ComboFix 14-01-16.03 - Robyn Bri 01/19/2014   9:53.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2046.1006 [GMT -8:00]
Running from: c:\users\Robyn Bri\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Robyn Bri\AppData\Local\Temp\95d406143b5a4f83a8aa3a2f883184de\filesys.dll
c:\users\Robyn Bri\AppData\Local\temp\95d406143b5a4f83a8aa3a2f883184de\http.dll
c:\users\ROBYNB~1\AppData\Local\Temp\95d406143b5a4f83a8aa3a2f883184de\filesys.dll
c:\users\ROBYNB~1\AppData\Local\Temp\95d406143b5a4f83a8aa3a2f883184de\http.dll
.
.
(((((((((((((((((((((((((   Files Created from 2013-12-19 to 2014-01-19  )))))))))))))))))))))))))))))))
.
.
2014-01-19 18:03 . 2014-01-19 20:25	--------	d-----w-	c:\users\Robyn Bri\AppData\Local\temp
2014-01-19 18:03 . 2014-01-19 18:03	--------	d-----w-	c:\users\Public\AppData\Local\temp
2014-01-19 18:03 . 2014-01-19 18:03	--------	d-----w-	c:\users\Guest\AppData\Local\temp
2014-01-19 18:03 . 2014-01-19 18:03	--------	d-----w-	c:\users\Experience\AppData\Local\temp
2014-01-19 18:03 . 2014-01-19 18:03	--------	d-----w-	c:\users\Default\AppData\Local\temp
2014-01-19 16:49 . 2014-01-19 18:07	62576	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A4641B19-51F3-4ABB-9EED-C24E4C6F7EF8}\offreg.dll
2014-01-19 16:35 . 2014-01-19 18:05	--------	d-----w-	c:\users\Robyn Bri\AppData\Local\CrashDumps
2014-01-19 16:30 . 2013-12-04 02:57	7760024	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A4641B19-51F3-4ABB-9EED-C24E4C6F7EF8}\mpengine.dll
2014-01-18 22:59 . 2013-12-04 02:57	7760024	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-18 17:24 . 2014-01-18 17:24	--------	d-----w-	C:\_OTL
2014-01-16 00:16 . 2014-01-16 01:23	--------	d-----w-	c:\windows\system32\MpEngineStore
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-19 07:32 . 2009-10-05 16:04	231584	------w-	c:\windows\system32\MpSigStub.exe
2013-12-11 03:31 . 2013-01-15 01:20	692616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-12-11 03:31 . 2011-07-26 03:36	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-14 22:50 . 2013-12-11 04:52	1806848	----a-w-	c:\windows\system32\jscript9.dll
2013-11-14 22:42 . 2013-12-11 04:52	1129472	----a-w-	c:\windows\system32\wininet.dll
2013-11-14 22:42 . 2013-12-11 04:52	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2013-11-14 22:38 . 2013-12-11 04:52	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2013-11-14 22:38 . 2013-12-11 04:52	420864	----a-w-	c:\windows\system32\vbscript.dll
2013-11-14 22:35 . 2013-12-11 04:52	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-10-30 02:13 . 2006-11-02 10:25	1304064	----a-w-	c:\windows\system32\WMALFXGFXDSP.dll
2013-10-30 02:12 . 2013-12-11 00:56	335360	----a-w-	c:\windows\system32\SysFxUI.dll
2013-10-30 01:43 . 2013-12-11 00:56	130048	----a-w-	c:\windows\system32\drivers\drmk.sys
2013-10-30 00:43 . 2013-12-11 00:56	167936	----a-w-	c:\windows\system32\drivers\portcls.sys
2013-10-30 00:35 . 2013-12-11 00:56	2050560	----a-w-	c:\windows\system32\win32k.sys
2013-10-22 07:19 . 2013-12-11 00:56	158208	----a-w-	c:\windows\system32\imagehlp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-10-02 20472992]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-25 4489216]
"Skytel"="Skytel.exe" [2007-06-25 1826816]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-01 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-01 81920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\users\Robyn Bri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Audio Filter.lnk - c:\program files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe [2007-9-12 5742136]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-7-3 739880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^bby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^2X Client.lnk]
path=c:\users\bby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\2X Client.lnk
backup=c:\windows\pss\2X Client.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^bby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Click to DVD Automatic Mode Launcher.lnk]
path=c:\users\bby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Click to DVD Automatic Mode Launcher.lnk
backup=c:\windows\pss\Click to DVD Automatic Mode Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06	958576	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMon Utility]
2007-07-12 22:39	534392	----a-w-	c:\program files\Sony\AppMonUtil\AppMonUtility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 04:43	59720	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-02-12 20:37	174872	----a-w-	c:\program files\intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2007-06-12 01:27	317560	----a-w-	c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-11-02 08:29	152392	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-09-01 18:03	8478720	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-09-01 18:03	81920	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-09-01 18:06	86016	----a-w-	c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-06-25 21:41	4489216	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-06-25 21:41	1826816	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Center Access Bar]
2007-06-21 23:54	53248	----a-w-	c:\program files\Sony\VAIO Center Access Bar\VCAB.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2007-07-12 18:31	45056	----a-w-	c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-291611602-1755704891-1640183286-1002]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-17 00:45	1211672	----a-w-	c:\program files\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-15 03:31]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 05:56]
.
2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-20 05:56]
.
2013-07-18 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: PackageCab - hxxp://ak.imgag.com/imgag/cp/install/AxCtp2.cab
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-CanonMyPrinter - c:\program files\Canon\MyPrinter\BJMyPrt.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-01-19 12:25
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4676)
c:\windows\system32\btncopy.dll
.
- - - - - - - > 'Explorer.exe'(5484)
c:\windows\system32\nvd3dum.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\stacsv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe
c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2014-01-19  12:28:59 - machine was rebooted
ComboFix-quarantined-files.txt  2014-01-19 20:28
.
Pre-Run: 74,826,100,736 bytes free
Post-Run: 75,322,945,536 bytes free
.
- - End Of File - - 7C68F530426333F204869F8E15BEA8F9
5C616939100B85E558DA92B899A0FC36