[Trojan] Infection Report-Assistance Greatly Needed & Appreciate

Author	All Replies
Jangofett9 @sky.com	[Trojan] Infection Report-Assistance Greatly Needed & Appreciate In November my computer started acting strangely, redirecting me to websites etc. It then started to hide documents and pictures on my computer and now does not allow my computer to install new windows updates. Please Help! Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.18.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Tom New :: TOM-VAIO [administrator] 18/01/2012 21:11:25 mbam-log-2012-01-18 (21-11-25).txt Scan type: Full scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 564694 Time elapsed: 3 hour(s), 32 minute(s), 17 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully. HKCR\HBLiteAx.Info (Adware.HotBar) -> Quarantined and deleted successfully. HKCR\HBLiteAx.Info.1 (Adware.HotBar) -> Quarantined and deleted successfully. HKCR\HBLiteAX.UserProfiles (Adware.HotBar) -> Quarantined and deleted successfully. HKCR\HBLiteAX.UserProfiles.1 (Adware.HotBar) -> Quarantined and deleted successfully. HKLM\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKLM\SOFTWARE\Mozilla\Firefox\extensions\|HBLite@HBLite.com (Adware.HotBar) -> Data: C:\Program Files (x86)\HBLite\bin\11.0.267.0\firefox\extensions -> Quarantined and deleted successfully. Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\|Search Bar (Hijack.SearchPage) -> Bad: (»www.tangosearch.com/?useie5=1&q=) Good: (»www.google.com) -> Quarantined and repaired successfully. Folders Detected: 8 C:\Program Files (x86)\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files (x86)\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files (x86)\HBLite\bin\11.0.267.0 (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files (x86)\HBLite\bin\11.0.267.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files (x86)\HBLite\bin\11.0.267.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9} (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\defaults (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\defaults\preferences (Adware.Agent) -> Quarantined and deleted successfully. Files Detected: 4 C:\Windows\assembly\tmp\U\000000cb.@ (Trojan.Agent) -> Quarantined and deleted successfully. C:\Program Files (x86)\HBLite\bin\11.0.267.0\firefox\extensions\chrome.manifest (Adware.Hotbar) -> Quarantined and deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\chrome.manifest (Adware.Agent) -> Quarantined and deleted successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{0A328249-98DF-476C-9D25-3853C961DAB9}\defaults\preferences\prefs.js (Adware.Agent) -> Quarantined and deleted successfully. (end) OTL Extras logfile created on: 21/01/2012 15:07:54 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tom New.Tom-VAIO.002\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 3.67 Gb Total Physical Memory \| 3.00 Gb Available Physical Memory \| 81.72% Memory free 7.34 Gb Paging File \| 6.70 Gb Available in Paging File \| 91.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 455.32 Gb Total Space \| 241.77 Gb Free Space \| 53.10% Space Free \| Partition Type: NTFS Computer Name: TOM-VAIO \| User Name: Tom New \| Logged in as Administrator. Boot Mode: SafeMode with Networking \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{017739C5-708B-4F4F-BAD3-FA2FF5431E15}" = VAIO Content Metadata Manager Settings "{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware "{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64 "{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety "{26A24AE4-039D-4CA4-87B4-2F86416016FF}" = Java(TM) 6 Update 16 (64-bit) "{393A9268-A428-4F5A-9B20-BD753309A98E}" = Click to Disc MergeModules x64 "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel "{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO "{A77A198F-B60B-481C-A645-64EE80849A12}" = VAIO Content Metadata Intelligent Network Service Manager "{C37B6246-7D4A-4E5C-BFB4-11C8660BDC99}" = VAIO Movie Story MergeModules x64 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety "{D506EFC9-08DF-47E4-A7BF-98305BE25250}" = VAIO Content Metadata XML Interface Library "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English "3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) "930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "ARO 2011_is1" = ARO 2011 "BA0987FAAC5795C06EA794577C8C8DA3E3CA20CD" = Windows Driver Package - Sony DPP-FP60/70/90 (02/22/2007 6.0.6000.44) "EPSON SX410 Series" = EPSON SX410 Series Printer Uninstall "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{010237D8-8494-4E56-90CE-3194D3F521E6}" = VAIO Content Metadata Intelligent Network Service Manager "{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3 "{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{0AFECCA6-61A0-409F-9205-67613984209D}" = Multimedia Card Reader "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{127C8955-B5C5-4682-9428-B8243EC4E6AE}" = Remote Play with PlayStation 3 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer) "{18f14c3c-188d-43e7-bf8d-5a05af4a145f}" = Nero BackItUp 4 Essentials "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FD416D0-CC16-41D1-A25C-C9986CD8BBAB}" = VAIO Content Metadata Intelligent Analyzing Manager "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{208345BE-27BB-4367-B245-A5B6E764FDD0}" = VAIO Content Metadata Intelligent Analyzing Manager "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery "{21E548DE-0C2B-4843-8A7B-E69B4CF8BA33}" = VAIO Content Metadata Manager Settings "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Monitoring Settings "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26 "{27F9068F-27D3-42FF-BE10-94CC94F46F33}" = VAIO Content Metadata Manager Settings "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2F66901C-D9F2-4C83-9808-2DA0166265B6}" = VAIO Content Metadata Intelligent Network Service Manager "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support "{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc) "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ "{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data "{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update "{5D062554-2823-4205-ABBC-390AE5B72C45}" = VAIO Content Metadata Manager Settings "{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65883ddf-2152-4cb7-8e13-b99194b13498}" = Nero BackItUp "{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote Keyboard with PlayStation 3 "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6D8ED20E-E792-4DAC-BB66-009836CBD80B}" = VAIO Content Monitoring Settings "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "{70991E0A-1108-437E-BA7D-085702C670C0}" = "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{7430B12A-3B67-4191-B0C5-59E57344CB1F}" = iClone v4.1 SE "{75c53f52-398b-4d66-b28a-f9ef170b3b34}" = Nero