Inactive Internet Explorer gets redirected and music and ads play in the background!

MarioGA · Nov 19, 2011

Hello,

A few days ago my computer got infected by a virus. I managed to get rid of most of it with Malawarebytes. However, sometimes, when I try to search using google, it redirects my search to ad pages. Also, when I use the browser, there is a constant music and voices playing in the background. I have done multiple virus scans but there's nothing found. Any suggestions of how to get rid of these problems? I will really appreciate any help.

Broni · Nov 19, 2011

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

MarioGA · Nov 20, 2011

Thank you for your response and help. I will go ahead follow your directions. I will post the results soon.

MarioGA · Nov 20, 2011

Malwarebytes Anti-Malware log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8205

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

11/20/2011 7:42:21 PM
mbam-log-2011-11-20 (19-42-21).txt

Scan type: Quick scan
Objects scanned: 192190
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

MarioGA · Nov 20, 2011

GMER log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-11-20 20:08:05
Windows 6.1.7600
Running: sqhgrc8n.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\90004eaa3818
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78aeb2eb
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\90004eaa3818 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78aeb2eb (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Users\Aj-T'zib'\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZHQ9FMFA\down[1] 0 bytes

---- EOF - GMER 1.0.15 ----

MarioGA · Nov 20, 2011

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/1/2011 3:48:35 PM
System Uptime: 11/19/2011 1:08:39 PM (31 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i5-2410M CPU @ 2.30GHz | N/A | 782/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 265.264 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP14: 11/1/2011 2:11:45 PM - Windows Update
RP15: 11/15/2011 1:51:31 PM - Removed YouTube Downloader Toolbar v4.7.
RP16: 11/15/2011 8:23:47 PM - Restore Operation
RP17: 11/15/2011 8:32:21 PM - Removed YouTube Downloader Toolbar v4.7.
RP18: 11/16/2011 11:00:34 AM - Windows Update
RP19: 11/16/2011 11:37:09 AM - Windows Update
RP20: 11/16/2011 2:59:37 PM - VAIO Care Automatic Restore Point
RP21: 11/17/2011 11:54:10 AM - Windows Update
RP22: 11/17/2011 12:20:18 PM - Windows Update
RP23: 11/18/2011 6:57:02 PM - Windows Update
RP24: 11/18/2011 8:09:33 PM - Installed STOPzilla. Available with Windows Installer version 1.2 and later.
RP25: 11/18/2011 8:17:21 PM - StopZILLA! Restore Point.
RP26: 11/18/2011 8:20:08 PM - StopZILLA! Restore Point.
RP27: 11/18/2011 9:06:05 PM - Removed STOPzilla. Available with Windows Installer version 1.2 and later.
RP28: 11/20/2011 7:03:38 PM - Windows Update
.
==== Installed Programs ======================
.
.
Adobe Acrobat 9 Standard
Adobe Acrobat 9.4.6 - CPSID_83708
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 8.0
Adobe Premiere Elements 8.0
Adobe Reader 9.4.0
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Catalyst Control Center InstallProxy
D3DX10
Evernote
Intel(R) Display Audio Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.2.1300
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MotoHelper 2.0.53 Driver 5.2.0
MotoHelper MergeModules
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
Oasis2Service
OOBE
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
PX Profile Update
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
Remote Play with PlayStation®3
Renesas Electronics USB 3.0 Host Controller Driver
Skype Toolbars
Skype™ 4.2
SmartSound Quicktracks for Premiere Elements 8.0
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Messenger
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VAIO Wireless Wizard
VLC media player 1.1.11
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
YouTube Downloader 3.4
.
==== Event Viewer Messages From Past Week ========
.
11/20/2011 7:25:44 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
11/20/2011 1:14:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.2172.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
11/20/2011 1:14:53 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.2172.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
11/19/2011 9:18:21 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.115.2172.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7801.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/19/2011 12:05:44 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/19/2011 12:05:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom PxHlpa64
11/19/2011 1:09:27 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/18/2011 9:07:23 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the szserver service.
11/18/2011 8:15:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/18/2011 10:37:52 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/17/2011 9:51:13 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 9:51:06 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2011 9:50:49 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter spldr Wanarpv6
11/17/2011 4:33:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VAIO Power Management with arguments "" in order to run the server: {422BCD28-8BFD-4E44-A9E7-99466D797ED5}
11/17/2011 4:33:34 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the VAIO Power Management service to connect.
11/17/2011 4:33:34 PM, Error: Service Control Manager [7000] - The VAIO Power Management service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/17/2011 3:33:16 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/17/2011 2:52:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
11/17/2011 2:44:20 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
11/17/2011 2:44:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/17/2011 2:44:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/17/2011 2:44:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/17/2011 2:44:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/17/2011 2:44:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom discache MpFilter PxHlpa64 spldr Wanarpv6
11/17/2011 12:09:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/17/2011 12:07:27 PM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
11/17/2011 11:16:18 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
11/17/2011 10:00:22 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
11/17/2011 1:47:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
11/16/2011 9:39:31 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
11/16/2011 9:37:31 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/16/2011 9:37:31 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/16/2011 9:37:31 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/16/2011 9:37:31 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/16/2011 11:02:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/16/2011 11:02:05 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/15/2011 9:59:03 AM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
11/15/2011 9:59:03 AM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
11/15/2011 9:59:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
11/15/2011 7:33:32 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/15/2011 7:33:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/15/2011 7:33:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
11/15/2011 7:07:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 discache eeCtrl IDSVia64 spldr SRTSPX SymIRON SymNetS Wanarpv6
11/15/2011 2:03:46 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
11/15/2011 11:21:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.
11/14/2011 12:14:50 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
11/14/2011 1:25:32 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.
.
==== End Of File ===========================

