Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Crash at Startup periodically


  • This topic is locked This topic is locked
5 replies to this topic

#1 neospezi

neospezi

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 29 April 2012 - 10:54 AM

My computer keep crashing at startup periodically and enters into the 'blue screen'. Internet connection speed is also slow which i suspect might be some adware or virus infecting it. below is the log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:34 PM, on 4/29/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19190)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGBC.EXE
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGBC.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Funshion Online\Funshion\FunshionService.exe
C:\Program Files\Garena Plus\GarenaMessenger.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=5a929249-1919-11e1-8c5b-0019c19c1a06
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=208ef5260000000000000019c19c1a06&tlver=1.4.19.19&affID=17159
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.singnet.com.sg:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: BOC ProcessProtect Class - {776B71E2-B4CC-4C94-BC7C-09103AA690B6} - C:\Windows\system32\ProcessProtection.dll
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TMIEGBHO - {F1AD4A42-BA52-47BC-89DF-3F68F24C017F} - C:\Program Files\Trend Micro\Browser Guard\TMAMS.dll
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll
O3 - Toolbar: TMBGBAR TOOLBAR - {C8137A8D-415D-450C-A1B1-D0C519D45296} - C:\Program Files\Trend Micro\Browser Guard\tmieg.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [DRCU] "C:\Program Files\Sony\DRCU\DRCU.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Trend Micro Browser Guard] "C:\Program Files\Trend Micro\Browser Guard\BGUI.EXE"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [kwmusic] "C:\Program Files\KWMUSIC\Kwmusic.exe" /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe
O4 - HKCU\..\Run: [Funshion] C:\Program Files\Funshion Online\Funshion\Funshion.exe startbywindows tray
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EPSON5CED8F (Epson ME OFFICE 960FWD)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBC.EXE /FU "C:\Users\user\AppData\Local\Temp\E_S98A6.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Epson ME OFFICE 960FWD(Network)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGBC.EXE /FU "C:\Users\user\AppData\Local\Temp\E_S8D7F.tmp" /EF "HKCU"
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.alipay.com
O15 - Trusted Zone: http://*.alisoft.com
O15 - Trusted Zone: http://*.bankofchina.com
O15 - Trusted Zone: http://*.boc.cn
O15 - Trusted Zone: *.https%20
O15 - Trusted Zone: http://*.pps.tv
O15 - Trusted Zone: http://*.ppstream.com
O15 - Trusted Zone: http://*.taobao.com
O15 - Trusted Zone: http://bbcerium.unisim.edu.sg
O15 - Trusted Zone: http://*.webscache.com
O15 - ESC Trusted Zone: http://*.pps.tv
O15 - ESC Trusted Zone: http://*.ppstream.com
O15 - ESC Trusted Zone: http://*.webscache.com
O16 - DPF: {060CA154-DF25-4F03-98AA-FBCDE9D27382} (TDRDV Class) - https://b2c.icbc.com.cn/icbc/ICBC_TDRDV.cab
O16 - DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} (InfoSecICBCNetSign Class) - https://b2c.icbc.com.cn/icbc/ICBC_NetSign.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Connectify - Unknown owner - C:\Program Files\Connectify\ConnectifyService.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: OnKey Service _ICBC - Tendyron Corporation - C:\Windows\system32\D4Ser_ICBC.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 14076 bytes

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:27 PM

Posted 03 May 2012 - 10:02 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Hello, Welcome to SpywareInfoForum
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Disable Microsoft Windows Defender:

We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.


Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=5a929249-1919-11e1-8c5b-0019c19c1a06
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=208ef5260000000000000019c19c1a06&tlver=1.4.19.19&affID=17159
O2 - BHO: IE5BarLauncherBHO Class - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O3 - Toolbar: VShareToolBar - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files\vShare.tv plugin\BarLcher.dll
O4 - HKCU\..\Run: [Funshion] C:\Program Files\Funshion Online\Funshion\Funshion.exe startbywindows tray


Click on Fix Checked when finished and exit HijackThis.

Delete this folder in bold.
C:\Program Files\vShare.tv plugin\

Restart the computer normally.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.

If needed.
The scan will also create this Attach.txt log I would also like to see the content.
Please post it in a other post for my review, do not attach the file.
===

Third party programs if not up to date can be an open door for an infection

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know what problem persists.

