Port Scanning attacks & DNS cache poisoning attack

FauxShaux · 03-08-2012, 11:46 AM

Hello,

ESET began giving me 'Detected Port Scanning attack' & 'Detected DNS cache poisoning attack' messages about a month ago and although I wish I could have acted sooner this is the first chance I've had to seek help. These attacks are occurring on a 64-bit computer, a Sony VAIO Z (VPCZ1) with Windows 7 Professional. In addition to the DDS.txt (below) and the Attach.zip (attached), I have attached the entire personal firewall log of my system (personal firewall log.txt). I haven't had any other kinds of alerts for as long as I have had this computer so it should all be relevant information.

Thanks

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Andrew at 13:32:06 on 2012-03-08
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3766.1906 [GMT -6:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Protector Suite\upeksvr.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\lxeacoms.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\vncutil64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
C:\Program Files\Protector Suite\psqltray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\Auto Mute\AutoMute.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Evoluent\VMouse\V4\EvoMouseExec.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\android-sdk-windows\platform-tools\adb.exe
C:\Windows\splwow64.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://esupport.sony.com/
uDefault_Page_URL = hxxp://esupport.sony.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
TB: Hyperionics DB Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
uRun: [Google Update] "C:\Users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [AutoMute.exe] "C:\Program Files (x86)\Auto Mute\AutoMute.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVOLUE~1.LNK - C:\Windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 128.83.185.41 128.83.185.40
TCP: Interfaces\{82042280-CC14-408F-9953-63AB601034D0} : DhcpNameServer = 128.83.185.41 128.83.185.40
TCP: Interfaces\{82042280-CC14-408F-9953-63AB601034D0}\D65627C696E6 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli c:\Program Files\Protector Suite\psqlpwd.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
TB-X64: Hyperionics DB Toolbar: {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Communicator] "C:\Program Files (x86)\Microsoft Office Communicator\communicator.exe" /fromrunkey
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [BambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\87n6l7cn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Andrew\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\87n6l7cn.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-1-3 8704]
R0 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\system32\DRIVERS\EpfwLWF.sys --> C:\Windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-9-22 974944]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-2-6 13336]
R2 lxea_device;lxea_device;C:\Windows\system32\lxeacoms.exe -service --> C:\Windows\system32\lxeacoms.exe -service [?]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-7-29 190496]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-5-30 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-5-30 487280]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-2-6 2320920]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-2-19 529776]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\Windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys --> C:\Windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [?]
R3 EvoMouseDriverMini;EvoMouseDriverMini;C:\Windows\system32\drivers\EvoMouseDriverMini.sys --> C:\Windows\system32\drivers\EvoMouseDriverMini.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-6-3 571248]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-18 136176]
S2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\lxeaserv.exe [2010-8-21 45736]
S2 nidevldu;NI Device Loader; [x]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-18 136176]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 niraptrkw;niraptrkw;C:\Windows\system32\DRIVERS\niraptrkw.sys --> C:\Windows\system32\DRIVERS\niraptrkw.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
S3 SampleCollector;Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-6-3 168448]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VBTUSB;VBTUSB.Sys VAIO Bluetooth Driver over USB device;C:\Windows\system32\Drivers\VBTUSB.sys --> C:\Windows\system32\Drivers\VBTUSB.sys [?]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-2-19 115568]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit); [x]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-03-06 18:53:37 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{64807D72-F2E1-460B-B29A-423EAADA1D79}\mpengine.dll
2012-02-20 15:00:03 -------- d-----w- C:\Games
2012-02-19 05:19:36 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Mumble(PR Edition)
2012-02-19 05:13:34 -------- d-----w- C:\Program Files (x86)\Mumble(PR Edition)
2012-02-17 01:17:59 -------- d-----w- C:\Users\Andrew\workspace
2012-02-15 23:05:23 -------- d-----w- C:\Users\Andrew\.m2
2012-02-15 23:04:56 -------- d-----w- C:\Users\Andrew\.netbeans
2012-02-15 23:00:52 -------- d-----w- C:\Users\Andrew\AppData\Roaming\TortoiseSVN
2012-02-15 22:53:28 -------- d-----w- C:\UDK
2012-02-15 22:38:09 -------- d-----w- C:\NetBeans 7.1
2012-02-15 22:16:55 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 22:16:55 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 22:16:54 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 22:16:54 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 22:16:54 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 22:16:53 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-15 22:16:49 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 22:16:49 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 22:16:23 -------- d-----w- C:\Users\Andrew\AppData\Local\TSVNCache
2012-02-15 22:13:52 -------- d-----w- C:\Pogamut
2012-02-15 22:13:16 -------- d-----w- C:\Program Files (x86)\Pogamut
2012-02-15 22:07:46 -------- d-----w- C:\Users\Andrew\.nbi
2012-02-15 21:45:43 -------- d-----w- C:\Users\Andrew\AppData\Roaming\Subversion
2012-02-15 21:45:25 -------- d-----w- C:\apache-maven-3.0.2
2012-02-15 21:44:46 -------- d-----w- C:\Program Files (x86)\Common Files\TortoiseOverlays
2012-02-15 21:44:45 -------- d-----w- C:\Program Files\TortoiseSVN
2012-02-15 21:44:45 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
2012-02-15 21:41:49 -------- d-----w- C:\Program Files (x86)\Subversion
2012-02-08 19:17:16 -------- d-----w- C:\Program Files\SAMSUNG
2012-02-08 19:16:30 -------- d-----w- C:\ProgramData\Samsung
.
==================== Find3M ====================
.
2012-03-02 05:16:03 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-02 05:16:03 234536 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-19 05:14:55 794408 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-02-19 05:14:55 75064 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-01-12 14:05:56 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 13:32:30.91 ===============

