" built in to the OS like Win XP does. So you really don't need a third party program for this feature. Take a look here:
    File and Folder Compression in Windows 7

    There are screen shots as well as directions. If you're comfortable with this, I'll have you uninstall WinZip and we'll remove all the junk it came bundled with.

    Let me know and I'll finish the script and have you run it.
    ========================================
    Edit: FYI: There are 20 entries for WinZip, I for Conduit. These do not include the actual program download itself as in Program Files WinZip!

    Will you please disable SpySweeper while we're cleaning. I can't tell which version you have but you can find instructions to disable v4 and v5 HERE. This is in alpha order, so scroll down to the S.
     
  11. Laina emmanuel

    Laina emmanuel TS Rookie Topic Starter Posts: 41

    Hi Bobbye,

    I wasn't aware of File and Folder compression in Windows 7. It comes as a news to me, and I am entirely comfortable using that instead of Winzip.
    I will disable SpySweeper (though I wasn't aware that I had downloaded it)

    One point Bobbye - I am in a remote village in India for the next 10 days till the 21st of May, where I have access to internet only on the desktop. Would I be able to run your scripts by downloading them on the desktop and then transferring them to my laptop using a USB drive? Or would running your scripts require internet on my laptop? If it is the latter, can I get till the 21st to reply to this thread?

    Best
    Laina
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    As long as you can set up the scripts in the code box and get CF Fix over to the laptop with the flsh drive, I think you can run it okay.

    This must be what was use to install Spysweeper Webroot Software Installer and the following re loading:

    It looks like the Trial version was downloaded in 2009, with reminder to register, but either the full programs wasn't purchased and the trial expired but left these running. You can check in Programs and remove it if there.

    No problem keeping open when I know ahead. Do whatever works out the best for you.

    Member request that thread be kept open until around May 21. Don't close.
     
  13. Laina emmanuel

    Laina emmanuel TS Rookie Topic Starter Posts: 41

    Hi Bobbye,

    Thanks for making the exception.
    I have uninstalled Spysweeper and 3 entries associated with WinZip.
    Is there any log I need to send to you to show that the above are uninstalled?

    Best
    Laina
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I have some script setup for you to run through Combofix when you return.

    I'll remove any left-over entries from WinZip at that time.

    No log due now.
     
  15. Laina emmanuel

    Laina emmanuel TS Rookie Topic Starter Posts: 41

    Thanks Bobbye.


     
  16. Laina emmanuel

    Laina emmanuel TS Rookie Topic Starter Posts: 41

    Hi Bobbye,

    I am back to civilization, and so would be able to run any scripts on my laptop. So please do send the scripts you were talking about.
    Looking forward to it!

    Best
    Laina
     
  17. Laina emmanuel

    Laina emmanuel TS Rookie Topic Starter Posts: 41

    Hi Bobbye,
    I am wondering how to handle this one. Sorry for not replying earlier, I could not have as the internet was a wired one in the village, and I was not allowed to connect it to my laptop.
    Would you be able to send me the script to clean up the computer? Or should I start a new thread?

    Best
    Laina
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Go ahead and run this and it will generate a new log for me to check:

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    
    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
    uURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    mURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    BHO: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    TB: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    mRun: [SpySweeperRegister] C:\Program Files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    BHO-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    BHO-X64: WinZipBar - No File
    TB-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    mRun-x64: [SpySweeperRegister] C:\Program Files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe
    Folder::
    c:\users\Laina\AppData\Local\WinZip
    c:\program files (x86)\WinZip Courier
    c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP
    c:\program files (x86)\Conduit
    c:\users\Laina\AppData\Local\Conduit
    c:\program files (x86)\WinZipBar
    c:\programdata\WinZip
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"=- 
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"=-
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    RegLockDel::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
     
  19. Laina emmanuel

    Laina emmanuel TS Rookie Topic Starter Posts: 41

    Thank you Bobbye,
    Please find pasted below the log from the ComboFix run.