#3 neospezi

neospezi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 07 May 2012 - 08:00 AM

Here is the DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_31
Run by user at 20:56:03 on 2012-05-07
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.686 [GMT 8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Connectify\ConnectifyService.exe
C:\Program Files\Connectify\ConnectifyD.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Windows\system32\D4Ser_ICBC.exe
C:\Windows\system32\D4MON_ICBC.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://startsear.ch/?aff=1&cf=5a929249-1919-11e1-8c5b-0019c19c1a06
mDefault_Page_URL = hxxp://www.msn.com
uInternet Settings,ProxyServer = proxy.singnet.com.sg:8080
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=208ef5260000000000000019c19c1a06&tlver=1.4.19.19&affID=17159
mURLSearchHooks: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMess.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: BOC ProcessProtect Class: {776b71e2-b4cc-4c94-bc7c-09103aa690b6} - c:\windows\system32\ProcessProtection.dll
BHO: IE5BarLauncherBHO Class: {78f3a323-798e-4aea-9a57-88f4b05fd5dd} - c:\program files\vshare.tv plugin\BarLcher.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMess.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TMIEGBHO Class: {f1ad4a42-ba52-47bc-89df-3f68f24c017f} - c:\program files\trend micro\browser guard\TMAMS.dll
TB: Messenger Plus Live Toolbar: {9b339f6e-ddcd-401b-8764-230adbd01761} - c:\program files\messenger_plus_live\tbMess.dll
TB: TMBGBAR TOOLBAR: {c8137a8d-415d-450c-a1b1-d0c519d45296} - c:\program files\trend micro\browser guard\tmieg.dll
TB: VShareToolBar: {7ac3e13b-3bca-4158-b330-f66dbb03c1b5} - c:\program files\vshare.tv plugin\BarLcher.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [DRCU] "c:\program files\sony\drcu\DRCU.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: alipay.com
Trusted Zone: alisoft.com
Trusted Zone: bankofchina.com
Trusted Zone: boc.cn
Trusted Zone: https%20
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: taobao.com
Trusted Zone: unisim.edu.sg\bbcerium
Trusted Zone: webscache.com
DPF: {060CA154-DF25-4F03-98AA-FBCDE9D27382} - hxxps://b2c.icbc.com.cn/icbc/ICBC_TDRDV.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {B1FBC1AD-5644-4084-882A-0F8BA85E7506} - hxxps://b2c.icbc.com.cn/icbc/ICBC_NetSign.dll
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E13823F9-E22C-4C31-8E53-8197C7AA0E0F} : DhcpNameServer = 192.168.1.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: VESWinlogon - VESWinlogon.dll
LSA: Notification Packages = scecli psqlpwd c:\windows\system32\gowevoni.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\pwnl3amb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=1&src=sp&cf=5a929249-1919-11e1-8c5b-0019c19c1a06&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\pwnl3amb.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\pwnl3amb.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\pwnl3amb.default\extensions\ffxtlbr@babylon.com\components\FFHst.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 1\plugins\npaliedit.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 1\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 1\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\mozilla firefox 3 beta 1\plugins\npww.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\user\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\user\appdata\roaming\mozilla\firefox\profiles\pwnl3amb.default\extensions\{4d144bc3-23fb-47de-90c5-63ccb0139ccf}\plugins\npww.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2006-12-23 12416]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-10-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
R1 Protector;Protector;c:\windows\system32\drivers\Protector.sys [2010-5-27 34184]
R1 ProtectorA;ProtectorA;c:\windows\system32\drivers\ProtectorA.sys [2010-5-27 15240]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
R2 CMB8100;CMB8100;c:\windows\system32\drivers\CertClient.dat [2010-4-17 11808]
R2 CMBProtector;CMBProtector;c:\windows\system32\drivers\CMBProtector.dat [2010-4-17 10272]
R2 Connectify;Connectify;c:\program files\connectify\ConnectifyService.exe [2011-12-2 69632]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2010-12-24 84720]