MarioGA · Nov 20, 2011

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Aj-T'zib' at 20:14:15 on 2011-11-20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4012.1946 [GMT -8:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe"
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{9DAD77B8-A901-415E-B605-97FC1AB53D54} : DhcpNameServer = 10.100.66.1
TCP: Interfaces\{A779907B-F312-4254-B4D9-F6395D63DD3B} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A779907B-F312-4254-B4D9-F6395D63DD3B}\14E63686F62764275656 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{A779907B-F312-4254-B4D9-F6395D63DD3B}\3435C414D255E454E434259505455444 : DhcpNameServer = 10.81.28.8 10.81.60.8 130.182.1.11 130.182.1.1
TCP: Interfaces\{A779907B-F312-4254-B4D9-F6395D63DD3B}\35F66416D6 : DhcpNameServer = 68.116.46.115 24.205.192.61 24.205.224.36
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-28 13336]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-8-13 49152]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-10-9 259192]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-3-28 104960]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-3-28 2656280]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-3-28 584080]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-3-28 923024]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\drivers\nusb3hub.sys --> C:\Windows\system32\drivers\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\drivers\nusb3xhc.sys --> C:\Windows\system32\drivers\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-10-9 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-10 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-10 67952]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-27 303872]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 655088]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-21 04:10:23 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88E78759-0CBC-4602-BF2F-1134D5232B36}\offreg.dll
2011-11-21 04:10:16 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88E78759-0CBC-4602-BF2F-1134D5232B36}\mpengine.dll
2011-11-19 02:58:26 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-11-17 20:20:54 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-17 20:03:00 748336 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2011-11-17 20:03:00 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2011-11-17 20:03:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll
2011-11-17 20:03:00 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-17 20:03:00 107008 ----a-w- C:\Program Files (x86)\Internet Explorer\iecleanup.exe
2011-11-17 19:59:49 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-11-17 19:41:42 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-17 18:33:25 98816 ----a-w- C:\Windows\sed.exe
2011-11-17 18:33:25 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-17 18:33:25 256000 ----a-w- C:\Windows\PEV.exe
2011-11-17 18:33:25 208896 ----a-w- C:\Windows\MBR.exe
2011-11-17 18:32:13 -------- d-----w- C:\ComboFix
2011-11-17 10:33:21 77312 ----a-w- C:\Windows\SysWow64\ztvunace26.dll
2011-11-17 10:33:21 75264 ----a-w- C:\Windows\SysWow64\unacev2.dll
2011-11-17 10:33:21 69632 ----a-w- C:\Windows\SysWow64\ztvcabinet.dll
2011-11-17 10:33:21 162304 ----a-w- C:\Windows\SysWow64\ztvunrar36.dll
2011-11-17 10:33:21 153088 ----a-w- C:\Windows\SysWow64\UNRAR3.dll
2011-11-17 06:11:53 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-17 06:11:53 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-16 23:44:29 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-11-16 23:44:23 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2011-11-16 23:44:22 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2011-11-16 22:54:10 -------- d-----w- C:\AMD
2011-11-16 19:38:09 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{04093536-2511-4F9F-A03F-EAE074E568FB}\gapaengine.dll
2011-11-16 19:01:16 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-11-16 19:01:08 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-11-16 19:00:53 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2011-11-16 09:51:46 -------- d-----w- C:\Users\Aj-T'zib'\AppData\Local\CrashDumps
2011-11-14 09:50:16 -------- d--h--w- C:\Users\Aj-T'zib'\AppData\Local\Windows Live
2011-11-14 09:49:53 -------- d--h--w- C:\Users\Aj-T'zib'\AppData\Local\{9190F98C-F436-4ADA-8BD3-5DA5F912F272}
2011-11-14 09:41:27 -------- d-----w- C:\ProgramData\YouTube Downloader
2011-11-14 09:41:21 -------- d-----w- C:\Program Files (x86)\YouTube Downloader
2011-11-11 06:42:08 -------- d--h--w- C:\Users\Aj-T'zib'\AppData\Roaming\F1DEA
2011-11-11 06:41:53 -------- d-----w- C:\Users\Aj-T'zib'\AppData\Roaming\ZgRZZhhXwkUeOBz
2011-11-11 06:41:52 -------- d--h--w- C:\Users\Aj-T'zib'\AppData\Roaming\zD3ooFFamH5W7EL
2011-11-11 06:41:37 -------- d--h--w- C:\Users\Aj-T'zib'\AppData\Roaming\924F1
2011-11-11 06:41:36 -------- d--h--w- C:\Users\Aj-T'zib'\AppData\Roaming\QOONtxA0uc2
2011-11-11 06:41:36 -------- d--h--w- C:\Users\Aj-T'zib'\AppData\Roaming\hjeIzONtA
2011-11-11 06:41:35 -------- d--h--w- C:\Users\Aj-T'zib'\AppData\Roaming\rCCekIBrzOyx0v2
2011-11-11 06:41:34 -------- d--h--w- C:\Users\Aj-T'zib'\AppData\Roaming\y5sQQJ6dK8fR9Tw
2011-11-01 21:12:25 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E5BCBC07-5CFB-4A2C-AF07-076714A78A02}\mpengine.dll
2011-11-01 21:12:24 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-01 06:15:27 -------- d-----w- C:\Program Files\IDT
2011-11-01 06:15:13 -------- d-----w- C:\dell
2011-10-26 19:54:54 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-26 19:54:34 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-26 19:54:06 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-26 19:54:01 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-23 18:18:25 737072 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-23 18:18:03 4283672 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-23 18:17:16 42776 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-23 18:17:12 539968 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
==================== Find3M ====================
.
2011-11-17 19:59:49 470016 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-11-11 06:45:07 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-26 23:05:38 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-08-26 23:05:38 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-08-26 23:05:32 53760 ----a-w- C:\Windows\System32\OpenCL.dll
2011-08-26 23:05:30 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-08-26 23:05:24 16673280 ----a-w- C:\Windows\System32\amdocl64.dll
2011-08-26 23:05:14 12799488 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-08-26 19:14:10 9360896 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-08-26 19:11:36 23336960 ----a-w- C:\Windows\System32\atio6axx.dll
2011-08-26 18:50:38 17940992 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-08-26 18:42:38 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-08-26 18:42:32 688128 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-08-26 18:41:36 811008 ----a-w- C:\Windows\System32\aticfx64.dll
2011-08-26 18:39:52 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-08-26 18:39:48 485376 ----a-w- C:\Windows\System32\atieclxx.exe
2011-08-26 18:39:22 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-08-26 18:38:34 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-08-26 18:38:24 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-08-26 18:38:20 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-08-26 18:38:08 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-08-26 18:38:06 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-08-26 18:38:00 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-08-26 18:35:38 4219904 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-08-26 18:27:16 5008384 ----a-w- C:\Windows\System32\atidxx64.dll
2011-08-26 18:25:10 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-08-26 18:24:46 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-08-26 18:24:36 3810816 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-08-26 18:22:40 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-08-26 18:22:38 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-08-26 18:22:34 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-08-26 18:22:32 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-08-26 18:22:26 8489472 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-08-26 18:18:58 6847488 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-08-26 18:18:06 4330496 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-08-26 18:16:24 4017152 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-08-26 18:14:58 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-08-26 18:12:54 5486592 ----a-w- C:\Windows\System32\atiumd64.dll
2011-08-26 18:07:04 366592 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-08-26 18:07:00 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-08-26 18:06:54 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-08-26 18:06:52 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-08-26 18:06:50 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-08-26 18:06:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-08-26 18:06:40 309760 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-08-26 18:06:06 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-08-26 18:06:02 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-08-26 18:05:58 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-08-26 18:05:52 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-08-26 18:05:26 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-08-26 18:05:26 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-08-26 18:05:22 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-08-26 18:05:14 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-08-26 18:05:14 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
.
============= FINISH: 20:22:27.38 ===============

Broni · Nov 21, 2011

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:

On completion of the scan click "Save log", save it to your desktop and post in your next reply:

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=========================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

MarioGA · Nov 21, 2011

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-20 21:49:15
-----------------------------
21:49:15.216 OS Version: Windows x64 6.1.7600
21:49:15.219 Number of processors: 4 586 0x2A07
21:49:15.221 ComputerName: AJ-TZIB-VAIO UserName: Aj-T'zib'
21:49:19.053 Initialize success
22:02:48.132 AVAST engine defs: 11112001
22:03:16.792 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:03:16.799 Disk 0 Vendor: TOSHIBA_ GH01 Size: 476940MB BusType: 3
22:03:16.840 Disk 0 MBR read successfully
22:03:16.923 Disk 0 MBR scan
22:03:16.937 Disk 0 Windows 7 default MBR code
22:03:16.946 Service scanning
22:03:17.760 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
22:03:18.695 Modules scanning
22:03:18.702 Disk 0 trace - called modules:
22:03:18.728 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8006c06334]<<
22:03:18.770 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006bf3060]
22:03:18.777 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8004ce62b0]
22:03:18.783 5 ACPI.sys[fffff88000d7b781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004d7d050]
22:03:18.794 \Driver\iaStor[0xfffffa8004c22e70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8006c06334
22:03:20.635 AVAST engine scan C:\Windows
22:03:27.181 AVAST engine scan C:\Windows\system32
22:07:15.693 AVAST engine scan C:\Windows\system32\drivers
22:07:33.405 AVAST engine scan C:\Users\Aj-T'zib'
22:14:49.053 AVAST engine scan C:\ProgramData
22:18:01.529 Scan finished successfully
22:21:36.710 Disk 0 MBR has been saved successfully to "C:\Users\Aj-T'zib'\Desktop\MBR.dat"
22:21:36.722 The log file has been saved successfully to "C:\Users\Aj-T'zib'\Desktop\aswMBR.txt"