    File::

    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
    uURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    mURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    BHO: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    TB: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    mRun: [SpySweeperRegister] C:\Program Files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    BHO-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    BHO-X64: WinZipBar - No File
    TB-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    mRun-x64: [SpySweeperRegister] C:\Program Files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe
    Folder::
    c:\users\Laina\AppData\Local\WinZip
    c:\program files (x86)\WinZip Courier
    c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP
    c:\program files (x86)\Conduit
    c:\users\Laina\AppData\Local\Conduit
    c:\program files (x86)\WinZipBar
    c:\programdata\WinZip
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"=-
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"=-
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    RegLockDel::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

    Clearjavacache::
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Oh my! You left the script I gave you to run through Combofix instead of the new Combofix log generated after you run the script!

    What you were suppose to do:

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    Folder::
    c:\users\Laina\AppData\Local\WinZip
    c:\program files (x86)\WinZip Courier
    c:\windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP
    c:\program files (x86)\Conduit
    c:\users\Laina\AppData\Local\Conduit
    c:\program files (x86)\WinZipBar
    c:\programdata\WinZip
    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3106777
    uURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    mURLSearchHooks: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    BHO: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    TB: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    mRun: [SpySweeperRegister] C:\Program Files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    BHO-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    BHO-X64: WinZipBar - No File
    TB-X64: WinZipBar Toolbar: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37} - C:\Program Files (x86)\WinZipBar\prxtbWinZ.dll
    mRun-x64: [SpySweeperRegister] C:\Program Files (x86)\Webroot\Spy Sweeper\uninst\RegisterSpySweeper.exe
    
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"=- 
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}"=-
    [HKEY_CLASSES_ROOT\clsid\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}]
    
    RegLockDel::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
     
  21. Laina emmanuel

    Laina emmanuel TS Rookie Topic Starter Posts: 41

    Sorry! I didn't realize I had done that. All logs looked the same to me! :)
    Here's the log from the run.