FauxShaux · 03-20-2012, 12:26 PM

Bump, please

**Ried** · 03-20-2012, 08:08 PM

Hello FauxShaux,

Download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Save it to your desktop.

Note: Malwarebytes' Anti-Malware may require a reboot to complete removals. After a reboot, if required, post that saved log in your next reply.

Next, flush your DNS yet. To do this, click Start button>All Programs>Accessories and locate Command Prompt.

Right click it to run as administrator

In the black command window, type in the following and press Enter:

ipconfig /flushdns

Reboot the machine. Is Eset Firewall still giving alerts?

FauxShaux · 03-23-2012, 07:19 AM

I have run the Anti-Malware program and the flushed the DNS as you said. The Anti-Malware program did not find any issues; the log is below. The ESET alerts come only occasionally; I'll get back to you if another one pops up. If I don't get anything for a week I'm guessing that's a sign that it's fixed?

Thanks

Malwarebytes Anti-Malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2012.03.23.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Andrew :: RAY [administrator]

3/23/2012 9:07:52 AM
mbam-log-2012-03-23 (09-07-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196911
Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

FauxShaux · 03-27-2012, 07:47 PM

Hi,

ESET has given me 2 warnings since I performed those steps you recommended. Here's the log for those warnings (obtained from the same personal firewall log of my original post):

3/26/2012 1:40:59 AM Detected DNS cache poisoning attack 96.30.9.155:53 128.62.21.196:43959 UDP
3/24/2012 1:15:27 AM Detected Port Scanning attack 62.212.66.26:58839 128.62.16.4:8080 TCP

**Ried** · 03-27-2012, 07:49 PM

Alright, download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

FauxShaux · 03-27-2012, 07:59 PM

Here it is.