MarioGA · Nov 21, 2011

ComboFix 11-11-20.02 - Aj-T'zib' 11/20/2011 22:39:24.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4012.1782 [GMT -8:00]
Running from: c:\users\Aj-T'zib'\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-21 to 2011-11-21 )))))))))))))))))))))))))))))))
.
.
2011-11-21 07:11 . 2011-11-21 07:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-21 07:11 . 2011-11-21 07:11 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2011-11-21 04:25 . 2011-11-21 04:25 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E02F03C-EF66-4195-9DBA-405BB7F21B86}\offreg.dll
2011-11-21 04:25 . 2011-10-07 05:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E02F03C-EF66-4195-9DBA-405BB7F21B86}\mpengine.dll
2011-11-19 02:58 . 2011-11-19 02:58 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-17 20:20 . 2011-10-07 05:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-17 20:03 . 2011-11-17 20:03 748336 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2011-11-17 20:03 . 2011-11-17 20:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-17 20:03 . 2011-11-17 20:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-17 20:03 . 2011-11-17 20:03 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-17 20:03 . 2011-11-17 20:03 107008 ----a-w- c:\program files (x86)\Internet Explorer\iecleanup.exe
2011-11-17 19:59 . 2011-11-17 19:59 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-11-17 10:33 . 2006-06-19 21:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2011-11-17 10:33 . 2006-05-25 23:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2011-11-17 10:33 . 2005-08-26 09:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2011-11-17 10:33 . 2003-02-03 04:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2011-11-17 10:33 . 2002-03-06 09:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2011-11-17 06:11 . 2011-11-19 05:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-17 06:11 . 2011-11-19 05:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-16 23:44 . 2011-11-16 23:44 -------- d-----w- c:\program files (x86)\AMD APP
2011-11-16 23:44 . 2011-11-16 23:44 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-11-16 23:44 . 2011-11-16 23:44 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-11-16 22:54 . 2011-11-16 22:54 -------- d-----w- C:\AMD
2011-11-16 19:38 . 2011-11-16 19:37 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04093536-2511-4F9F-A03F-EAE074E568FB}\gapaengine.dll
2011-11-16 19:01 . 2011-11-16 19:01 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-16 19:01 . 2011-11-16 19:01 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-16 19:00 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-16 09:51 . 2011-11-21 06:27 -------- d-----w- c:\users\Aj-T'zib'\AppData\Local\CrashDumps
2011-11-14 09:50 . 2011-11-14 09:50 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Local\Windows Live
2011-11-14 09:41 . 2011-11-14 09:41 -------- d-----w- c:\programdata\YouTube Downloader
2011-11-14 09:41 . 2011-11-14 09:41 -------- d-----w- c:\program files (x86)\YouTube Downloader
2011-11-11 06:42 . 2011-11-11 18:47 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\F1DEA
2011-11-11 06:41 . 2011-11-16 04:27 -------- d-----w- c:\users\Aj-T'zib'\AppData\Roaming\ZgRZZhhXwkUeOBz
2011-11-11 06:41 . 2011-11-11 06:41 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\zD3ooFFamH5W7EL
2011-11-11 06:41 . 2011-11-11 18:14 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\924F1
2011-11-11 06:41 . 2011-11-11 07:18 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\hjeIzONtA
2011-11-11 06:41 . 2011-11-11 06:41 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\QOONtxA0uc2
2011-11-11 06:41 . 2011-11-11 06:41 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\rCCekIBrzOyx0v2
2011-11-11 06:41 . 2011-11-11 06:41 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\y5sQQJ6dK8fR9Tw
2011-11-01 21:12 . 2011-10-18 09:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5BCBC07-5CFB-4A2C-AF07-076714A78A02}\mpengine.dll
2011-11-01 21:12 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-01 06:15 . 2011-11-01 06:15 -------- d-----w- c:\program files\IDT
2011-11-01 06:15 . 2011-11-01 06:15 -------- d-----w- C:\dell
2011-10-26 19:54 . 2011-10-26 19:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-26 19:54 . 2011-10-26 19:54 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-26 19:54 . 2011-10-26 19:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-26 19:54 . 2011-10-26 19:54 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-23 18:18 . 2011-11-11 17:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-23 18:18 . 2011-10-23 18:18 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-23 18:17 . 2011-10-23 18:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-23 18:17 . 2011-10-23 18:17 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 06:45 . 2011-10-09 18:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 22:49 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-26 23:05 . 2011-08-26 23:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-08-26 23:05 . 2011-08-26 23:05 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-08-26 23:05 . 2011-08-26 23:05 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-26 23:05 . 2011-08-26 23:05 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-26 23:05 . 2011-08-26 23:05 16673280 ----a-w- c:\windows\system32\amdocl64.dll
2011-08-26 23:05 . 2011-08-26 23:05 12799488 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-08-26 18:07 . 2011-01-14 08:20 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-17_19.17.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-17 20:02 . 2011-11-17 20:02 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 54272 c:\windows\SysWOW64\pngfilt.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 48640 c:\windows\SysWOW64\mshtmler.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 72704 c:\windows\SysWOW64\mshtmled.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 11776 c:\windows\SysWOW64\mshta.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 10752 c:\windows\SysWOW64\msfeedssync.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 41472 c:\windows\SysWOW64\msfeedsbs.dll
+ 2011-11-17 20:03 . 2011-11-17 20:03 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 23552 c:\windows\SysWOW64\licmgr10.dll
+ 2011-11-17 20:03 . 2011-11-17 20:03 65024 c:\windows\SysWOW64\jsproxy.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 78848 c:\windows\SysWOW64\inseng.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 35840 c:\windows\SysWOW64\imgutil.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 86528 c:\windows\SysWOW64\iesysprep.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 74752 c:\windows\SysWOW64\iesetup.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 31744 c:\windows\SysWOW64\iernonce.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 74240 c:\windows\SysWOW64\ie4uinit.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 66048 c:\windows\SysWOW64\icardie.dll
+ 2010-08-31 19:09 . 2011-11-19 21:10 48736 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-19 21:10 36806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-17 20:02 . 2011-11-17 20:02 91648 c:\windows\system32\SetIEInstalledDate.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 89088 c:\windows\system32\RegisterIEPKEYs.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 65024 c:\windows\system32\pngfilt.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 48640 c:\windows\system32\mshtmler.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 96256 c:\windows\system32\mshtmled.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 12288 c:\windows\system32\mshta.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 10752 c:\windows\system32\msfeedssync.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 55296 c:\windows\system32\msfeedsbs.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 86528 c:\windows\system32\migration\WininetPlugin.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 30720 c:\windows\system32\licmgr10.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 85504 c:\windows\system32\jsproxy.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 49664 c:\windows\system32\imgutil.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 85504 c:\windows\system32\iesetup.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 39936 c:\windows\system32\iernonce.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 89088 c:\windows\system32\ie4uinit.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 82432 c:\windows\system32\icardie.dll
- 2011-03-28 13:53 . 2011-11-17 18:17 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-28 13:53 . 2011-11-21 04:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-28 13:53 . 2011-11-17 18:17 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-28 13:53 . 2011-11-21 04:46 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-21 04:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-17 18:17 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-11-19 08:12 80736 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-10-01 22:47 . 2011-11-17 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-01 22:47 . 2011-11-17 19:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-01 22:47 . 2011-11-17 19:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-01 22:47 . 2011-11-17 20:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-01 22:50 . 2011-11-19 21:10 4332 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1471082805-2386370728-3380099341-1005_UserData.bin