BackItUp "{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79C3D1B6-32CB-43DF-BA80-CE48E7A2D6C7}" = VAIO Content Metadata Intelligent Network Service Manager "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2 "{7D1DDBF1-2948-4603-B06A-0E36487CC857}" = VAIO Content Metadata XML Interface Library "{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{94FA9FA6-5294-494D-A8F1-1E654CBB5736}" = Epson Easy Photo Print 2 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" = "{96D8E26D-70CB-44DE-AE50-43095A39E5B2}" = VAIO Entertainment Platform "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9DA53D22-D922-494C-B1D7-51CD9BCB9E4A}" = VAIO Hardware Diagnostics "{9F73FDEF-DDC1-4307-9D96-13AB3254641A}_is1" = Doctor Who: The Adventure Games "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Settings "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB259D46-F851-41B0-9AFA-AED8998AD68A}" = MusicStation "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6 "{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story) "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default "{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CADA6C4C-3EF2-43FC-8E5B-E89E3880A399}" = Ulead PhotoImpact XL SE "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = TOSHIBA Bluetooth Stack for Apache by CSR "{D02F30FB-0BC4-419A-9B9C-ADC610029B50}" = EPSON File Manager "{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade "{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.02.002 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings "{F2AC3706-19B2-45D5-A3D0-B6FB9C1A7849}" = Tango "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F400E7EB-BF07-4D9C-8AAE-81DF98CAF3F2}" = VAIO Content Metadata XML Interface Library "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = "{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go "{FBED4E82-750B-4D00-9719-90358BF3942B}" = VAIO Content Metadata XML Interface Library "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "alotToolbar" = ALOT Toolbar "avast" = avast! Free Antivirus "CameraWindowDC8" = Canon Utilities CameraWindow DC 8 "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "DivX Setup.divx.com" = DivX Setup "EPSON Scanner" = EPSON Scan "ffdshow_is1" = ffdshow [rev 1972] [2008-05-24] "FLVCodec" = PlayFLV "FrostWire" = FrostWire 4.21.7 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{0AFECCA6-61A0-409F-9205-67613984209D}" = Multimedia Card Reader "InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer) "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc) "InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data "InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide "InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story) "MAGIX 3D Maker UK" = MAGIX 3D Maker (embeded) "MAGIX Movie Edit Pro 16 Plus UK" = MAGIX Movie Edit Pro 16 Plus 9.0.1.60 (UK) "MAGIX Screenshare UK" = MAGIX Screenshare "MAGIX Speed burnR UK" = MAGIX Speed burnR "MAGIX Xtreme Photo Designer 6 UK" = MAGIX Xtreme Photo Designer 6 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800 "MarketingTools" = VAIO Marketing Tools "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube "Mozilla Firefox 8.0.1 (x86 en-GB)" = Mozilla Firefox 8.0.1 (x86 en-GB) "MSC" = McAfee SecurityCenter "MyCamera" = Canon Utilities MyCamera "NSS" = Norton Security Scan "PhotoStitch" = Canon Utilities PhotoStitch "PS3 Media Server" = PS3 Media Server "Rmtablet" = Graphics-Pad MD 41217 "splashtop" = VAIO Quick Web Access "TuneConvert_is1" = TuneConvert 7.4.0 "VAIO Help and Support" = "VAIO Premium Partners" = VAIO Premium Partners "VAIO screensaver" = VAIO screensaver "Veetle TV" = Veetle TV 0.9.18 "VLC media player" = VideoLAN VLC media player 0.8.6f "WinGimp-2.0_is1" = GIMP 2.6.11 "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.2 "Xvid_is1" = Xvid 1.2.2 final uninstall "YTdetect" = Yahoo! Detect "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 16/12/2011 16:06:03 \| Computer Name = Tom-VAIO \| Source = Bonjour Service \| ID = 100 Description = mDNSCoreMachineSleep: mDNS_Lock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 16/12/2011 16:06:03 \| Computer Name = Tom-VAIO \| Source = Bonjour Service \| ID = 100 Description = mDNSCoreMachineSleep: mDNS_Unlock: Locking failure! mDNS_busy (1) != mDNS_reentrancy (0) Error - 16/12/2011 16:33:36 \| Computer Name = Tom-VAIO \| Source = SideBySide \| ID = 16842787 Description = Activation context generation failed for "C:\Program Files (x86)\SONY\Media Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\SONY\Media Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0". Definition is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use sxstrace.exe for detailed diagnosis. Error - 16/12/2011 16:35:06 \| Computer Name = Tom-VAIO \| Source = SideBySide \| ID = 16842787 Description = Activation context generation failed for "C:\Program Files (x86)\SONY\Media Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\SONY\Media Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0". Definition is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use sxstrace.exe for detailed diagnosis. Error - 16/12/2011 17:19:33 \| Computer Name = Tom-VAIO \| Source = VzCdbSvc \| ID = 7 Description = Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error code = 0x80042000) Error - 16/12/2011 17:19:33 \| Computer Name = Tom-VAIO \| Source = VzCdbSvc \| ID = 7 Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019) Error - 16/12/2011 17:29:00 \| Computer Name = Tom-VAIO \| Source = SideBySide \| ID = 16842787 Description = Activation context generation failed for "C:\Program Files (x86)\SONY\Media Go\MediaGo.exe".Error in manifest or policy file "C:\Program Files (x86)\SONY\Media Go\Sony.Mrs.MANIFEST" on line 3. Component identity found in manifest does not match the identity of the component requested. Reference is Sony.Mrs,processorArchitecture="AMD64",type="win32",version="2.2.0.0". Definition is Sony.Mrs,processorArchitecture="x86",type="win32",version="2.2.0.0". Please use sxstrace.exe for detailed diagnosis. Error - 16/12/2011 17:30:12 \| Computer Name = Tom-VAIO \| Source = Application Hang \| ID = 1002 Description = The program SUPERAntiSpyware.exe version 5.0.0.1136 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1a44 Start Time: 01ccbc22873b0631 Termination Time: 198 Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe Report Id: 150c0f7b-282d-11e1-ad7f-0024bec6929f Error - 24/12/2011 19:31:41 \| Computer Name = Tom-VAIO \| Source = VzCdbSvc \| ID = 7 Description = Failed to load the plug-in module. (GUID = {48512A59-C8A5-4805-9048-23C9E4194BFA})(Error code = 0x80042000) Error - 24/12/2011 19:31:41 \| Computer Name = Tom-VAIO \| Source = VzCdbSvc \| ID = 7 Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019) [ Media Center Events ] Error - 24/08/2010 09:06:13 \| Computer Name = Tom-VAIO \| Source = MCUpdate \| ID = 0 Description = 14:06:12 - Error connecting to the internet. 