ComboFix 12-03-27.03 - Andrew 03/27/2012 21:53:09.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3766.2359 [GMT -5:00]
Running from: c:\users\Andrew\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Hyperionics DB Toolbar\tbHElper.dll
c:\programdata\SPLC995.tmp
c:\users\Andrew\AppData\Local\Minibar
c:\users\Andrew\AppData\Local\Minibar\chrome\background.html
c:\users\Andrew\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\Andrew\AppData\Local\Minibar\chrome\extension_info.json
c:\users\Andrew\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\Andrew\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\Andrew\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\Andrew\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\Andrew\AppData\Local\Minibar\chrome\includes\content.js
c:\users\Andrew\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\Andrew\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\Andrew\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\Andrew\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\Andrew\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\Andrew\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\Andrew\AppData\Local\Minibar\chrome\kango\console.js
c:\users\Andrew\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\Andrew\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\Andrew\AppData\Local\Minibar\chrome\kango\io.js
c:\users\Andrew\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\Andrew\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\Andrew\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\Andrew\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\Andrew\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\Andrew\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\Andrew\AppData\Local\Minibar\chrome\main.js
c:\users\Andrew\AppData\Local\Minibar\chrome\manifest.json
c:\users\Andrew\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\Andrew\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\Andrew\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\Andrew\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\Andrew\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\Andrew\AppData\Local\Minibar\chrome\popup.html
c:\users\Andrew\AppData\Local\Minibar\chrome\popup.js
c:\users\Andrew\AppData\Local\Minibar\chrome\tab.html
c:\users\Andrew\AppData\Local\Minibar\chrome\tab.js
c:\users\Andrew\AppData\Local\Minibar\chrome_installer.js
c:\users\Andrew\AppData\Local\Minibar\common.js
c:\users\Andrew\AppData\Local\Minibar\install.json
c:\users\Andrew\AppData\Local\Minibar\minibar.crx
c:\users\Andrew\AppData\Local\Minibar\sqlite3.exe
c:\users\Andrew\AppData\Local\Minibar\Uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-28 to 2012-03-28 )))))))))))))))))))))))))))))))
.
.
2012-03-28 02:56 . 2012-03-28 02:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-27 17:53 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03A88CA1-A4F0-4BBA-A0A6-14A28D16D905}\mpengine.dll
2012-03-25 02:10 . 2012-03-25 02:10 -------- d-----w- c:\programdata\kinoma
2012-03-25 02:09 . 2012-03-25 02:09 -------- d-----w- c:\users\Andrew\AppData\Local\kinoma
2012-03-25 02:08 . 2012-03-25 02:19 -------- d-----w- c:\users\Andrew\AppData\Local\Sony Corporation
2012-03-23 14:07 . 2012-03-23 14:07 -------- d-----w- c:\users\Andrew\AppData\Roaming\Malwarebytes
2012-03-23 14:07 . 2012-03-23 14:07 -------- d-----w- c:\programdata\Malwarebytes
2012-03-23 14:07 . 2011-12-10 20:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-23 14:07 . 2012-03-23 14:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-23 00:29 . 2012-03-26 05:53 -------- d-----w- C:\Guild Wars 2 Beta
2012-03-20 00:10 . 2012-03-20 00:10 -------- d-----w- c:\program files (x86)\Red 5 Studios
2012-03-19 18:57 . 2012-03-19 18:57 -------- d-----w- c:\users\Andrew\AppData\Roaming\Rainmeter
2012-03-19 18:57 . 2012-03-19 18:59 -------- d-----w- c:\program files\Rainmeter
2012-03-17 18:33 . 2012-03-17 18:33 -------- d-----w- c:\users\Andrew\AppData\Roaming\OnLive App
2012-03-17 18:33 . 2012-03-17 18:33 -------- d-----w- c:\program files (x86)\OnLive
2012-03-14 08:02 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 08:02 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 08:01 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 04:24 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 04:24 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 04:24 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 04:16 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 04:16 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 04:16 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 04:16 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 04:16 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 04:16 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 04:16 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-02 05:16 . 2010-06-10 03:39 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-02 05:16 . 2010-06-10 03:39 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-02-23 14:18 . 2010-06-08 23:37 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-19 05:14 . 2011-02-20 02:21 794408 ----a-w- c:\windows\SysWow64\pbsvc.exe
2012-02-19 05:14 . 2010-06-10 03:27 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-01-24 19:49 . 2011-12-03 01:53 171488 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-01-12 14:05 . 2011-06-16 18:55 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44 . 2012-02-15 22:16 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 22:16 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 22:16 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 22:16 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AutoMute.exe"="c:\program files (x86)\Auto Mute\AutoMute.exe" [2011-03-16 736256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Communicator"="c:\program files (x86)\Microsoft Office Communicator\communicator.exe" [2012-01-11 5153056]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-05-30 629848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
.
c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
Evoluent Mouse Manager.lnk - c:\windows\Installer\{0F8F4447-1F0B-4703-9BD5-53F0274CE856}\_B5CB566BBFE908A7621D0F.exe [2011-11-22 4286]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-12-30 00:38 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-18 136176]
R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxeaserv.exe [2010-04-15 45736]
R2 nidevldu;NI Device Loader; [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-18 136176]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 niraptrkw;niraptrkw;c:\windows\system32\DRIVERS\niraptrkw.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 SampleCollector;Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2010-04-20 168448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VBTUSB;VBTUSB.Sys VAIO Bluetooth Driver over USB device;c:\windows\system32\Drivers\VBTUSB.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-02-20 115568]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 YAMChA;YAMChA;d:\tools\YAMChA64.sys [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 NIApplicationWebServer64;NI Application Web Server (64-bit); [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$MSSMLBIZ;SQL Server Agent (MSSMLBIZ);c:\program files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe [2010-01-07 1052328]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-07-30 190496]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-26 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-26 487280]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-02-20 529776]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;c:\windows\system32\DRIVERS\EvoMouseDriverFilterHidUsb.sys [x]
S3 EvoMouseDriverMini;EvoMouseDriverMini;c:\windows\system32\drivers\EvoMouseDriverMini.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-06 571248]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-18 22:21]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-18 22:21]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-92915005-1564511620-3824306660-1001Core.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 00:44]
.
2012-03-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-92915005-1564511620-3824306660-1001UA.job
- c:\users\Andrew\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-09 00:44]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2009-10-30 02:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2009-10-30 02:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-06 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-06 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-06 410136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-19 16414824]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-30 9962016]
"vncutil"="c:\program files\Realtek\Audio\HDA\vncutil64.exe" [2010-07-30 475680]
"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744]
"lxeamon.exe"="c:\program files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [2010-01-18 770728]
"EzPrint"="c:\program files (x86)\Lexmark S300-S400 Series\ezprint.exe" [2010-01-18 139944]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://esupport.sony.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 128.83.185.41 128.83.185.40
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\87n6l7cn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-GCalc 3 - c:\windows\system32\javaws.exe
AddRemove-Notepad App - c:\windows\system32\javaws.exe
AddRemove-TextSamplerDemo - c:\windows\system32\javaws.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-92915005-1564511620-3824306660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*÷ÿÿÿMI6]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-92915005-1564511620-3824306660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*÷ÿÿÿMI6\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-92915005-1564511620-3824306660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*÷ÿÿÿ¼MI6[**€ï%20Prologue%20One%20Ring%20to%20Rule%20Them%20All.wma*oward Shore\Fellowship of the Ring, The\34 The Departure of Boromir.wma*¯MI6ry*€*eam*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-92915005-1564511620-3824306660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*÷ÿÿÿ¼MI6[**€ï%20Prologue%20One%20Ring%20to%20Rule%20Them%20All.wma*oward Shore\Fellowship of the Ring, The\34 The Departure of Boromir.wma*¯MI6ry*€*eam*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-92915005-1564511620-3824306660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*÷ÿÿÿ¼MI6[**€ïding a new MRL to recent ones: c:\users\Andrew\Music\Howard Shore\Fellowship of the Ring, The\34 The Departure of Boromir.wma*¯MI6ry*€*eam*]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-92915005-1564511620-3824306660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*÷ÿÿÿ¼MI6[**€ïding a new MRL to recent ones: c:\users\Andrew\Music\Howard Shore\Fellowship of the Ring, The\34 The Departure of Boromir.wma*¯MI6ry*€*eam*\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-92915005-1564511620-3824306660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*÷ÿÿÿÁMI6]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-92915005-1564511620-3824306660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*÷ÿÿÿÁMI6\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-92915005-1564511620-3824306660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*÷ÿÿÿÞMI6(k*€ding a new MRL to recent ones: c:\users\Andrew\Music\Howard Shore\Fellowship of the Ring, The\12 A Shortcut to Mushrooms.wma]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-92915005-1564511620-3824306660-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*÷ÿÿÿÞMI6(k*€ding a new MRL to recent ones: c:\users\Andrew\Music\Howard Shore\Fellowship of the Ring, The\12 A Shortcut to Mushrooms.wma\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-03-27 21:58:22
ComboFix-quarantined-files.txt 2012-03-28 02:58
.
Pre-Run: 51,423,420,416 bytes free
Post-Run: 51,282,014,208 bytes free
.
- - End Of File - - EA0B2EEB8C635408DE7A02F6008C790E