- 2011-11-17 18:00 . 2011-11-17 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-19 21:08 . 2011-11-19 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-19 21:08 . 2011-11-19 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-17 18:00 . 2011-11-17 18:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 00:15 . 2009-07-14 01:16 135168 c:\windows\SysWOW64\XpsRasterService.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 135168 c:\windows\SysWOW64\XpsRasterService.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 442880 c:\windows\SysWOW64\XpsPrint.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 283648 c:\windows\SysWOW64\XpsGdiConverter.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 152064 c:\windows\SysWOW64\wextract.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 203776 c:\windows\SysWOW64\webcheck.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 420864 c:\windows\SysWOW64\vbscript.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 231936 c:\windows\SysWOW64\url.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 123392 c:\windows\SysWOW64\occache.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 162304 c:\windows\SysWOW64\msrating.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 580608 c:\windows\SysWOW64\msfeeds.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 716800 c:\windows\SysWOW64\jscript.dll
- 2011-01-13 11:03 . 2011-01-13 11:03 716800 c:\windows\SysWOW64\jscript.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 150528 c:\windows\SysWOW64\iexpress.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 142848 c:\windows\SysWOW64\ieUnatt.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 176640 c:\windows\SysWOW64\ieui.dll
- 2011-01-13 11:02 . 2011-01-13 11:02 176640 c:\windows\SysWOW64\ieui.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 118784 c:\windows\SysWOW64\iepeers.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 353584 c:\windows\SysWOW64\iedkcs32.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 434176 c:\windows\SysWOW64\ieapfltr.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 163840 c:\windows\SysWOW64\ieakui.dll
- 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 227840 c:\windows\SysWOW64\ieaksie.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 130560 c:\windows\SysWOW64\ieakeng.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 110592 c:\windows\SysWOW64\IEAdvpack.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 223232 c:\windows\SysWOW64\dxtrans.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 353792 c:\windows\SysWOW64\dxtmsft.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 218624 c:\windows\SysWOW64\d3d10_1core.dll
- 2009-07-13 23:27 . 2009-07-14 01:15 161792 c:\windows\SysWOW64\d3d10_1.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 161792 c:\windows\SysWOW64\d3d10_1.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 739840 c:\windows\SysWOW64\d2d1.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 101888 c:\windows\SysWOW64\admparse.dll
- 2009-07-14 00:37 . 2009-07-14 01:41 229888 c:\windows\system32\XpsRasterService.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 229888 c:\windows\system32\XpsRasterService.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 662528 c:\windows\system32\XpsPrint.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 470016 c:\windows\system32\XpsGdiConverter.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 160256 c:\windows\system32\wextract.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 249344 c:\windows\system32\webcheck.dll
+ 2011-10-02 01:19 . 2011-11-21 05:11 263114 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2011-11-17 20:02 . 2011-11-17 20:02 603648 c:\windows\system32\vbscript.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 237056 c:\windows\system32\url.dll
+ 2009-07-14 02:36 . 2011-11-21 05:13 617460 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-11-17 18:05 617460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-21 05:13 104702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-17 18:05 104702 c:\windows\system32\perfc009.dat
+ 2011-11-17 20:02 . 2011-11-17 20:02 149504 c:\windows\system32\occache.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 197120 c:\windows\system32\msrating.dll
- 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 222208 c:\windows\system32\msls31.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 697344 c:\windows\system32\msfeeds.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 818176 c:\windows\system32\jscript.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 103936 c:\windows\system32\inseng.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 165888 c:\windows\system32\iexpress.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 173056 c:\windows\system32\ieUnatt.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 248320 c:\windows\system32\ieui.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 111616 c:\windows\system32\iesysprep.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 145920 c:\windows\system32\iepeers.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 403248 c:\windows\system32\iedkcs32.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 534528 c:\windows\system32\ieapfltr.dll
- 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 163840 c:\windows\system32\ieakui.dll
- 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 267776 c:\windows\system32\ieaksie.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 160256 c:\windows\system32\ieakeng.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 135168 c:\windows\system32\IEAdvpack.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 282112 c:\windows\system32\dxtrans.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 452608 c:\windows\system32\dxtmsft.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 265088 c:\windows\system32\drivers\dxgmms1.sys
+ 2011-11-17 19:59 . 2011-11-17 19:59 320512 c:\windows\system32\d3d10_1core.dll
- 2009-07-13 23:41 . 2009-07-14 01:40 197120 c:\windows\system32\d3d10_1.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 197120 c:\windows\system32\d3d10_1.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 902656 c:\windows\system32\d2d1.dll
- 2011-01-13 11:00 . 2011-01-13 11:00 144384 c:\windows\system32\cdd.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 144384 c:\windows\system32\cdd.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 114176 c:\windows\system32\admparse.dll
+ 2011-03-28 13:53 . 2011-11-19 08:42 897000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-11-19 08:42 417164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-19 04:13 . 2011-11-19 04:13 666640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1471082805-2386370728-3380099341-1005-12288.dat
+ 2011-11-17 20:03 . 2011-11-17 20:03 1102848 c:\windows\SysWOW64\urlmon.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 1798144 c:\windows\SysWOW64\jscript9.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 1791488 c:\windows\SysWOW64\iertutil.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 9704960 c:\windows\SysWOW64\ieframe.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 3695416 c:\windows\SysWOW64\ieapfltr.dat
- 2009-07-13 23:44 . 2009-07-14 01:15 1495040 c:\windows\SysWOW64\ExplorerFrame.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 1495040 c:\windows\SysWOW64\ExplorerFrame.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 1074176 c:\windows\SysWOW64\DWrite.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 1170944 c:\windows\SysWOW64\d3d10warp.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 1389056 c:\windows\system32\wininet.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 1344512 c:\windows\system32\urlmon.dll
+ 2009-07-14 02:34 . 2011-11-21 03:14 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-11-17 20:02 . 2011-11-17 20:02 2309120 c:\windows\system32\jscript9.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 2143744 c:\windows\system32\iertutil.dll
+ 2011-11-17 20:02 . 2011-11-17 20:02 3695416 c:\windows\system32\ieapfltr.dat
+ 2011-11-17 19:59 . 2011-11-17 19:59 1133568 c:\windows\system32\FntCache.dll
- 2009-07-13 23:57 . 2009-07-14 01:40 1863680 c:\windows\system32\ExplorerFrame.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 1863680 c:\windows\system32\ExplorerFrame.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 1540608 c:\windows\system32\DWrite.dll
+ 2011-11-17 19:59 . 2011-11-17 19:59 1837568 c:\windows\system32\d3d10warp.dll
+ 2009-07-14 04:45 . 2011-11-19 05:14 3860045 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2011-11-16 19:05 3860045 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-10-02 10:45 . 2011-11-19 08:42 6037440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1471082805-2386370728-3380099341-1005-8192.dat
+ 2011-11-17 20:02 . 2011-11-17 20:02 12275200 c:\windows\SysWOW64\mshtml.dll
+ 2011-11-17 22:37 . 2011-10-28 06:04 50295240 c:\windows\SysWOW64\MRT.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 17781760 c:\windows\system32\mshtml.dll
+ 2011-11-17 19:54 . 2011-10-28 07:05 52174280 c:\windows\system32\MRT.exe
+ 2011-11-17 20:02 . 2011-11-17 20:02 10886144 c:\windows\system32\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 615808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-11-18 673168]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2010-12-08 734608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 655088]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-14 49152]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-05 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-12-06 584080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-12-09 923024]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-03 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-03 2179688]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-20 23:32:08
ComboFix-quarantined-files.txt 2011-11-21 07:32
ComboFix2.txt 2011-11-17 19:36
.
Pre-Run: 284,705,845,248 bytes free
Post-Run: 285,255,987,200 bytes free
.
- - End Of File - - D22382461417E866641F41EE99FDF15D