14:06:12 - Unable to contact server.. Error - 24/08/2010 09:06:38 \| Computer Name = Tom-VAIO \| Source = MCUpdate \| ID = 0 Description = 14:06:27 - Error connecting to the internet. 14:06:27 - Unable to contact server.. [ OSession Events ] Error - 19/11/2011 12:02:45 \| Computer Name = Tom-VAIO \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. Error - 19/11/2011 12:04:14 \| Computer Name = Tom-VAIO \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash. Error - 19/11/2011 12:05:26 \| Computer Name = Tom-VAIO \| Source = Microsoft Office 12 Sessions \| ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 02/03/2011 19:05:21 \| Computer Name = Tom-VAIO \| Source = Microsoft-Windows-WindowsUpdateClient \| ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2488113). Error - 02/03/2011 19:05:21 \| Computer Name = Tom-VAIO \| Source = Microsoft-Windows-WindowsUpdateClient \| ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft Silverlight (KB2495644). Error - 03/03/2011 16:18:41 \| Computer Name = Tom-VAIO \| Source = Service Control Manager \| ID = 7043 Description = The Windows Modules Installer service did not shut down properly after receiving a preshutdown control. Error - 03/03/2011 16:20:04 \| Computer Name = Tom-VAIO \| Source = Service Control Manager \| ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect. Error - 06/03/2011 07:16:53 \| Computer Name = Tom-VAIO \| Source = Service Control Manager \| ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect. Error - 06/03/2011 07:27:34 \| Computer Name = Tom-VAIO \| Source = Microsoft-Windows-WindowsUpdateClient \| ID = 20 Description = Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.99.567.0). Error - 06/03/2011 18:21:47 \| Computer Name = Tom-VAIO \| Source = Service Control Manager \| ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 06/03/2011 18:22:08 \| Computer Name = Tom-VAIO \| Source = Service Control Manager \| ID = 7031 Description = The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error - 06/03/2011 18:23:08 \| Computer Name = Tom-VAIO \| Source = Service Control Manager \| ID = 7032 Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: %%1056 Error - 07/03/2011 13:28:19 \| Computer Name = Tom-VAIO \| Source = Service Control Manager \| ID = 7009 Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
	to forum · permalink · 2012-01-22 09:52:41 ·
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:51	Re: [Trojan] Infection Report-Assistance Greatly Needed & Apprec »Security Cleanup FAQ »Mandatory Steps Before Requesting Assistance Just awaiting the online scan, and security check
	to forum · permalink · 2012-01-22 10:53:01 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to Jangofett9 Also need the main OTL log. Do this as well... Download and run TDSS Killer, posting the log in this thread. Please post the log, even if nothing is detected. You'll find the link(s) and instruction(s) here: »Security Cleanup FAQ »Rootkit Detection Applications -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-01-22 11:31:37 ·
Jangofett9 @sky.com	reply to Jangofett9 OTL logfile created on: 21/01/2012 15:07:54 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tom New.Tom-VAIO.002\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000809 \| Country: United Kingdom \| Language: ENG \| Date Format: dd/MM/yyyy 3.67 Gb Total Physical Memory \| 3.00 Gb Available Physical Memory \| 81.72% Memory free 7.34 Gb Paging File \| 6.70 Gb Available in Paging File \| 91.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 455.32 Gb Total Space \| 241.77 Gb Free Space \| 53.10% Space Free \| Partition Type: NTFS Computer Name: TOM-VAIO \| User Name: Tom New \| Logged in as Administrator. Boot Mode: SafeMode with Networking \| Scan Mode: Current user \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012/01/21 15:07:13 \| 000,584,192 \| ---- \| M] (OldTimer Tools) -- C:\Users\Tom New.Tom-VAIO.002\Downloads\OTL.exe PRC - [2010/06/10 05:58:32 \| 000,865,832 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe PRC - [2010/02/11 11:36:12 \| 001,218,008 \| ---- \| M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe PRC - [2009/10/27 10:19:46 \| 000,895,696 \| ---- \| M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - [2011/09/23 14:37:08 \| 001,429,608 \| ---- \| M] (Sony Corporation) [On_Demand \| Stopped] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV:64bit: - [2011/09/06 21:45:28 \| 000,044,768 \| ---- \| M] (AVAST Software) [Auto \| Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2011/08/11 23:38:04 \| 000,140,672 \| ---- \| M] (SUPERAntiSpyware.com) [Auto \| Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE) SRV:64bit: - [2011/04/27 17:21:18 \| 000,288,272 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2011/04/27 17:21:18 \| 000,012,784 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2011/02/14 12:23:50 \| 000,044,736 \| ---- \| M] (Sony Corporation) [On_Demand \| Stopped] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService) SRV:64bit: - [2011/01/29 04:36:18 \| 000,259,192 \| ---- \| M] (Sony Corporation) [Auto \| Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2010/09/22 18:10:10 \| 000,057,184 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/08/11 07:46:06 \| 000,845,312 \| ---- \| M] (Sony Corporation) [Auto \| Stopped] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV:64bit: - [2010/02/24 12:16:08 \| 000,696,848 \| ---- \| M] (McAfee, Inc.) [On_Demand \| Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2010/02/19 19:19:28 \| 000,115,568 \| ---- \| M] (Sony Corporation) [On_Demand \| Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV:64bit: - [2010/02/19 19:19:26 \| 000,386,416 \| ---- \| M] (Sony Corporation) [Auto \| Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV:64bit: - [2010/02/19 18:19:24 \| 000,529,776 \| ---- \| M] (Sony Corporation) [Auto \| Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV:64bit: - [2010/02/17 15:45:16 \| 000,155,456 \| ---- \| M] (McAfee, Inc.) [Unknown \| Stopped] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV:64bit: - [2009/11/30 19:51:18 \| 000,571,248 \| ---- \| M] (Sony Corporation) [On_Demand \| Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV:64bit: - [2009/09/04 21:35:12 \| 000,873,248 \| ---- \| M] (Broadcom Corporation.) [Auto \| Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/07/14 01:41:27 \| 001,011,712 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2011/10/12 17:06:48 \| 004,700,824 \| ---- \| M] (Symantec Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2011/08/10 10:53:46 \| 000,102,608 \| ---- \| M] (McAfee, Inc.) [Auto \| Stopped] -- C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2011/06/29 