    ComboFix 12-05-29.01 - Laina 30-05-2012 7:46.4.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.91.1033.18.3950.2551 [GMT 5.5:30]
    Running from: c:\users\Laina\Desktop\ComboFix.exe
    Command switches used :: c:\users\Laina\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-30 02:57 . 2012-05-30 02:57--------d-----w-c:\users\Public\AppData\Local\temp
    2012-05-30 02:57 . 2012-05-30 02:57--------d-----w-c:\users\Default\AppData\Local\temp
    2012-05-29 17:41 . 2012-05-08 17:028955792----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{909F4627-F13A-4F77-BCBC-0BD6002398BC}\mpengine.dll
    2012-05-22 18:42 . 2012-03-03 06:291837568----a-w-c:\windows\system32\d3d10warp.dll
    2012-05-22 18:42 . 2012-03-03 05:401170944----a-w-c:\windows\SysWow64\d3d10warp.dll
    2012-05-22 18:42 . 2012-03-03 06:29902656----a-w-c:\windows\system32\d2d1.dll
    2012-05-22 18:42 . 2012-03-03 05:40739840----a-w-c:\windows\SysWow64\d2d1.dll
    2012-05-22 18:42 . 2012-03-03 06:291541120----a-w-c:\windows\system32\DWrite.dll
    2012-05-22 18:42 . 2012-03-03 06:29320512----a-w-c:\windows\system32\d3d10_1core.dll
    2012-05-22 18:42 . 2012-03-03 05:401074176----a-w-c:\windows\SysWow64\DWrite.dll
    2012-05-22 18:42 . 2012-03-03 06:29197120----a-w-c:\windows\system32\d3d10_1.dll
    2012-05-22 18:42 . 2012-03-03 05:40218624----a-w-c:\windows\SysWow64\d3d10_1core.dll
    2012-05-22 18:42 . 2012-03-03 05:40161792----a-w-c:\windows\SysWow64\d3d10_1.dll
    2012-05-22 18:40 . 2012-04-02 05:345504880----a-w-c:\windows\system32\ntoskrnl.exe
    2012-05-22 18:39 . 2012-04-02 04:463902320----a-w-c:\windows\SysWow64\ntoskrnl.exe
    2012-05-22 18:39 . 2012-04-02 04:463958128----a-w-c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-22 18:39 . 2012-04-02 03:013143680----a-w-c:\windows\system32\win32k.sys
    2012-05-22 18:38 . 2012-03-17 07:5575632----a-w-c:\windows\system32\drivers\partmgr.sys
    2012-05-22 18:38 . 2012-03-30 11:091895280----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-05-22 18:37 . 2012-04-02 05:261732096----a-w-c:\program files\Windows Journal\NBDoc.DLL
    2012-05-22 18:37 . 2012-04-02 05:241367552----a-w-c:\program files\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-22 18:37 . 2012-04-02 04:40936960----a-w-c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
    2012-05-22 18:37 . 2012-04-02 05:241393664----a-w-c:\program files\Windows Journal\JNTFiltr.dll
    2012-05-22 18:37 . 2012-04-02 05:241402880----a-w-c:\program files\Windows Journal\JNWDRV.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-04 10:26 . 2011-07-24 11:2424904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-03-07 00:15 . 2011-07-28 08:1341184----a-w-c:\windows\avastSS.scr
    2012-03-07 00:15 . 2011-07-28 08:13201352----a-w-c:\windows\SysWow64\aswBoot.exe
    2012-03-07 00:15 . 2011-07-24 09:25258520----a-w-c:\windows\system32\aswBoot.exe
    2012-03-07 00:04 . 2011-07-28 08:14819032----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-03-07 00:04 . 2011-07-28 08:14337240----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-03-07 00:02 . 2012-04-26 03:4053080----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-03-07 00:01 . 2011-07-28 08:1459224----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-03-07 00:01 . 2011-07-28 08:1469976----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-03-07 00:01 . 2011-07-28 08:1424408----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-03-01 06:54 . 2012-04-29 21:3822896----a-w-c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 06:45 . 2012-04-29 21:38220672----a-w-c:\windows\system32\wintrust.dll
    2012-03-01 06:40 . 2012-04-29 21:3880896----a-w-c:\windows\system32\imagehlp.dll
    2012-03-01 06:35 . 2012-04-29 21:385120----a-w-c:\windows\system32\wmi.dll
    2012-03-01 05:49 . 2012-04-29 21:38172544----a-w-c:\windows\SysWow64\wintrust.dll
    2012-03-01 05:45 . 2012-04-29 21:38158720----a-w-c:\windows\SysWow64\imagehlp.dll
    2012-03-01 05:40 . 2012-04-29 21:385120----a-w-c:\windows\SysWow64\wmi.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2012-05-27_04.50.01 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2009-07-14 04:54 . 2012-05-30 02:0349152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-05-27 04:2249152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2012-05-27 04:2232768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-30 02:0332768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2012-05-27 04:2216384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2012-05-30 02:0316384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2012-05-29 19:2982368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    - 2011-07-23 13:12 . 2012-05-27 04:2416384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2011-07-23 13:12 . 2012-05-30 02:0416384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2011-07-23 13:12 . 2012-05-27 04:2416384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-07-23 13:12 . 2012-05-30 02:0416384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-07-24 08:27 . 2012-05-30 02:02270946 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
    + 2011-07-24 11:03 . 2012-05-29 20:44281862 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2012-05-15 22:51 . 2012-05-15 22:518074240 c:\windows\Installer\bfa4d98.msi
    - 2009-07-14 02:34 . 2012-05-27 04:4210223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2009-07-14 02:34 . 2012-05-30 02:0610223616 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2012-05-30 02:15 . 2012-05-30 02:1510125312 c:\windows\ERDNT\Hiv-backup\schema.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1294208----a-w-c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
    "Elbserver"="c:\program files (x86)\Sony\Media Gallery\ElbServer.exe" [2010-06-22 81264]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-09 98304]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "SHTtray.exe"="c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe" [2010-06-21 99696]
    .
    c:\users\Laina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Laina\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-9 1128224]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200439]
    Ime FileREG_SZ GOOGLEINPUT_HI.IME
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 136176]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
    R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
    S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
    S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
    S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
    S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
    S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
    S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
    S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-09 836608]
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
    S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
    S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 07:45]
    .
    2012-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-24 07:45]
    .
    2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4209082703-1912581465-3447260716-1000Core.job
    - c:\users\Laina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-24 09:00]
    .
    2012-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4209082703-1912581465-3447260716-1000UA.job
    - c:\users\Laina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-24 09:00]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-07 00:15135408----a-w-c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:1297792----a-w-c:\users\Laina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 202.56.215.54 202.56.215.55
    TCP: Interfaces\{7CA2AF07-39C3-4B4B-89C4-D1BB3B5C7098}: NameServer = 202.56.230.5,202.56.230.6
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-05-30 08:47:14
    ComboFix-quarantined-files.txt 2012-05-30 03:17
    ComboFix2.txt 2012-05-27 05:08
    ComboFix3.txt 2012-05-02 17:57
    ComboFix4.txt 2012-04-28 14:09
    .
    Pre-Run: 204,329,754,624 bytes free
    Post-Run: 204,276,535,296 bytes free
    .
    - - End Of File - - 825AE041117CB388EDEBE9C040F3FCAA
     