Broni · Nov 21, 2011

Still redirected?

1. Please open Notepad

Click Start , then Run
Type notepad .exe in the Run Box
Click OK

Windows Vista/7 users: click Start, in "Start search" type notepad and press Enter.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

Folder::
c:\users\Aj-T'zib'\AppData\Roaming\y5sQQJ6dK8fR9Tw
c:\users\Aj-T'zib'\AppData\Roaming\rCCekIBrzOyx0v2
c:\users\Aj-T'zib'\AppData\Roaming\QOONtxA0uc2
c:\users\Aj-T'zib'\AppData\Roaming\hjeIzONtA
c:\users\Aj-T'zib'\AppData\Roaming\924F1
c:\users\Aj-T'zib'\AppData\Roaming\zD3ooFFamH5W7EL
c:\users\Aj-T'zib'\AppData\Roaming\ZgRZZhhXwkUeOBz
c:\users\Aj-T'zib'\AppData\Roaming\F1DEA

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

MarioGA · Nov 21, 2011

Yes, still redirected and background music and ads still conitnue. I have also received two or three "widows explorer error" and suggests to restart the program. I will go ahead and proceed with your indications above and will post the results. Thank you.

MarioGA · Nov 21, 2011

ComboFix 11-11-21.01 - Aj-T'zib' 11/21/2011 16:52:25.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4012.2418 [GMT -8:00]
Running from: c:\users\Aj-T'zib'\Desktop\ComboFix.exe
Command switches used :: c:\users\Aj-T'zib'\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))
.
.
2011-11-22 01:25 . 2011-11-22 01:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-22 01:25 . 2011-11-22 01:25 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2011-11-21 18:57 . 2011-11-21 18:57 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FF24812-E6C5-4724-8C17-FED8DDC8C86D}\offreg.dll
2011-11-21 08:10 . 2011-10-07 05:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7FF24812-E6C5-4724-8C17-FED8DDC8C86D}\mpengine.dll
2011-11-19 02:58 . 2011-11-19 02:58 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-17 20:20 . 2011-10-07 05:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-17 20:03 . 2011-11-17 20:03 748336 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2011-11-17 20:03 . 2011-11-17 20:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-17 20:03 . 2011-11-17 20:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-17 20:03 . 2011-11-17 20:03 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-17 20:03 . 2011-11-17 20:03 107008 ----a-w- c:\program files (x86)\Internet Explorer\iecleanup.exe
2011-11-17 19:59 . 2011-11-17 19:59 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-11-17 10:33 . 2006-06-19 21:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2011-11-17 10:33 . 2006-05-25 23:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2011-11-17 10:33 . 2005-08-26 09:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2011-11-17 10:33 . 2003-02-03 04:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2011-11-17 10:33 . 2002-03-06 09:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2011-11-17 06:11 . 2011-11-19 05:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-17 06:11 . 2011-11-19 05:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-16 23:44 . 2011-11-16 23:44 -------- d-----w- c:\program files (x86)\AMD APP
2011-11-16 23:44 . 2011-11-16 23:44 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-11-16 23:44 . 2011-11-16 23:44 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-11-16 22:54 . 2011-11-16 22:54 -------- d-----w- C:\AMD
2011-11-16 19:38 . 2011-11-16 19:37 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04093536-2511-4F9F-A03F-EAE074E568FB}\gapaengine.dll
2011-11-16 19:01 . 2011-11-16 19:01 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-16 19:01 . 2011-11-16 19:01 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-16 19:00 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-16 09:51 . 2011-11-21 09:28 -------- d-----w- c:\users\Aj-T'zib'\AppData\Local\CrashDumps
2011-11-14 09:50 . 2011-11-14 09:50 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Local\Windows Live
2011-11-14 09:41 . 2011-11-14 09:41 -------- d-----w- c:\programdata\YouTube Downloader
2011-11-14 09:41 . 2011-11-14 09:41 -------- d-----w- c:\program files (x86)\YouTube Downloader
2011-11-11 06:42 . 2011-11-11 18:47 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\F1DEA
2011-11-11 06:41 . 2011-11-16 04:27 -------- d-----w- c:\users\Aj-T'zib'\AppData\Roaming\ZgRZZhhXwkUeOBz
2011-11-11 06:41 . 2011-11-11 06:41 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\zD3ooFFamH5W7EL
2011-11-11 06:41 . 2011-11-11 18:14 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\924F1
2011-11-11 06:41 . 2011-11-11 07:18 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\hjeIzONtA
2011-11-11 06:41 . 2011-11-11 06:41 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\QOONtxA0uc2
2011-11-11 06:41 . 2011-11-11 06:41 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\rCCekIBrzOyx0v2
2011-11-11 06:41 . 2011-11-11 06:41 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Roaming\y5sQQJ6dK8fR9Tw
2011-11-01 21:12 . 2011-10-18 09:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5BCBC07-5CFB-4A2C-AF07-076714A78A02}\mpengine.dll
2011-11-01 21:12 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-01 06:15 . 2011-11-01 06:15 -------- d-----w- c:\program files\IDT
2011-11-01 06:15 . 2011-11-01 06:15 -------- d-----w- C:\dell
2011-10-26 19:54 . 2011-10-26 19:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-26 19:54 . 2011-10-26 19:54 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-26 19:54 . 2011-10-26 19:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-26 19:54 . 2011-10-26 19:54 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-23 18:18 . 2011-11-11 17:19 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-23 18:18 . 2011-10-23 18:18 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-23 18:17 . 2011-10-23 18:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-23 18:17 . 2011-10-23 18:17 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 06:45 . 2011-10-09 18:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-01 22:49 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-26 23:05 . 2011-08-26 23:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-08-26 23:05 . 2011-08-26 23:05 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-08-26 23:05 . 2011-08-26 23:05 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-26 23:05 . 2011-08-26 23:05 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-26 23:05 . 2011-08-26 23:05 16673280 ----a-w- c:\windows\system32\amdocl64.dll
2011-08-26 23:05 . 2011-08-26 23:05 12799488 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-08-26 18:07 . 2011-01-14 08:20 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-21_07.14.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-31 19:09 . 2011-11-21 18:59 49018 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-19 21:10 36806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-21 18:59 36806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-03-28 13:53 . 2011-11-21 04:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-28 13:53 . 2011-11-21 20:00 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-28 13:53 . 2011-11-21 04:46 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-28 13:53 . 2011-11-21 20:00 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-21 20:00 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-21 04:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-11-22 00:05 82368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-10-01 22:50 . 2011-11-21 18:59 4348 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1471082805-2386370728-3380099341-1005_UserData.bin
+ 2011-11-21 18:57 . 2011-11-21 18:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-11-19 21:08 . 2011-11-19 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-21 18:57 . 2011-11-21 18:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-19 21:08 . 2011-11-19 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-02 01:19 . 2011-11-21 23:54 263520 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-11-21 05:13 617460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-22 00:10 617460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-22 00:10 104702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-21 05:13 104702 c:\windows\system32\perfc009.dat
+ 2011-03-28 13:53 . 2011-11-21 09:29 897000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-03-28 13:53 . 2011-11-19 08:42 897000 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-11-21 09:29 417164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-19 08:42 417164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-11-22 00:15 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-11-21 03:14 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-10-02 10:45 . 2011-11-21 09:29 7289940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1471082805-2386370728-3380099341-1005-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 615808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-11-18 673168]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2010-12-08 734608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 655088]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-14 49152]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-05 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-12-06 584080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-12-09 923024]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-03 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-03 2179688]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 10.81.28.8 10.81.60.8 130.182.1.11 130.182.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-21 17:45:15
ComboFix-quarantined-files.txt 2011-11-22 01:45
ComboFix2.txt 2011-11-21 07:32
ComboFix3.txt 2011-11-17 19:36
.
Pre-Run: 284,835,446,784 bytes free
Post-Run: 284,626,579,456 bytes free
.
- - End Of File - - D9F2664E1CB954E09E775BF6FC18C074

Broni · Nov 21, 2011

It doesn't look like you ran my script.

Please redo.

MarioGA · Nov 22, 2011

The first time I tried running your script, combofix updated to a newer version and then I ran your script. I have just tried to do it a second time, and it begins loading, but it suddenly stops and the blue window never appears. Should I try on Safe Mode?

Broni · Nov 22, 2011

Yes you can.

MarioGA · Nov 22, 2011

I tried one more time on normal mode and it worked this time. Heres the log.