14:59:18 \| 000,155,344 \| ---- \| M] (Avanquest Software) [On_Demand \| Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion) SRV - [2011/02/28 17:44:14 \| 000,183,560 \| ---- \| M] (Microsoft Corporation.) [On_Demand \| Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 09:46:22 \| 000,249,648 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/09/10 19:06:56 \| 000,348,160 \| ---- \| M] () [On_Demand \| Stopped] -- C:\Windows\SysWOW64\GSService.exe -- (GSService) SRV - [2010/09/10 18:14:22 \| 000,245,760 \| ---- \| M] (SMServer) [On_Demand \| Stopped] -- C:\Windows\SysWOW64\snmvtsvc.exe -- (SMServer) SRV - [2010/06/10 05:58:32 \| 000,865,832 \| ---- \| M] (McAfee, Inc.) [Auto \| Running] -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2010/05/28 10:14:24 \| 000,205,168 \| ---- \| M] (Sony Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010/03/18 12:16:28 \| 000,130,384 \| ---- \| M] (Microsoft Corporation) [Auto \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 10:19:26 \| 000,113,152 \| ---- \| M] (ArcSoft Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010/02/17 14:53:26 \| 000,606,736 \| ---- \| M] (McAfee, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009/12/14 20:06:24 \| 002,320,920 \| ---- \| M] (Intel Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009/12/14 20:06:08 \| 000,268,824 \| ---- \| M] (Intel Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009/11/20 23:25:24 \| 000,013,336 \| ---- \| M] (Intel Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009/10/27 10:19:46 \| 000,895,696 \| ---- \| M] (McAfee, Inc.) [Auto \| Running] -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/10/24 03:18:54 \| 000,360,224 \| ---- \| M] (Sony Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009/10/15 16:34:36 \| 000,427,304 \| ---- \| M] (Sony Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2009/10/15 16:34:36 \| 000,091,432 \| ---- \| M] (Sony Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr) SRV - [2009/10/15 16:34:36 \| 000,075,048 \| ---- \| M] (Sony Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2009/10/15 16:34:34 \| 000,120,104 \| ---- \| M] (Sony Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2009/10/15 16:34:34 \| 000,070,952 \| ---- \| M] (Sony Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr) SRV - [2009/10/02 12:02:56 \| 000,026,640 \| ---- \| M] (McAfee, Inc.) [Auto \| Stopped] -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service) SRV - [2009/09/14 19:24:08 \| 000,206,336 \| ---- \| M] (Sony Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009/09/14 19:24:08 \| 000,069,632 \| ---- \| M] (Sony Corporation) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009/09/14 18:53:48 \| 000,642,416 \| ---- \| M] (Sony Corporation) [Auto \| Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2009/08/31 01:59:30 \| 000,362,992 \| ---- \| M] (Sonic Solutions) [Auto \| Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009/08/31 01:59:18 \| 000,313,840 \| ---- \| M] (Sonic Solutions) [On_Demand \| Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009/07/08 10:54:34 \| 000,359,952 \| ---- \| M] (McAfee, Inc.) [Auto \| Stopped] -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009/07/07 18:10:02 \| 002,482,848 \| ---- \| M] (McAfee, Inc.) [Auto \| Stopped] -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2009/06/10 21:23:09 \| 000,066,384 \| ---- \| M] (Microsoft Corporation) [Disabled \| Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/06 18:53:50 \| 001,220,608 \| ---- \| M] (MAGIX AG) [Unknown \| Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008/12/05 13:07:06 \| 000,935,208 \| ---- \| M] (Nero AG) [Auto \| Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008/12/05 13:06:42 \| 000,081,920 \| ---- \| M] (Prolific Technology Inc.) [Auto \| Stopped] -- C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe -- (PLFlash DeviceIoControl Service) SRV - [2008/09/18 10:59:10 \| 000,104,960 \| ---- \| M] (ArcSoft, Inc.) [Auto \| Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2008/08/07 11:10:02 \| 003,276,800 \| ---- \| M] (MAGIX®) [On_Demand \| Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007/12/17 03:00:00 \| 000,163,840 \| ---- \| M] (SEIKO EPSON CORPORATION) [Auto \| Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) SRV - [2007/01/11 03:02:00 \| 000,126,464 \| ---- \| M] (SEIKO EPSON CORPORATION) [Auto \| Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2011/09/06 21:38:18 \| 000,601,944 \| ---- \| M] (AVAST Software) [File_System \| System \| Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2011/09/06 21:38:16 \| 000,301,912 \| ---- \| M] (AVAST Software) [Kernel \| System \| Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2011/09/06 21:36:41 \| 000,058,200 \| ---- \| M] (AVAST Software) [Kernel \| System \| Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2011/09/06 21:36:41 \| 000,042,328 \| ---- \| M] (AVAST Software) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr) DRV:64bit: - [2011/09/06 21:36:30 \| 000,065,368 \| ---- \| M] (AVAST Software) [File_System \| Auto \| Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011/09/06 21:36:14 \| 000,024,408 \| ---- \| M] (AVAST Software) [File_System \| Auto \| Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2011/07/22 16:26:56 \| 000,014,928 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel \| System \| Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV) DRV:64bit: - [2011/07/12 21:55:18 \| 000,012,368 \| ---- \| M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel \| System \| Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL) DRV:64bit: - [2011/05/10 07:06:08 \| 000,051,712 \| ---- \| M] (Apple, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/04/27 15:25:24 \| 000,084,864 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2011/03/11 06:41:12 \| 000,107,904 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 06:41:12 \| 000,027,008 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 13:33:35 \| 000,078,720 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 11:07:05 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 09:37:42 \| 000,109,056 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/09/23 00:36:48 \| 000,048,488 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/09/12 21:14:01 \| 000,021,200 \| ---- \| M] (EnTech Taiwan) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TVicHW64.sys -- (TVICHW64) DRV:64bit: - [2010/09/11 07:30:24 \| 000,033,848 \| ---- \| M] (Windows (R) Codename Longhorn DDK provider) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\TuneConvertAudio.sys -- (TuneConvertAudio) DRV:64bit: - [2010/07/16 00:45:42 \| 000,035,344 \| ---- \| M] (CACE Technologies, Inc.) [Kernel \| Auto \| Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (npf) DRV:64bit: - [2010/07/15 14:18:22 \| 000,176,144 \| ---- \| M] (McAfee, Inc.) [Kernel \| System \| Running] -- C:\Windows\SysNative\drivers\Mpfp.sys -- (MPFP) DRV:64bit: - [2010/06/02 21:15:22 \| 000,244,736 \| ---- \| M] (Intel(R) Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010/06/02 21:15:14 \| 007,841,568 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/04/27 18:40:40 \| 000,055,856 \| ---- \| M] (Sonic Solutions) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/02/17 15:52:42 \| 000,308,296 \| ---- \| M] (McAfee, Inc.) [Kernel \| System \| Stopped] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2010/02/17 15:52:42 \| 000,102,472 \| ---- \| M] (McAfee, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2010/02/17 15:52:42 \| 000,049,480 \| ---- \| M] (McAfee, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk) DRV:64bit: - [2010/02/17 15:45:32 \| 000,040,904 \| ---- \| M] (McAfee, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk) DRV:64bit: - [2009/12/24 20:06:08 \| 006,106,624 \| ---- \| M] (ATI Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/12/14 20:06:07 \| 000,056,344 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009/11/20 23:09:48 \| 000,537,112 \| ---- \| M] (Intel Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/11/18 04:30:44 \| 000,021,160 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/11/18 04:30:32 \| 000,132,648 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/11/18 04:30:32 \| 000,098,344 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/11/18 04:30:21 \| 000,052,264 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009/11/18 04:23:46 \| 000,035,104 \| ---- \| M] (Broadcom Corporation.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009/11/13 20:08:21 \| 000,151,936 \| ---- \| M] (Intel Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009/11/12 20:16:19 \| 000,395,264 \| ---- \| M] () [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/11/12 20:06:44 \| 001,542,656 \| ---- \| M] (Atheros Communications, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/11/06 20:27:30 \| 000,093,696 \| ---- \| M] (REDC) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2009/11/04 09:59:59 \| 000,253,488 \| ---- \| M] (Alps Electric Co., Ltd.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2009/09/15 20:09:08 \| 000,075,776 \| ---- \| M] (REDC) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2009/08/19 20:09:21 \| 000,011,392 \| ---- \| M] (Sony Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009/07/14 01:52:20 \| 000,194,128 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 01:48:04 \| 000,065,600 \| ---- \| M] (LSI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 01:45:55 \| 000,024,656 \| ---- \| M] (Promise Technology) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 20:34:33 \| 003,286,016 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 20:34:28 \| 000,468,480 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 20:34:23 \| 000,270,848 \| ---- \| M] (Broadcom Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 20:31:59 \| 000,031,232 \| ---- \| M] (Hauppauge Computer Works, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/26 14:32:04 \| 000,019,968 \| ---- \| M] (ArcSoft, Inc.) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2009/05/18 12:17:08 \| 000,034,152 \| ---- \| M] (GEAR Software Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/14 01:19:10 \| 000,019,008 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = »www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = »www.google.com/ig/redirectdomain···mod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.google.com/ig/redirectdomain···mod=EU01 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: c:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Creative Software Inc) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2011/11/14 07:55:56 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/04 21:07:23 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/29 21:24:00 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/11/28 23:12:46 \| 000,000,000 \| ---D \| M] [2012/01/18 19:09:51 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\mozilla\Extensions [2012/01/19 07:53:02 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/11/13 15:14:58 \| 000,000,000 \| ---D \| M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011/11/29 21:23:53 \| 000,134,104 \| ---- \| M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/05/04 03:52:23 \| 000,476,904 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/10/22 12:52:42 \| 000,001,538 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml [2011/10/22 12:52:42 \| 000,002,252 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/10/22 12:52:42 \| 000,000,947 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml [2011/10/22 12:52:42 \| 000,001,180 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml [2010/11/13 19:59:54 \| 000,002,027 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2011/10/22 12:52:42 \| 000,001,135 \| ---- \| M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009/06/10 21:00:26 \| 000,000,824 \| ---- \| M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll () O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll (Vertro) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files (x86)\McAfee\MSK\mskapbho.dll () O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Vertro) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - {F2AC3706-19B2-45D5-A3D0-B6FB9C1A7849} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [atwtusb] C:\Windows\SysWow64\ATWTUSB.EXE () O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [McENUI] C:\Program Files (x86)\McAfee\MHN\McENUI.exe (McAfee, Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero BackItUp 4\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [NortonOnlineBackup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Movie_Edit_Pro_16_Plus\Trayserver.exe (MAGIX AG) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} »trial.trymicrosoftoffice.com/tri···rc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD0B22D-C026-4940-9700-1362E8BA5673}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB67E911-867D-4C13-AE00-E3C7ECA0A89B}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012/01/18 21:09:18 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Malwarebytes [2012/01/18 21:09:03 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/18 21:08:56 \| 000,023,152 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/01/18 20:39:19 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Macromedia [2012/01/18 19:14:40 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Adobe [2012/01/18 19:10:19 \| 000,000,000 \| ---D \| C] -- C:\Windows\Sun [2012/01/18 19:09:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Mozilla [2012/01/18 19:09:45 