**Ried** · 03-27-2012, 08:42 PM

The Minibar that ComboFix removed could very well have been responsible for the attacks.

Surf the net for a while. Same as before, I'll leave this open and wait for you to update me on the status.

FauxShaux · 03-27-2012, 08:44 PM

Okay thank you I will let you know.

FauxShaux · 03-30-2012, 10:38 PM

Seems like the ComboFix fixed it, no more alerts. Thank you so much for your help, you guys are the best!

**Ried** · 03-31-2012, 10:25 PM

Great news, indeed.

If there aren't any more problems, we have some final housekeeping to tend to now. Please do not skip this step as it will implement important cleanup procedures, as well as reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point for you.

Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK:

ComboFix /uninstall

--------------------------------------------------------------------

Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

To help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
WOT, Web of Trust, As 'Googling' is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for both Firefox and IE.
Scan here Secunia - The Leading Provider of Vulnerability Management and Vulnerability Intelligence Solutions for out of date & vulnerable common applications on your computer
Another great resource for looking up programs is SystemLookUp.
BACKING UP YOUR REGISTRY

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders System Restore unavailable by simple means. With ERUNT, you're able to restore the damaged Registry.

Vista/Windows 7 users - see this link for proper setup of Erunt Automatically Backup your Windows Vista Registry daily using ERUNT - The Winhelponline Blog

Take care, and best wishes to you.