Hello! Thank you for all the work you guys do to help us; I really appreciate it!
I was given a Sony Vaio running Windows Vista secondhand from a family member to clean up. They suspected that it had viruses, and after checking it out for a few days, I also believe that this is the case.
Some examples of what is wrong:
-
Windows Defender is disabled, and nothing I do changes that. Every time I try to enable/open it, an error message pops up instead. In addition, I seem to be unable to use other firewalls, leaving this computer vulnerable.
-Programs are slow, and opening things takes ages
- I got a blue error screen the first time I tried to run the DDS scan that said "win32k.sys shutdown." After I restarted the computer,
Microsoft Security Essentials had stopped working, and I had to go and re-enable that.
Before requesting help on this forum, I did the
Hijack This steps--followed the instructions on this website, as well as used the diagnostic tool for the log, and subsequently fixed the errors listed. Log available upon request . . . I also followed the steps required before asking help here.
Thank you for any help provided!
Here are the four (4) logs requested:
SAS:SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 06/06/2012 at 06:57 PM
Application Version : 5.0.1150
Core Rules Database Version : 8696
Trace Rules Database Version: 6508
Scan type : Complete Scan
Total Scan Time : 01:14:34
Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)
Memory items scanned : 626
Memory threats detected : 0
Registry items scanned : 33675
Registry threats detected : 78
File items scanned : 29918
File threats detected : 5
PUP.MyWebSearch/FunWebProducts
HKLM\SOFTWARE\Fun Web Products
HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
HKLM\SOFTWARE\Fun Web Products\MSNMessenger
HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLFile
HKLM\SOFTWARE\Fun Web Products\MSNMessenger#DLLDir
HKLM\SOFTWARE\Fun Web Products\ScreenSaver
HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
HKLM\SOFTWARE\Fun Web Products\Settings
HKLM\SOFTWARE\Fun Web Products\Settings\Promos
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
HKU\S-1-5-21-1527495172-1149829277-2661899657-1002\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch
HKLM\SOFTWARE\MyWebSearch\bar
HKLM\SOFTWARE\MyWebSearch\bar#pid
HKLM\SOFTWARE\MyWebSearch\bar#fwp
HKLM\SOFTWARE\MyWebSearch\bar#tiec
HKLM\SOFTWARE\MyWebSearch\bar#Dir
HKLM\SOFTWARE\MyWebSearch\bar#UninstallString
HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
HKLM\SOFTWARE\MyWebSearch\bar#RegHookPath
HKLM\SOFTWARE\MyWebSearch\bar#Id
HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
HKLM\SOFTWARE\MyWebSearch\bar#sr
HKLM\SOFTWARE\MyWebSearch\bar#pl
HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
HKLM\SOFTWARE\MyWebSearch\bar#t
HKLM\SOFTWARE\MyWebSearch\SearchAssistant
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
HKLM\SOFTWARE\MyWebSearch\SkinTools
HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
HKLM\Software\FocusInteractive
HKLM\Software\FocusInteractive\bar
HKLM\Software\FocusInteractive\bar\Switches
HKLM\Software\FocusInteractive\bar\Switches#ok
HKLM\Software\FocusInteractive\bar\Switches#od
HKLM\Software\FocusInteractive\bar\Switches#nk
HKLM\Software\FocusInteractive\bar\Switches#nd
HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
HKLM\Software\FocusInteractive\bar\Switches#msn.exe
HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
HKLM\Software\FocusInteractive\bar\Switches#waol.exe
HKLM\Software\FocusInteractive\bar\Switches#aim.exe
HKLM\Software\FocusInteractive\bar\Switches#icq.exe
HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
HKLM\Software\FocusInteractive\bar\Switches#ua
HKLM\Software\FocusInteractive\bar\Switches#au
HKLM\Software\FocusInteractive\bar\Switches#nodns
HKLM\Software\FocusInteractive\Email-IM
HKLM\Software\FocusInteractive\Email-IM\0
HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
HKLM\Software\FocusInteractive\Email-IM\0#AppName
HKLM\Software\FocusInteractive\Outlook
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings
C:\Program Files\MyWebSearch\bar
C:\Program Files\MyWebSearch
PUP.MyWebSearch-Installer
C:\USERS\MY VAIO\APPDATA\LOCALLOW\FUNWEBPRODUCTS\INSTALLR\CACHE\0FB503E8.EXE
MBAM:Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.orgDatabase version: v2012.06.07.01
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
My Vaio :: MYVAIO-PC [administrator]
6/6/2012 7:51:59 PM
mbam-log-2012-06-06 (19-51-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188231
Time elapsed: 8 minute(s), 13 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 13
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
DDS - DDS.txt:.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by My Vaio at 20:26:57 on 2012-06-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.230 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Browny02\Brother\BrStMonW.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Browny02\BrYNSvc.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
uWindow Title = Windows Internet Explorer provided by Yahoo!