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Local\Mozilla [2012/01/10 21:22:24 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Local\Sony_Corporation [2012/01/10 21:22:24 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Nero [2012/01/10 21:22:18 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Intel Corporation [2012/01/10 21:22:15 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Apple Computer [2012/01/10 21:22:13 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Local\Apple Computer [2012/01/10 21:18:27 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/01/10 21:18:27 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\Searches [2012/01/10 21:18:27 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012/01/10 21:18:26 \| 000,000,000 \| -H-D \| C] -- C:\Users\Tom New.Tom-VAIO.002\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2012/01/10 21:18:09 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Identities [2012/01/10 21:17:58 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\Contacts [2012/01/10 21:17:12 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Sony Corporation [2012/01/10 21:17:11 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Local\VirtualStore [2012/01/10 21:11:40 \| 000,000,000 \| --SD \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Microsoft [2012/01/10 21:11:40 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\Videos [2012/01/10 21:11:40 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\Saved Games [2012/01/10 21:11:40 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\Pictures [2012/01/10 21:11:40 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\Music [2012/01/10 21:11:40 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012/01/10 21:11:40 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\Links [2012/01/10 21:11:40 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\Favorites [2012/01/10 21:11:40 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\Downloads [2012/01/10 21:11:40 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\Documents [2012/01/10 21:11:40 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\Desktop [2012/01/10 21:11:40 \| 000,000,000 \| R--D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Local\Temporary Internet Files [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\Templates [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\Start Menu [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\SendTo [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\Recent [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\PrintHood [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\NetHood [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\Documents\My Videos [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\Documents\My Pictures [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\Documents\My Music [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\My Documents [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\Local Settings [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Local\History [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\Cookies [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\Application Data [2012/01/10 21:11:40 \| 000,000,000 \| -HSD \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Local\Application Data [2012/01/10 21:11:40 \| 000,000,000 \| -H-D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData [2012/01/10 21:11:40 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Local\Temp [2012/01/10 21:11:40 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Local\Sony Corporation [2012/01/10 21:11:40 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Local\Microsoft Help [2012/01/10 21:11:40 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Local\Microsoft [2012/01/10 21:11:40 \| 000,000,000 \| ---D \| C] -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Media Center Programs [2012/01/07 17:28:56 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Bonjour [2012/01/07 17:28:56 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Bonjour [2012/01/04 19:43:24 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\SUPERAntiSpyware.com [2012/01/02 19:16:48 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\boost_interprocess [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012/01/21 14:57:45 \| 000,052,262 \| ---- \| M] () -- C:\Windows\SysNative\Config.MPF [2012/01/21 14:56:33 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2012/01/21 14:56:14 \| 2955,485,184 \| -HS- \| M] () -- C:\hiberfil.sys [2012/01/19 23:01:00 \| 000,000,912 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/01/19 22:01:00 \| 000,000,908 \| ---- \| M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/01/19 18:29:02 \| 000,000,494 \| -H-- \| M] () -- C:\Windows\tasks\Norton Security Scan for Tom.job [2012/01/18 21:09:04 \| 000,001,109 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/18 21:04:14 \| 000,013,872 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/18 21:04:14 \| 000,013,872 \| -H-- \| M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/18 21:00:30 \| 000,001,998 \| ---- \| M] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk [2012/01/18 19:14:24 \| 000,001,437 \| ---- \| M] () -- C:\Users\Tom New.Tom-VAIO.002\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/01/07 17:29:52 \| 000,002,491 \| ---- \| M] () -- C:\Users\Public\Desktop\Safari.lnk [2012/01/04 23:17:59 \| 000,322,272 \| ---- \| M] () -- C:\test.xml [2012/01/04 21:26:07 \| 000,630,948 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2012/01/04 21:26:07 \| 000,112,000 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2012/01/04 21:26:06 \| 000,729,820 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012/01/18 21:09:04 \| 000,001,109 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/01/18 21:00:30 \| 000,001,998 \| ---- \| C] () -- C:\Users\Public\Desktop\Norton Online Backup.lnk [2012/01/18 19:14:24 \| 000,001,437 \| ---- \| C] () -- C:\Users\Tom New.Tom-VAIO.002\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/01/10 21:19:52 \| 000,001,409 \| ---- \| C] () -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012/01/10 21:18:59 \| 000,001,443 \| ---- \| C] () -- C:\Users\Tom New.Tom-VAIO.002\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/01/10 21:11:40 \| 000,002,178 \| ---- \| C] () -- C:\Users\Tom New.Tom-VAIO.002\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/01/10 21:11:40 \| 000,000,290 \| ---- \| C] () -- C:\Users\Tom New.Tom-VAIO.002\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2012/01/10 21:11:40 \| 000,000,272 \| ---- \| C] () -- C:\Users\Tom New.Tom-VAIO.002\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2012/01/07 17:29:52 \| 000,002,491 \| ---- \| C] () -- C:\Users\Public\Desktop\Safari.lnk [2011/11/13 