ComboFix 11-11-21.01 - Aj-T'zib' 11/22/2011 17:04:00.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4012.2420 [GMT -8:00]
Running from: c:\users\Aj-T'zib'\Desktop\ComboFix.exe
Command switches used :: c:\users\Aj-T'zib'\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Aj-T'zib'\AppData\Roaming\924F1
c:\users\Aj-T'zib'\AppData\Roaming\924F1\1DEA.24F
c:\users\Aj-T'zib'\AppData\Roaming\F1DEA
c:\users\Aj-T'zib'\AppData\Roaming\hjeIzONtA
c:\users\Aj-T'zib'\AppData\Roaming\QOONtxA0uc2
c:\users\Aj-T'zib'\AppData\Roaming\rCCekIBrzOyx0v2
c:\users\Aj-T'zib'\AppData\Roaming\y5sQQJ6dK8fR9Tw
c:\users\Aj-T'zib'\AppData\Roaming\zD3ooFFamH5W7EL
c:\users\Aj-T'zib'\AppData\Roaming\ZgRZZhhXwkUeOBz
c:\users\Aj-T'zib'\AppData\Roaming\ZgRZZhhXwkUeOBz\AV Security 2012.ico
.
.
((((((((((((((((((((((((( Files Created from 2011-10-23 to 2011-11-23 )))))))))))))))))))))))))))))))
.
.
2011-11-23 01:38 . 2011-11-23 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-23 01:38 . 2011-11-23 01:38 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2011-11-23 00:49 . 2011-11-23 00:49 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9B67CBD-81F2-4E6F-899C-C339EB6B8147}\offreg.dll
2011-11-23 00:32 . 2011-10-07 05:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9B67CBD-81F2-4E6F-899C-C339EB6B8147}\mpengine.dll
2011-11-19 02:58 . 2011-11-19 02:58 -------- d-----w- c:\programdata\Kaspersky Lab
2011-11-17 20:20 . 2011-10-07 05:16 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-17 20:03 . 2011-11-17 20:03 748336 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2011-11-17 20:03 . 2011-11-17 20:03 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-11-17 20:03 . 2011-11-17 20:03 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-11-17 20:03 . 2011-11-17 20:03 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-17 20:03 . 2011-11-17 20:03 107008 ----a-w- c:\program files (x86)\Internet Explorer\iecleanup.exe
2011-11-17 19:59 . 2011-11-17 19:59 982912 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-11-17 10:33 . 2006-06-19 21:01 69632 ----a-w- c:\windows\SysWow64\ztvcabinet.dll
2011-11-17 10:33 . 2006-05-25 23:52 162304 ----a-w- c:\windows\SysWow64\ztvunrar36.dll
2011-11-17 10:33 . 2005-08-26 09:50 77312 ----a-w- c:\windows\SysWow64\ztvunace26.dll
2011-11-17 10:33 . 2003-02-03 04:06 153088 ----a-w- c:\windows\SysWow64\UNRAR3.dll
2011-11-17 10:33 . 2002-03-06 09:00 75264 ----a-w- c:\windows\SysWow64\unacev2.dll
2011-11-17 06:11 . 2011-11-19 05:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-17 06:11 . 2011-11-19 05:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-16 23:44 . 2011-11-16 23:44 -------- d-----w- c:\program files (x86)\AMD APP
2011-11-16 23:44 . 2011-11-16 23:44 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2011-11-16 23:44 . 2011-11-16 23:44 -------- d-----w- c:\program files\Common Files\ATI Technologies
2011-11-16 22:54 . 2011-11-16 22:54 -------- d-----w- C:\AMD
2011-11-16 19:38 . 2011-11-16 19:37 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{04093536-2511-4F9F-A03F-EAE074E568FB}\gapaengine.dll
2011-11-16 19:01 . 2011-11-16 19:01 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-11-16 19:01 . 2011-11-16 19:01 -------- d-----w- c:\program files\Microsoft Security Client
2011-11-16 19:00 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2011-11-16 09:51 . 2011-11-21 09:28 -------- d-----w- c:\users\Aj-T'zib'\AppData\Local\CrashDumps
2011-11-14 09:50 . 2011-11-14 09:50 -------- d--h--w- c:\users\Aj-T'zib'\AppData\Local\Windows Live
2011-11-14 09:41 . 2011-11-14 09:41 -------- d-----w- c:\programdata\YouTube Downloader
2011-11-14 09:41 . 2011-11-14 09:41 -------- d-----w- c:\program files (x86)\YouTube Downloader
2011-11-01 21:12 . 2011-10-18 09:27 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5BCBC07-5CFB-4A2C-AF07-076714A78A02}\mpengine.dll
2011-11-01 21:12 . 2010-10-19 20:51 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-01 06:15 . 2011-11-01 06:15 -------- d-----w- c:\program files\IDT
2011-11-01 06:15 . 2011-11-01 06:15 -------- d-----w- C:\dell
2011-10-26 19:54 . 2011-10-26 19:54 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-26 19:54 . 2011-10-26 19:54 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-26 19:54 . 2011-10-26 19:54 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-26 19:54 . 2011-10-26 19:54 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-11 17:19 . 2011-10-23 18:18 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-11-11 06:45 . 2011-10-09 18:54 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-23 18:18 . 2011-10-23 18:18 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-23 18:17 . 2011-10-23 18:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-23 18:17 . 2011-10-23 18:17 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-10-01 22:49 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-26 23:05 . 2011-08-26 23:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2011-08-26 23:05 . 2011-08-26 23:05 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-08-26 23:05 . 2011-08-26 23:05 53760 ----a-w- c:\windows\system32\OpenCL.dll
2011-08-26 23:05 . 2011-08-26 23:05 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-08-26 23:05 . 2011-08-26 23:05 16673280 ----a-w- c:\windows\system32\amdocl64.dll
2011-08-26 23:05 . 2011-08-26 23:05 12799488 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-08-26 18:07 . 2011-01-14 08:20 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-11-21_07.14.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-08-31 19:09 . 2011-11-23 00:51 49042 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-11-19 21:10 36806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-11-23 00:51 36806 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-28 13:53 . 2011-11-23 00:30 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-28 13:53 . 2011-11-21 04:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-28 13:53 . 2011-11-21 04:46 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-28 13:53 . 2011-11-23 00:30 81920 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-11-23 00:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-11-21 04:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2011-11-22 00:05 82368 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-10-01 22:50 . 2011-11-23 00:51 4348 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1471082805-2386370728-3380099341-1005_UserData.bin
- 2011-11-19 21:08 . 2011-11-19 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-23 00:49 . 2011-11-23 00:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-11-23 00:49 . 2011-11-23 00:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-11-19 21:08 . 2011-11-19 21:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-02 01:19 . 2011-11-23 00:17 263520 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2011-11-21 05:13 617460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-23 00:53 617460 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-11-23 00:53 104702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-11-21 05:13 104702 c:\windows\system32\perfc009.dat
+ 2011-03-28 13:53 . 2011-11-23 00:43 916448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-11-23 00:43 417164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-11-19 08:42 417164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-11-21 03:14 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-11-23 01:03 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-10-02 10:45 . 2011-11-23 00:43 8800468 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1471082805-2386370728-3380099341-1005-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-09-06 615808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-09-07 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-11-18 673168]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2010-12-08 734608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-02 340240]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 655088]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-26 387896]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-26 101152]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-14 49152]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-05 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-12-06 584080]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-12-09 923024]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2011-09-23 1429608]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-12-03 11490408]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-03 2179688]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 192.168.5.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-22 17:58:03
ComboFix-quarantined-files.txt 2011-11-23 01:57
ComboFix2.txt 2011-11-22 01:45
ComboFix3.txt 2011-11-21 07:32
ComboFix4.txt 2011-11-17 19:36
.
Pre-Run: 285,595,795,456 bytes free
Post-Run: 285,297,811,456 bytes free
.
- - End Of File - - 7B0D228152C3B08ED3BB43317B35B39D

MarioGA · Nov 22, 2011

Searches still get redirected, not as often as before though. Background noise, music and ads still continue like before. I really appreciate your help.

Broni · Nov 22, 2011

Uninstall YouTube Downloader 3.4.

Which browser is affected?
Does the music play only when the browser is open?

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

MarioGA · Nov 23, 2011

I only have Internet Explorer installed on my computer, so I assume that this is the one infected. As far as I'm concerned, yes the music only plays when the browser is open. I will run the scan you mentioned above now.

MarioGA · Nov 23, 2011

I had to split the results into two posts

MarioGA · Nov 23, 2011

OTL logfile created on: 11/23/2011 7:53:13 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Aj-T'zib'\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.96% Memory free
7.83 Gb Paging File | 5.45 Gb Available in Paging File | 69.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.95 Gb Total Space | 265.58 Gb Free Space | 58.89% Space Free | Partition Type: NTFS