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uURLSearchHooks: H - No File
BHO: MRI_DISABLED - No File
BHO: AOL Toolbar Launcher - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: MRI_DISABLED - No File
EB: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [BrStsMon00] c:\program files\browny02\brother\BrStMonW.exe /AUTORUN
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\ADOBEA~1.LNK -
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\aolddi~1.lnk - c:\ddi\AOLICON.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mri_di~1\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2iexp.dll
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{DE4E9A12-F75D-4D38-8479-C7A118F31CFB} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{E2BE8A7A-3EA8-48F8-98EF-4C835DD6505D} : DhcpNameServer = 192.168.1.254
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\my vaio\appdata\roaming\mozilla\firefox\profiles\mv2ijqfw.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKsl1c2e434e;MpKsl1c2e434e;c:\programdata\microsoft\microsoft antimalware\definition updates\{b0e1fb93-4b21-48a2-9603-58c6043194a6}\MpKsl1c2e434e.sys [2012-6-6 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-7-8 541800]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-26 812544]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2011-4-15 16896]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
.
=============== Created Last 30 ================
.
2012-06-07 03:11:15 -------- d-----w- c:\program files\Oracle
2012-06-07 03:10:30 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-06-07 03:10:30 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-07 02:37:10 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b0e1fb93-4b21-48a2-9603-58c6043194a6}\offreg.dll
2012-06-07 02:37:09 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b0e1fb93-4b21-48a2-9603-58c6043194a6}\MpKsl1c2e434e.sys
2012-06-07 02:29:10 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{608411dd-9a92-4505-a97f-f8d9242d4bba}\gapaengine.dll
2012-06-07 02:28:15 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{b0e1fb93-4b21-48a2-9603-58c6043194a6}\mpengine.dll
2012-06-07 02:00:55 -------- d-----w- C:\e58248bec90ebb26dd38ac608d45
2012-06-07 01:35:41 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-07 01:33:44 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-06-07 00:39:25 -------- d-----w- c:\users\my vaio\appdata\roaming\Malwarebytes
2012-06-07 00:39:05 -------- d-----w- c:\programdata\Malwarebytes
2012-06-07 00:39:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-07 00:39:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-07 00:37:53 -------- d-----w- c:\users\my vaio\appdata\roaming\SUPERAntiSpyware.com
2012-06-07 00:37:27 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-07 00:37:27 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-06-07 00:18:25 -------- d-----w- c:\program files\CCleaner
2012-06-06 23:55:02 -------- d-----w- c:\windows\Intuit
2012-06-06 23:25:30 -------- d-----w- c:\users\my vaio\appdata\local\Seven Zip
2012-06-06 22:56:14 6737808 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6e392898-1e44-4d99-b73d-ebc292850a86}\mpengine.dll
2012-05-30 06:39:48 -------- d-----w- C:\f36b42cdd04982006cf6afa5
2012-05-14 06:52:44 53120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-14 06:51:23 914304 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-14 06:51:22 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-05-14 06:51:19 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL
2012-05-14 06:51:18 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll
2012-05-14 06:51:18 1404928 ----a-w- c:\program files\common files\microsoft shared\ink\InkObj.dll
2012-05-14 06:51:17 983040 ----a-w- c:\program files\windows journal\JNTFiltr.dll
2012-05-14 06:51:17 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll
2012-05-14 06:51:16 47104 ----a-w- c:\program files\windows journal\PDIALOG.exe
2012-05-14 06:50:24 1069056 ----a-w- c:\windows\system32\DWrite.dll