15:48:50 \| 000,735,282 \| ---- \| C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/04 18:51:10 \| 000,007,103 \| ---- \| C] () -- C:\Windows\mgxoschk.ini [2010/11/04 18:21:40 \| 000,120,200 \| ---- \| C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2010/10/17 22:08:29 \| 000,007,680 \| ---- \| C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010/10/17 22:07:26 \| 000,348,160 \| ---- \| C] () -- C:\Windows\SysWow64\GSService.exe [2010/07/16 00:45:44 \| 000,053,299 \| ---- \| C] () -- C:\Windows\SysWow64\pthreadVC.dll [2010/06/05 21:32:44 \| 000,819,200 \| ---- \| C] () -- C:\Windows\SysWow64\xvidcore.dll [2010/06/05 21:32:44 \| 000,180,224 \| ---- \| C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010/06/03 21:41:50 \| 000,294,912 \| ---- \| C] () -- C:\Windows\SysWow64\ATWTUSB.EXE [2010/06/03 21:41:50 \| 000,090,112 \| ---- \| C] () -- C:\Windows\RmTablet.exe [2010/06/03 21:41:50 \| 000,049,152 \| ---- \| C] () -- C:\Windows\SysWow64\Funckey.dll [2010/06/03 21:41:49 \| 000,003,707 \| ---- \| C] () -- C:\Windows\aiptbl.ini [2010/06/03 21:37:03 \| 000,003,996 \| ---- \| C] () -- C:\Windows\ULEAD32.INI [2010/06/02 22:28:01 \| 000,000,221 \| -H-- \| C] () -- C:\ProgramData\MusicStation.xml [2010/06/02 21:15:14 \| 000,051,068 \| ---- \| C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010/01/23 02:10:35 \| 000,002,119 \| ---- \| C] () -- C:\Windows\SysWow64\McOEMAppRules.dat [2009/12/25 22:42:29 \| 000,000,000 \| ---- \| C] () -- C:\Windows\ativpsrm.bin [2009/12/25 22:42:29 \| 000,000,000 \| ---- \| C] () -- C:\Windows\ativpsrm(21112).bin [2009/12/25 20:13:58 \| 000,208,896 \| ---- \| C] () -- C:\Windows\SysWow64\iglhsip32.dll [2009/12/25 20:13:58 \| 000,143,360 \| ---- \| C] () -- C:\Windows\SysWow64\iglhcp32.dll [2009/12/25 20:13:57 \| 000,870,544 \| ---- \| C] () -- C:\Windows\SysWow64\igkrng575.bin [2009/12/25 20:13:49 \| 000,127,896 \| ---- \| C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2009/12/25 20:13:20 \| 000,028,732 \| ---- \| C] () -- C:\Windows\SysWow64\ativvsny.dat [2009/12/25 20:13:20 \| 000,026,936 \| ---- \| C] () -- C:\Windows\SysWow64\ativvsnl.dat [2009/07/14 05:38:36 \| 000,067,584 \| --S- \| C] () -- C:\Windows\bootstat.dat [2009/07/14 02:35:51 \| 000,000,741 \| ---- \| C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 02:35:42 \| 000,001,405 \| ---- \| C] () -- C:\Windows\msdfmap(21334).ini [2009/07/14 02:34:42 \| 000,215,943 \| ---- \| C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 00:10:29 \| 000,043,131 \| ---- \| C] () -- C:\Windows\mib.bin [2009/07/14 00:10:29 \| 000,043,131 \| ---- \| C] () -- C:\Windows\mib(21317).bin [2009/07/13 23:42:10 \| 000,064,000 \| ---- \| C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 21:03:59 \| 000,364,544 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 21:26:10 \| 000,673,088 \| ---- \| C] () -- C:\Windows\SysWow64\mlang.dat [2004/12/02 14:20:12 \| 000,114,688 \| ---- \| C] () -- C:\Windows\SysWow64\TosBtAcc.dll [2004/09/22 09:09:06 \| 000,065,536 \| ---- \| C] () -- C:\Windows\SysWow64\TosCommAPI.dll [2004/07/20 16:04:02 \| 000,094,208 \| ---- \| C] () -- C:\Windows\SysWow64\TosBtHcrpAPI.dll [2004/01/15 13:43:28 \| 000,114,688 \| ---- \| C] () -- C:\Windows\SysWow64\TBTMonUI.dll [2003/07/29 14:33:26 \| 000,061,440 \| ---- \| C] () -- C:\Windows\SysWow64\TosHidAPI.dll [color=#E56717]========== LOP Check ==========[/color] [2011/09/15 16:49:25 \| 000,000,372 \| ---- \| M] () -- C:\Windows\Tasks\McDefragTask.job [2011/01/01 15:51:13 \| 000,000,348 \| ---- \| M] () -- C:\Windows\Tasks\McQcTask.job [2011/12/09 16:13:31 \| 000,032,620 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] Results of screen317's Security Check version 0.99.24 Windows 7 x64 (UAC is enabled) Internet Explorer 9 `````````````````````````````` [u]Antivirus/Firewall Check:[/u] [color=red]Windows Security Center service is not running! This report may not be accurate![/color] Windows Firewall Enabled! avast! Free Antivirus McAfee SecurityCenter [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] ``````````````````````````````` [u]Anti-malware/Other Utilities Check:[/u] Java(TM) 6 Update 26 [color=red]Out of date Java installed![/color] Adobe Flash Player ( 10.0.32.18) [color=red]Flash Player Out of Date![/color] ```````````````````````````````` Process Check: [u]objlist.exe by Laurent[/u] Windows Defender MSMpEng.exe Microsoft Security Client Antimalware MsMpEng.exe ``````````End of Log```````````` ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=c0d91cd85ac1f24db0463fe8ff72c408 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-01-21 06:40:46 # local_time=2012-01-21 06:40:46 (+0000, GMT Standard Time) # country="United Kingdom" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5121 16776574 100 82 47109185 80109814 0 0 # compatibility_mode=5893 16776574 100 94 1360479 79626540 0 0 # compatibility_mode=8192 67108863 100 0 5720 5720 0 0 # scanned=350482 # found=0 # cleaned=0 # scan_time=9757 Thank you so much in advance
	to forum · permalink · 2012-01-22 11:44:58 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to Jangofett9 The OTL log was from Safe Mode. I would prefer it in normal mode. Reboot in normal mode, run OTL and post the new log in this thread. Note that there will not be a new Extras log. Also, it appears as if you are running both McAfee and Avast (free) at the same time. Was this your intention? -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-01-22 11:53:32 ·
Jangofett9 @sky.com	I have tried several times to run OTL in Normal Mode, it jus't doesn't seem to load up. I've left it for 6 hours this afternoon, yet still nothing. In regards to the Anti-virus programmes, MCafee is what originally came with my laptop and I renewed it last year. However when my computer became infected I downloaded Avast! to see if it could find anything different as McAfee did not seem to pick anything up or if it did the computer would freeze when I tried to remove it. Here is the McAfee report: 13/11/2010 20:34:58 Scan Started: 11/13/2010 08:34:58 PM 13/11/2010 20:38:37 Total objects scanned: 6010 13/11/2010 20:38:37 Objects detected: 0 13/11/2010 20:38:37 Scan Done: 11/13/2010 08:38:37 PM 01/01/2011 19:52:06 Scan Started: 01/01/2011 07:52:06 PM 01/01/2011 19:53:16 "C:\Program Files (x86)\Adparatus\Adparatus.exe" "Artemis!67832FDB20EE" "10" 01/01/2011 20:06:14 "C:\Program Files (x86)\Adparatus\Adparatus.exe" "Artemis!67832FDB20EE" "5" 01/01/2011 20:38:12 "C:\Users\Tom\access.exe" "Artemis!A90A6E4D5EC1" "5" 01/01/2011 20:38:12 "C:\Users\Tom\access1.exe" "Artemis!A90A6E4D5EC1" "5" 01/01/2011 20:42:47 "C:\Users\Tom\AppData\Local\Temp\ajk2DCA.tmp" "Adware-Mirar" "5" 01/01/2011 20:42:47 "C:\Users\Tom\AppData\Local\Temp\ajk2DCA.tmp" "Adware-Mirar" "5" 01/01/2011 20:42:58 "C:\Users\Tom\AppData\Local\Temp\kkp4A10.tmp" "Adware-Mirar" "5" 01/01/2011 