Computer Name: AJ-TZIB-VAIO | User Name: Aj-T'zib' | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/23 07:50:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aj-T'zib'\Desktop\OTL.exe
PRC - [2011/08/29 14:43:24 | 001,209,288 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
PRC - [2011/08/13 18:14:16 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/02/14 12:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011/01/29 04:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2011/01/04 22:11:44 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/01/04 22:10:33 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/23 15:24:52 | 000,206,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/12/23 15:24:52 | 000,095,632 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/11/26 23:55:44 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/26 23:55:44 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/11/17 17:30:12 | 000,673,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 22:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/09/22 17:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009/09/06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/20 22:46:42 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2011/10/01 15:25:07 | 000,887,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\cd5561592e50ed277e3b1a45d529c1a4\System.DirectoryServices.AccountManagement.ni.dll
MOD - [2011/10/01 15:24:55 | 002,516,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\04a5d9011add1af75129ee9d59296abb\System.Data.Linq.ni.dll
MOD - [2011/10/01 15:24:55 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\ef9baf2ada87942fb77b6e6c86dbc76e\System.Xml.Linq.ni.dll
MOD - [2011/10/01 15:24:24 | 000,633,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\85b263ee17ce8086d74c45fed21c1180\System.AddIn.ni.dll
MOD - [2011/10/01 15:24:24 | 000,082,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.AddIn.Contra#\89a9ddc116df21673f60cc7d1ed63e4b\System.AddIn.Contract.ni.dll
MOD - [2011/10/01 15:22:56 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\1f18baac078c4552b764e9f9b7fb1fa0\System.Core.ni.dll
MOD - [2011/10/01 15:22:04 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\86d34fbd2a7c582105eb53cbbd55c29e\System.Runtime.Serialization.ni.dll
MOD - [2011/08/10 23:32:09 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d57d521336d266a13fb4611706b3f08f\IAStorUtil.ni.dll
MOD - [2011/08/10 23:32:09 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\8e91e1a5ece58eb3ca61de2aaab0443a\IAStorCommon.ni.dll
MOD - [2011/08/08 14:11:06 | 000,681,840 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/03/28 04:16:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\598a9987f519acb9efe5372a2c556af6\PresentationFramework.Aero.ni.dll
MOD - [2011/03/28 04:16:26 | 011,804,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\064483cd86ddba6c78dd32732f6fd351\System.Web.ni.dll
MOD - [2011/03/28 04:16:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6728ef6a4c4b41eec6af6f48a7109457\System.Runtime.Remoting.ni.dll
MOD - [2011/03/28 04:16:21 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\7e94064464380c8a5d7315c8b5d312aa\System.EnterpriseServices.ni.dll
MOD - [2011/03/28 04:16:20 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\935ac020241e59cab3287d5eb38c592d\System.Data.ni.dll
MOD - [2011/03/28 04:16:20 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\c744f0f95227e75796b8689801740d4b\System.Transactions.ni.dll
MOD - [2011/03/28 04:16:13 | 014,318,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b090f03193ffab4bc38d14316331ac67\PresentationFramework.ni.dll
MOD - [2011/03/28 04:16:02 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\46a97b15da5b620fbb606cb05b6573a3\System.Windows.Forms.ni.dll
MOD - [2011/03/28 04:15:55 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\fdeec42fa02f3d789c42be2e33b130eb\System.Drawing.ni.dll
MOD - [2011/03/28 04:15:51 | 012,216,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\b7075f4be49affb3dfc655917113dd02\PresentationCore.ni.dll
MOD - [2011/03/28 04:15:43 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cd18fe55c106a2776b08ce297afe7f46\WindowsBase.ni.dll
MOD - [2011/03/28 04:15:41 | 000,676,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\fa4c8890472684fa271561c2076efd0c\System.Security.ni.dll
MOD - [2011/03/28 04:15:39 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\3060dfcdecbeb8ee65077fb29b217c3d\System.Xml.ni.dll
MOD - [2011/03/28 04:15:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\500ddd904b1099f95552a81b54223b7f\System.ni.dll
MOD - [2011/03/28 04:15:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f2060a0cf20f2536277761f4e517e906\System.Configuration.ni.dll
MOD - [2011/03/28 04:15:30 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f58ab951b57c8526430486dcf7ee38fd\mscorlib.ni.dll
MOD - [2009/06/10 13:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/06/10 13:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/23 14:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/08/26 10:39:22 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/24 05:00:00 | 000,655,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2011/04/27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/02/14 12:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:64bit: - [2011/01/29 04:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010/12/09 15:26:26 | 000,923,024 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2010/12/06 08:14:50 | 000,584,080 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2010/11/02 12:49:46 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/11/02 12:39:08 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/11/02 12:34:14 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/10/25 16:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010/10/25 16:26:34 | 000,101,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010/09/27 14:13:22 | 000,303,872 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/29 18:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/08/13 18:14:16 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2011/08/10 11:35:20 | 000,227,184 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/03/28 04:26:13 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/01/04 22:11:44 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/01/04 22:10:33 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/12/23 15:24:52 | 000,095,632 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/11/26 23:55:44 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/12 14:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/09/27 14:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/09/10 07:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/09/10 07:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 09:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/26 11:14:10 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/08/26 10:06:40 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/09 04:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/08/09 04:32:02 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/04/27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011/04/04 13:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/03/31 13:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motport.sys -- (motport)
DRV:64bit: - [2011/03/31 13:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2011/01/29 17:19:52 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/13 22:59:48 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011/01/04 22:10:11 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/12/21 12:09:15 | 000,329,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/12/10 01:57:42 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/06 12:38:55 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/12/01 04:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/09 02:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/11/03 14:35:22 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/11/03 14:35:21 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/11/03 14:35:21 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/11/03 14:35:21 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/11/03 14:34:50 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/11/01 12:09:19 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/11/01 12:09:19 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/26 12:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 15:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 15:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 12:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 13:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008/06/16 02:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1471082805-2386370728-3380099341-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Aj-T'zib'\Desktop
IE - HKU\S-1-5-21-1471082805-2386370728-3380099341-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1471082805-2386370728-3380099341-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2011/11/22 17:38:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1471082805-2386370728-3380099341-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Boot Manager] C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe (Sony Corporation)
O4 - HKU\S-1-5-21-1471082805-2386370728-3380099341-1005..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1471082805-2386370728-3380099341-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1471082805-2386370728-3380099341-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1471082805-2386370728-3380099341-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DAD77B8-A901-415E-B605-97FC1AB53D54}: DhcpNameServer = 10.100.66.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A779907B-F312-4254-B4D9-F6395D63DD3B}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1471082805-2386370728-3380099341-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/11/23 07:50:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Aj-T'zib'\Desktop\OTL.exe
[2011/11/22 19:28:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/11/22 17:58:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/11/22 16:54:06 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/11/21 11:11:42 | 000,000,000 | ---D | C] -- C:\Users\Aj-T'zib'\Desktop\Week 9 - Research Competition
[2011/11/20 22:23:45 | 004,303,424 | R--- | C] (Swearware) -- C:\Users\Aj-T'zib'\Desktop\ComboFix.exe
[2011/11/20 21:47:04 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Aj-T'zib'\Desktop\aswMBR.exe
[2011/11/20 20:11:53 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Aj-T'zib'\Desktop\dds.scr
[2011/11/18 18:58:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/11/18 10:55:13 | 000,000,000 | ---D | C] -- C:\Users\Aj-T'zib'\AppData\Roaming\Mozilla
[2011/11/17 10:33:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/11/17 10:33:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/11/17 10:33:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/11/17 10:29:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/11/17 10:28:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/17 02:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/11/17 02:06:26 | 000,000,000 | ---D | C] -- C:\Users\Aj-T'zib'\Desktop\tdsskiller
[2011/11/16 22:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/11/16 22:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/11/16 15:44:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011/11/16 15:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011/11/16 15:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2011/11/16 15:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/11/16 15:40:01 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2011/11/16 15:40:00 | 000,485,376 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011/11/16 15:40:00 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011/11/16 15:40:00 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011/11/16 15:40:00 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011/11/16 15:40:00 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011/11/16 14:54:10 | 000,000,000 | ---D | C] -- C:\AMD
[2011/11/16 11:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/11/16 11:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/11/16 01:51:46 | 000,000,000 | ---D | C] -- C:\Users\Aj-T'zib'\AppData\Local\CrashDumps
[2011/11/14 01:50:16 | 000,000,000 | -H-D | C] -- C:\Users\Aj-T'zib'\AppData\Local\Windows Live
[2011/11/14 01:49:53 | 000,000,000 | -H-D | C] -- C:\Users\Aj-T'zib'\AppData\Local\{9190F98C-F436-4ADA-8BD3-5DA5F912F272}
[2011/11/13 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\Aj-T'zib'\Documents\Adobe
[2011/10/31 22:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2011/10/31 22:15:13 | 000,000,000 | ---D | C] -- C:\dell