  22. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, Combofix looks good! Are you having any more problems now that we got all the WinZip entries out?
     
  23. Laina emmanuel

    Laina emmanuel TS Rookie Topic Starter Posts: 41

    Hi,
    Well, it seems to be faster for sure, but there are still a few problems.

    My default search engine is still search.conduit on Google Chrome. This had happened right after I installed the winzip.
    Also, I am not sure this is related. But the laptop's internal webcam also does not seem to be working alright. When I run the internal program called "Web Cam Companion 3", I am able to capture video. However, when I use something like Skype, it says webcam not available. This also seems to have happened right after I installed winzip.

    Looking forward to your reply.

    Laina
     
  24. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I saved this for Chrome users. Follow it and let me know if it handles this problem:

    Managing Homepage and Search Engines in Google Chrome:
    Using the screen shot below, follow the directions for each setting:
    [​IMG]

    To reset Homepage in Chrome:
    Open Google Chrome> click on the Wrench icon> select Options[/b> .Click the Basics tab.
    • For Blank Homepage:
      [o]Select "Open the following pages" option in On startup section
      [o]Type about:blank in Add a new page> Enter
    • To change site URL:
      [o] Navigate to the site you want for your homepage
      [o] Check Use current page in the On Startup section
      OR
      [o] Type the website URL in the text box for Add a new page> Enter.

    To Manage the Search Engines in Chrome
    Open Google Chrome> click on the Wrench icon> select Options> .Click the Basics tab> Manage search engines[/b] in "Search" section.
    • To Remove a search engine: Select the search engine from the list and click the x at end of row.
    • To Add a search engine: Scroll to the bottom of dialog> fill out following fields:
      [o] [/b]Add[/b] a new search engine: Enter a nickname for the search engine.
      [o] Keyword: Enter thetext shortcut (aka 'Keyword') you want to use for the search engine. Use the keyword to do keyword searches.
      [o] URL: Enter web address for the search engine> to find this URL
      [1]. Go to the search engine you want to add.
      [2]. Do a search.
      [3]. Copy and paste the web address of the search results page into the URL field.
      [4]. Make sure you include %s in the URL.
      Example: http://www.google.com/search?q=%
     
  25. Laina emmanuel

    Laina emmanuel TS Rookie Topic Starter Posts: 41

    Hi Bobbye,

    I followed the above steps and now I don't have any more problems with Conduit.
    The camera problem still stays, but maybe that's unrelated. So I will look into that separately.

    Thanks a ton for all your help!
    Best
    Laina
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...