20:42:58 "C:\Users\Tom\AppData\Local\Temp\kkp4A10.tmp" "Adware-Mirar" "5" 01/01/2011 20:42:59 "C:\USERS\TOM\APPDATA\LOCAL\TEMP\NEH8D92.TMP" "Artemis!0B27574ED8B0" "5" 01/01/2011 20:42:59 "C:\Users\Tom\AppData\Local\Temp\neh8D92.tmp" "Artemis!0B27574ED8B0" "5" 01/01/2011 21:29:54 "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOLY88IY\upgrade[1].cab" "Adware-OneStep.a" "5" 01/01/2011 21:29:56 "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOLY88IY\upgrade[3].cab" "Artemis!ADA4F825FDB2" "5" 01/01/2011 21:29:56 "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOLY88IY\upgrade[3].cab" "Artemis!4B14AD5A3B2F" "5" 01/01/2011 21:29:56 "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2U3AEND\upgrade[1].cab" "Adware-OneStep.a" "5" 01/01/2011 21:29:57 "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2U3AEND\upgrade[1].cab" "Artemis!A504FC1725EE" "5" 01/01/2011 21:29:57 "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2U3AEND\upgrade[1].cab" "Generic PUP.x!ej" "5" 01/01/2011 21:29:57 "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6S2P384\upgrade[1].cab" "Adware-OneStep.a" "5" 01/01/2011 21:29:58 "C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X6S2P384\upgrade[1].cab" "Artemis!08984F7FF67C" "5" 01/01/2011 21:30:48 "C:\Windows\Temp\SPA19D6.tmp\upgrade.exe" "Adware-OneStep.a" "5" 01/01/2011 21:30:48 "C:\Windows\Temp\SPA19D6.tmp\upgrade.exe" "Artemis!A504FC1725EE" "5" 01/01/2011 21:30:48 "C:\Windows\Temp\SPA19D6.tmp\upgrade.exe" "Generic PUP.x!ej" "5" 01/01/2011 21:30:48 "C:\Windows\Temp\SPA7BA6.tmp\upgrade.exe" "Adware-OneStep.a" "5" 01/01/2011 21:30:50 "C:\Windows\Temp\SPAAFA0.tmp\upgrade.exe" "Adware-OneStep.a" "5" 01/01/2011 21:30:50 "C:\Windows\Temp\SPAAFA0.tmp\upgrade.exe" "Artemis!08984F7FF67C" "5" 01/01/2011 21:30:51 "C:\Windows\Temp\SPAD863.tmp\upgrade.exe" "Artemis!ADA4F825FDB2" "5" 01/01/2011 21:30:52 "C:\Windows\Temp\SPAD863.tmp\upgrade.exe" "Artemis!4B14AD5A3B2F" "5" 01/01/2011 21:50:24 Total objects scanned: 347045 01/01/2011 21:50:24 Objects detected: 15 01/01/2011 21:50:24 Scan Done: 01/01/2011 09:50:24 PM 29/01/2011 19:30:55 Scan Started: 01/29/2011 07:30:55 PM 29/01/2011 19:38:54 Scan Started: 01/29/2011 07:38:54 PM 29/01/2011 19:39:01 Total objects scanned: 660 29/01/2011 19:39:01 Objects detected: 0 29/01/2011 19:39:01 Scan Done: 01/29/2011 07:39:01 PM 29/01/2011 19:41:45 Total objects scanned: 6013 29/01/2011 19:41:45 Objects detected: 0 29/01/2011 19:41:45 Scan Done: 01/29/2011 07:41:45 PM 03/11/2011 20:19:38 Scan Started: 11/03/2011 08:19:38 PM 03/11/2011 20:43:10 Total objects scanned: 6264 03/11/2011 20:43:10 Objects detected: 0 03/11/2011 20:43:10 Scan Done: 11/03/2011 08:43:10 PM 03/11/2011 20:44:04 Scan Started: 11/03/2011 08:44:04 PM 03/11/2011 20:46:20 Total objects scanned: 120 03/11/2011 20:46:20 Objects detected: 0 03/11/2011 20:46:20 Scan Done: 11/03/2011 08:46:20 PM 13/11/2011 15:10:20 Scan Started: 11/13/2011 03:10:20 PM 13/11/2011 16:08:17 Total objects scanned: 46162 13/11/2011 16:08:17 Objects detected: 0 13/11/2011 16:08:17 Scan Done: 11/13/2011 04:08:17 PM 15/12/2011 14:49:21 Scan Started: 12/15/2011 02:49:21 PM 15/12/2011 16:45:36 "C:\ProgramData\1kAlMiG2Kb7FzP" "FakeAlert!grb" "5" 15/12/2011 16:45:36 "C:\ProgramData\~1kAlMiG2Kb7FzP" "FakeAlert!grb" "5" 15/12/2011 16:45:36 "C:\ProgramData\~1kAlMiG2Kb7FzPr" "FakeAlert!grb" "5" 15/12/2011 18:36:17 "C:\Users\Tom\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\3b7f3f1-1a4e1a69" "Exploit-CVE2010-0840" "5" 15/12/2011 18:53:48 "C:\Users\Tom\Downloads\frostwire-4.21.1.windows.exe" "Adware-OpenCandy.dll" "5" 15/12/2011 22:18:24 Total objects scanned: 485487 15/12/2011 22:18:24 Objects detected: 5 15/12/2011 22:18:24 Scan Done: 12/15/2011 10:18:24 PM 16/12/2011 21:21:09 Scan Started: 12/16/2011 09:21:09 PM 17/12/2011 03:38:51 Total objects scanned: 490299 17/12/2011 03:38:51 Objects detected: 0 17/12/2011 03:38:51 Scan Done: 12/17/2011 03:38:51 AM 09/01/2012 20:01:22 Scan Started: 01/09/2012 08:01:22 PM 09/01/2012 20:09:35 Total objects scanned: 6197 09/01/2012 20:09:35 Objects detected: 0 09/01/2012 20:09:35 Scan Done: 01/09/2012 08:09:35 PM
	to forum · permalink · 2012-01-23 16:57:30 ·

LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to Jangofett9 Running two anti-virus programs, both providing real time protection is a recipe for disaster. Now with the situation you are in, I'm reluctant to try and remove one. Back up all your valuable data while I do some checking. Your best option is probably going to be to reformat and start over. I'll post back in the morning. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-01-23 20:58:33 ·
Jangofett9 @ntl.com	I really appreciate all your help with this. I did as most people would do when something like this happens, try to remove the problem by any means necessary. I'm annoyed that after renewing my subscription with McAfee I still picked up a Trojan/ Virus. Like I said, all of your help and support if greatly appreciated so far and all of the guidance has been fantastic. I don't know what else to say really to persuade you to continue to help me.
	to forum · permalink · 2012-01-24 04:41:12 ·
Jangofett9 @ntl.com	reply to LoPhatPhuud I'm currently running the TDSS Killer whilst I'm at work too so shall post the log from that ASAP.
	to forum · permalink · 2012-01-24 04:57:56 ·
Jangofett9 join:2012-01-24 united kingd	OK, so I have run the TDSS Killer and it has found no threats. However it will not let me right click and save the report to post here. Is this an issue at all?
	to forum · permalink · 2012-01-24 17:37:54 ·
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:23 Reviews: ·Comcast	reply to Jangofett9 It's not an issue. I went thru the logs again, and the only recommendation I can make is to backup your data, reformat and start over. Using your installed security program(s) to remove an exploit is the first thing usually done. When they fail to remove the exploit, or other symptoms still persist, or new ones develop, that's the time to ask for assistance. You've waited almost two months, installed a second anti-virus and the problems have compounded themselves. In simple terms, I believe you operating system has become unstable and possibly compromised. While the exploit(s) could be removed, the issue with a compromised OS would remain. That calls for reformat. I would derelict to not recommend reformatting. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2011 Gladiator Security Forum
	to forum · permalink · 2012-01-24 18:11:13 ·
Jangofett9 join:2012-01-24 united kingd 1 edit	Many Thanks for all your assistance in this. Now I have re-formatted
	to forum · permalink · 2012-01-26 08:50:43 ·

Broadband Tech > Security > Security Cleanup > [Trojan] Infection Report-Assistance Greatly Needed & Appreciate

Re: [Trojan] Infection Report-Assistance Greatly Needed & Apprec