R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 OnKey Service _ICBC;OnKey Service _ICBC;c:\windows\system32\D4Ser_ICBC.exe [2010-8-4 58672]
R3 Alidevice;Alidevice;c:\windows\system32\drivers\alidevice.sys [2010-7-1 6656]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-10-4 16720]
R3 cnnctfy2MP;cnnctfy2MP;c:\windows\system32\drivers\cnnctfy2.sys [2011-12-13 31344]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-11-18 4247552]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2006-12-23 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2006-12-23 43904]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [2006-12-23 30976]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [2006-12-23 33792]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-12-23 227328]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-9-11 16896]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-24 19968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RUBotSrv;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\RUBotSrv.exe [2011-10-14 439632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 257696]
S3 cnnctfy2;Connectify Service;c:\windows\system32\drivers\cnnctfy2.sys [2011-12-13 31344]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 129976]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-10-16 741376]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-10-16 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-10-16 1089536]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-02 08:08:33 -------- d-----w- c:\users\user\appdata\roaming\TuneUp Software
2012-05-02 08:07:35 -------- d-----w- c:\programdata\TuneUp Software
2012-05-02 08:07:18 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-04-25 21:11:09 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-20 07:57:26 77824 ----a-w- c:\windows\system32\EBAPI.dll
2012-04-20 07:57:26 65536 ----a-w- c:\windows\system32\EEBUtil.dll
2012-04-20 07:57:26 55808 ----a-w- c:\windows\system32\EEBSDKIF.dll
2012-04-20 07:57:26 135168 ----a-w- c:\windows\system32\EEBAPI.dll
2012-04-20 07:57:26 110592 ----a-w- c:\windows\system32\EEBDSCVR.dll
2012-04-20 07:41:50 -------- d-----w- c:\programdata\UDL
2012-04-20 07:37:01 -------- d-----w- c:\users\user\appdata\local\ABBYY
2012-04-20 07:25:43 -------- d-----w- c:\program files\ABBYY FineReader 9.0 Sprint
2012-04-20 07:25:40 -------- d-----w- c:\programdata\ABBYY
2012-04-20 07:25:39 -------- d-----w- c:\program files\common files\ABBYY
2012-04-20 07:21:08 -------- d-----w- c:\program files\Epson Software
2012-04-20 07:20:53 475410 ----a-w- c:\windows\system32\ensppmon.dll
2012-04-20 07:20:53 475410 ----a-w- c:\windows\system32\enppmon.dll
2012-04-20 07:20:53 458129 ----a-w- c:\windows\system32\ensppui.dll
2012-04-20 07:20:53 458129 ----a-w- c:\windows\system32\enppui.dll
2012-04-20 07:20:53 249344 ----a-w- c:\windows\system32\enspres.dll
2012-04-20 07:20:53 249344 ----a-w- c:\windows\system32\enpres.dll
2012-04-20 07:19:46 -------- d-----w- c:\program files\EpsonNet
2012-04-20 07:18:17 -------- d-----w- c:\program files\common files\EPSON
2012-04-20 07:16:41 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2012-04-20 07:16:38 93696 ----a-w- c:\windows\system32\E_FLBGBC.DLL
2012-04-20 07:16:37 63488 ----a-w- c:\windows\system32\E_FD4BGBC.DLL
2012-04-20 07:16:23 -------- d-----w- c:\programdata\EPSON
2012-04-20 07:15:40 15872 ----a-w- c:\windows\system32\escdev.dll
2012-04-20 07:15:40 128392 ----a-w- c:\windows\system32\esdevapp.exe
2012-04-20 07:15:38 341504 ----a-w- c:\windows\system32\esw2ud.dll
2012-04-20 07:15:01 -------- d-----w- c:\program files\epson
2012-04-19 07:22:59 -------- d-----w- c:\programdata\Systweak
2012-04-19 07:22:56 -------- d-----w- c:\users\user\appdata\roaming\Systweak
.
==================== Find3M ====================
.
2012-05-06 01:28:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 01:28:16 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-15 12:27:25 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-15 03:01:50 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-15 03:01:50 43520 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
============= FINISH: 20:57:41.17 ===============