2012-05-14 06:50:23 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-05-14 06:50:23 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-05-14 06:50:23 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-05-14 06:50:23 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-05-14 05:42:46 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-14 05:42:45 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-14 05:42:45 2044928 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-05-05 09:18:11 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 09:18:11 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 09:17:44 4126880 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-03-26 21:04:16 724992 ----a-w- c:\windows\iun6002.exe
2012-03-21 03:44:12 74112 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 03:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 20:28:52.13 ===============
DDS - Attach.txt:.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/16/2011 12:18:48 PM
System Uptime: 6/6/2012 8:18:32 PM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Pentium(R) Dual CPU T2310 @ 1.46GHz | N/A | 1467/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 106.557 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: BlackBerry
Device ID: USB\VID_0FCA&PID_8004&MI_00\6&376D0E18&0&0000
Manufacturer:
Name: BlackBerry
PNP Device ID: USB\VID_0FCA&PID_8004&MI_00\6&376D0E18&0&0000
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
ABBYY FineReader 6.0 Sprint
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Alps Pointing-device for VAIO
Belkin USB Wireless Adaptor
Brother MFL-Pro Suite MFC-J270W
CCleaner
Click to DVD 2.0.05 Menu Data
Click to DVD 2.6.00
Corel Paint Shop Pro Photo XI
Corel Snapfire
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 7 Update 4
Java(TM) SE Runtime Environment 6
JavaFX 2.1.0
LocationFree Player
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox 13.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00
QuickBooks Product Listing Service
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Setting Utility Series
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Video Shared Library
SUPERAntiSpyware
SupportSoft Assisted Service
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VAIO Azure Float Wallpaper
VAIO Center Access Bar
VAIO Content Folder Setting
VAIO Content Importer VAIO Content Exporter
VAIO Content Importer / VAIO Content Exporter
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Entertainment Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Floral Dusk Wallpaper
VAIO Help And Support
VAIO Launcher
VAIO Media
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.1
VAIO Media Redistribution 6.0
VAIO Media Registration Tool
VAIO Media Registration Tool 6.0
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO PC Wireless LAN Wizard
VAIO Power Management
VAIO Productivity Center
VAIO Security Center
VAIO Service Utility
VAIO Smart Network
VAIO Teal Whisper Wallpaper
VAIO Update 3
WinDVD for VAIO
.
==== Event Viewer Messages From Past Week ========
.
6/6/2012 8:21:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/6/2012 8:21:17 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/6/2012 8:21:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
6/6/2012 8:20:58 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/6/2012 8:20:37 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
6/6/2012 8:20:37 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
6/6/2012 8:20:37 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/6/2012 8:19:34 PM, Error: EventLog [6008] - The previous system shutdown at 8:16:53 PM on 6/6/2012 was unexpected.
6/6/2012 6:52:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path:
http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
6/6/2012 6:52:24 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path:
http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
6/6/2012 3:43:16 PM, Error: Service Control Manager [7034] - The NSUService service terminated unexpectedly. It has done this 1 time(s).
6/6/2012 3:42:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the lxddCATSCustConnectService service to connect.
6/6/2012 3:42:59 PM, Error: Service Control Manager [7000] - The lxddCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/6/2012 3:41:36 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer QuickBooks PDF Converter with shared resource name QuickBooks PDF Converter. Error 2114. The printer cannot be used by others on the network.
5/30/2012 10:52:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VzCdbSvc service.
.
==== End Of File ===========================