Below is the attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Business
Boot Device: \Device\HarddiskVolume2
Install Date: 11/26/2007 10:22:28 AM
System Uptime: 5/7/2012 8:45:48 PM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 CPU T7200 @ 2.00GHz | N/A | 2000/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 143 GiB total, 3.951 GiB free.
D: is Removable
E: is CDROM (UDF)
G: is Removable
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Sony Visual Communication Camera VGP-VCC5
Device ID: ROOT\IMAGE\0000
Manufacturer: Ricoh
Name: Sony Visual Communication Camera VGP-VCC5
PNP Device ID: ROOT\IMAGE\0000
Service: usbvideo
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Sony Visual Communication Camera VGP-VCC5
Device ID: ROOT\IMAGE\0001
Manufacturer: Ricoh
Name: Sony Visual Communication Camera VGP-VCC5
PNP Device ID: ROOT\IMAGE\0001
Service: usbvideo
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Ö§¸¶±¦²å¼þ 1.2.0.2
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator CS5.1
Adobe Reader 7.0.8
Adobe Shockwave Player 11.6
Adobe SVG Viewer 3.0
Alps Pointing-device for VAIO
Any Video Converter 3.3.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
AVG PC Tuneup
BitComet 1.14
Bluetooth Stack for Windows by Toshiba
BOCNET Security Applet 1.5
Bonjour
Browser Guard v3.0
CCleaner
Click to DVD 2.0.05 Menu Data
Click to DVD 2.6.00
cntvppl 1.0.0.1
Connectify
DVgate Plus
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
Epson FAX Utility
EPSON ME 960FWD Series Manual
EPSON ME 960FWD Series Network Guide
EPSON ME 960FWD Series Printer Uninstall
Epson PC-FAX Driver
EPSON Scan
EpsonNet Print
EpsonNet Setup 3.3
Facebook Plug-In
FileZilla Client 3.2.7.1
Football Manager 2010
Funshion
Garena Plus
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
Google Chrome
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iCloud
Intel® Graphics Media Accelerator Driver
iPhoneBrowser
iTunes
Java Auto Updater
Java™ 6 Update 31
LAN Setting Utility
Malwarebytes' Anti-Malware
Messenger Plus! 5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
mIRC
MobileMe Control Panel
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netscape Communicator 4.79
NVIDIA Drivers
NVIDIA PhysX
OEM
OpenMG Secure Module 4.6.01
PDF Settings CS5
PPSÓÎÏ· V1.0.1.322
PPStream V2.7.0.1236 Final
Protector Suite QL 5.6
QuickTime
Rapidshare Auto Downloader 4.1
RealPlayer
Roxio Easy Media Creator Home
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Setting Utility Series
SigmaTel Audio
Skype™ 4.0
SonicStage 4.2
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sonique
Sony Snymsico for Vista
Sony Utilities DLL
Sony Video Shared Library
SPSS 15.0 for Windows Integrated Student Version
swMSM
System Requirements Lab
System Requirements Lab for Intel
Tendyron 193D4_ICBC
TradeManager 2010 Beta1
Trend Micro RUBotted 2.0 Beta
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Aqua Breeze Wallpaper
VAIO Azure Float Wallpaper
VAIO Camera Capture Utility
VAIO Camera Utility
VAIO Content Importer VAIO Content Exporter
VAIO Content Importer / VAIO Content Exporter
VAIO Control Center
VAIO Cozy Orange Wallpaper
VAIO Data Restore Tool
VAIO Entertainment Platform
VAIO Event Service
VAIO Floral Dusk Wallpaper
VAIO Hardware Diagnostics
VAIO HDD Protection
VAIO Long Battery Life Wallpaper
VAIO Manual
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.0
VAIO Media Redistribution 6.0
VAIO Media Registration Tool 6.0
VAIO Photo 2007
VAIO Power Management
VAIO Teal Whisper Wallpaper
VAIO Tender Yellow Wallpaper
VAIO Update 4
Veetle TV 0.9.18
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.5
VoipBuster
vShare.tv plugin 1.3
VshareComplete
Warcraft III
Warcraft III 1.22 Patch
Warcraft III: All Products
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinDVD for VAIO
WinRAR archiver
Wireless Switch Setting Utility
WYSIWYG Web Builder 7
xVideoServiceThief
.
==== Event Viewer Messages From Past Week ========
.
5/7/2012 8:48:04 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/7/2012 8:47:50 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: iqajn Lbd
5/7/2012 8:47:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Trend Micro RUBotted Service service to connect.
5/7/2012 8:47:50 PM, Error: Service Control Manager [7000] - The Trend Micro RUBotted Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/7/2012 8:47:50 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
5/7/2012 8:47:36 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/7/2012 7:41:01 AM, Error: Application Popup [1801] - The hardware has reported an uncorrectable memory error.
5/7/2012 6:21:33 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{E13823F9-E22C-4C31-8E53-8197C7AA0E0F} because another computer on the network has the same name. The server could not start.
5/7/2012 6:21:33 PM, Error: netbt [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 192.168.1.64. The computer with the IP address 192.168.1.92 did not allow the name to be claimed by this computer.
5/7/2012 6:21:33 PM, Error: netbt [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 192.168.1.64. The computer with the IP address 192.168.1.92 did not allow the name to be claimed by this computer.
5/7/2012 5:40:45 AM, Error: EventLog [6008] - The previous system shutdown at 5:38:50 AM on 5/7/2012 was unexpected.
5/6/2012 7:43:38 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
5/2/2012 8:17:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
5/2/2012 5:23:15 PM, Error: Service Control Manager [7010] - A timeout (30000 milliseconds) was reached while waiting for ReadFile.
5/2/2012 5:22:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
.
==== End Of File ===========================

#4 neospezi

neospezi
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 07 May 2012 - 08:04 AM

Here is the checkup.txt

Results of screen317's Security Check version 0.99.32
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2012
AVG PC Tuneup
AVG 2012
SonicStage Mastering Studio Audio Filter Custom Preset
Trend Micro RUBotted 2.0 Beta
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
AVG PC Tuneup
CCleaner
Java™ 6 Update 31
Adobe Flash Player 11.2.202.235
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Windows Defender MSASCui.exe
``````````End of Log````````````

#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:27 PM

Posted 07 May 2012 - 09:37 AM

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Please let me know if the problem persists.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:27 PM

Posted 14 May 2012 - 08:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users