========== Files - Modified Within 30 Days ==========

[2011/11/23 07:50:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aj-T'zib'\Desktop\OTL.exe
[2011/11/23 07:49:14 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/23 07:49:14 | 000,617,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/23 07:49:14 | 000,104,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/23 07:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/22 19:35:34 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 19:35:34 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 19:27:49 | 3155,054,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/22 17:38:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/21 16:36:51 | 004,303,424 | R--- | M] (Swearware) -- C:\Users\Aj-T'zib'\Desktop\ComboFix.exe
[2011/11/21 12:51:49 | 000,327,597 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\style_guide.pdf
[2011/11/20 22:21:36 | 000,000,512 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\MBR.dat
[2011/11/20 21:47:25 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Aj-T'zib'\Desktop\aswMBR.exe
[2011/11/20 20:11:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Aj-T'zib'\Desktop\dds.scr
[2011/11/20 19:45:52 | 000,302,592 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\sqhgrc8n.exe
[2011/11/18 20:58:56 | 000,007,400 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/11/17 14:53:18 | 000,563,794 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\TAMAppDL.pdf
[2011/11/17 12:10:33 | 000,001,401 | ---- | M] () -- C:\Users\Aj-T'zib'\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/17 12:02:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/11/17 12:02:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/11/16 11:01:39 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/16 11:01:17 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/16 01:42:22 | 000,007,088 | ---- | M] () -- C:\bootsqm.dat
[2011/11/13 12:23:20 | 005,650,020 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\Maya3D-Digital-Reconstructions-of-Chichen-Itza.pdf
[2011/11/11 18:15:48 | 000,076,187 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\period-ending-list.pdf
[2011/11/11 18:08:36 | 008,846,706 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\95015Looper01.pdf
[2011/11/11 18:00:14 | 009,928,056 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\wayeb_notes0034.pdf
[2011/11/11 17:46:17 | 001,017,994 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\tortuguero_6.jpg
[2011/11/11 17:37:50 | 000,053,808 | ---- | M] () -- C:\test.xml
[2011/11/06 17:45:14 | 003,601,165 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\Matthias_Strecker_-_Representaciones_Sexuales.pdf
[2011/11/06 17:44:38 | 000,842,482 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\Andrea_Stone_-_Commentary_on_Strecker.pdf
[2011/11/03 18:53:33 | 001,780,262 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\McKillop%201984%20Journal%20of%20Field%20Archaeology.pdf
[2011/11/02 18:35:44 | 000,131,582 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\KerrTRANSCRIPT.pdf
[2011/11/02 18:14:44 | 000,922,537 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\35_-_Borowicz.07.pdf
[2011/11/02 16:05:09 | 000,095,928 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\20.95_-_Rolando.pdf
[2011/11/02 16:03:55 | 000,217,198 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\34_-_Oswaldo.07.pdf
[2011/11/02 15:54:04 | 001,706,491 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\71_-_Oswaldo.05_-_Digital.pdf
[2011/10/26 10:45:00 | 000,445,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/25 19:02:53 | 000,513,864 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\doaks_info_fellowships_2012-13.pdf

MarioGA · Nov 23, 2011

========== Files - Modified Within 30 Days ==========

[2011/11/23 07:50:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aj-T'zib'\Desktop\OTL.exe
[2011/11/23 07:49:14 | 000,717,260 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/23 07:49:14 | 000,617,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/23 07:49:14 | 000,104,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/23 07:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/22 19:35:34 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 19:35:34 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/22 19:27:49 | 3155,054,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/22 17:38:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/11/21 16:36:51 | 004,303,424 | R--- | M] (Swearware) -- C:\Users\Aj-T'zib'\Desktop\ComboFix.exe
[2011/11/21 12:51:49 | 000,327,597 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\style_guide.pdf
[2011/11/20 22:21:36 | 000,000,512 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\MBR.dat
[2011/11/20 21:47:25 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Aj-T'zib'\Desktop\aswMBR.exe
[2011/11/20 20:11:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Aj-T'zib'\Desktop\dds.scr
[2011/11/20 19:45:52 | 000,302,592 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\sqhgrc8n.exe
[2011/11/18 20:58:56 | 000,007,400 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/11/17 14:53:18 | 000,563,794 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\TAMAppDL.pdf
[2011/11/17 12:10:33 | 000,001,401 | ---- | M] () -- C:\Users\Aj-T'zib'\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/17 12:02:58 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/11/17 12:02:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2011/11/16 11:01:39 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/11/16 11:01:17 | 000,731,106 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/16 01:42:22 | 000,007,088 | ---- | M] () -- C:\bootsqm.dat
[2011/11/13 12:23:20 | 005,650,020 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\Maya3D-Digital-Reconstructions-of-Chichen-Itza.pdf
[2011/11/11 18:15:48 | 000,076,187 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\period-ending-list.pdf
[2011/11/11 18:08:36 | 008,846,706 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\95015Looper01.pdf
[2011/11/11 18:00:14 | 009,928,056 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\wayeb_notes0034.pdf
[2011/11/11 17:46:17 | 001,017,994 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\tortuguero_6.jpg
[2011/11/11 17:37:50 | 000,053,808 | ---- | M] () -- C:\test.xml
[2011/11/06 17:45:14 | 003,601,165 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\Matthias_Strecker_-_Representaciones_Sexuales.pdf
[2011/11/06 17:44:38 | 000,842,482 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\Andrea_Stone_-_Commentary_on_Strecker.pdf
[2011/11/03 18:53:33 | 001,780,262 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\McKillop%201984%20Journal%20of%20Field%20Archaeology.pdf
[2011/11/02 18:35:44 | 000,131,582 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\KerrTRANSCRIPT.pdf
[2011/11/02 18:14:44 | 000,922,537 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\35_-_Borowicz.07.pdf
[2011/11/02 16:05:09 | 000,095,928 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\20.95_-_Rolando.pdf
[2011/11/02 16:03:55 | 000,217,198 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\34_-_Oswaldo.07.pdf
[2011/11/02 15:54:04 | 001,706,491 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\71_-_Oswaldo.05_-_Digital.pdf
[2011/10/26 10:45:00 | 000,445,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/25 19:02:53 | 000,513,864 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\doaks_info_fellowships_2012-13.pdf

========== Files Created - No Company Name ==========

[2011/11/21 12:51:49 | 000,327,597 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\style_guide.pdf
[2011/11/20 22:21:36 | 000,000,512 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\MBR.dat
[2011/11/20 19:45:39 | 000,302,592 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\sqhgrc8n.exe
[2011/11/18 20:15:39 | 000,007,400 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/11/17 14:53:18 | 000,563,794 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\TAMAppDL.pdf
[2011/11/17 12:02:58 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2011/11/17 12:02:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2011/11/17 10:33:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/11/17 10:33:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/11/17 10:33:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/11/17 10:33:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/11/17 10:33:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/17 02:33:21 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2011/11/17 02:33:21 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2011/11/17 02:33:21 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2011/11/17 02:33:21 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2011/11/16 15:40:01 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2011/11/16 15:40:01 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/11/16 15:40:01 | 000,963,116 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2011/11/16 15:40:01 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/11/16 15:40:01 | 000,216,000 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2011/11/16 15:40:01 | 000,075,776 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2011/11/16 15:40:01 | 000,059,243 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2011/11/16 15:40:01 | 000,059,174 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2011/11/16 15:40:01 | 000,059,062 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2011/11/16 15:40:01 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/11/16 15:40:01 | 000,017,340 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2011/11/16 15:40:01 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2011/11/16 15:40:00 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/11/16 15:40:00 | 001,127,552 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011/11/16 15:40:00 | 001,127,552 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011/11/16 15:40:00 | 000,233,765 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2011/11/16 15:40:00 | 000,211,217 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2011/11/16 15:40:00 | 000,198,037 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2011/11/16 15:40:00 | 000,182,649 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2011/11/16 15:40:00 | 000,179,992 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2011/11/16 15:40:00 | 000,166,664 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2011/11/16 15:40:00 | 000,156,192 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2011/11/16 15:40:00 | 000,153,129 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2011/11/16 15:40:00 | 000,148,981 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2011/11/16 15:40:00 | 000,140,212 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2011/11/16 15:40:00 | 000,138,707 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2011/11/16 15:40:00 | 000,137,840 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2011/11/16 15:40:00 | 000,137,641 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2011/11/16 15:40:00 | 000,136,584 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2011/11/16 15:40:00 | 000,135,654 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2011/11/16 15:40:00 | 000,135,357 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2011/11/16 15:40:00 | 000,134,821 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2011/11/16 15:40:00 | 000,134,407 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2011/11/16 15:40:00 | 000,134,373 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2011/11/16 15:40:00 | 000,133,841 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2011/11/16 15:40:00 | 000,133,683 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2011/11/16 15:40:00 | 000,133,381 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2011/11/16 15:40:00 | 000,133,149 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2011/11/16 15:40:00 | 000,132,887 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2011/11/16 15:40:00 | 000,132,785 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2011/11/16 15:40:00 | 000,131,840 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2011/11/16 15:40:00 | 000,128,998 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2011/11/16 15:40:00 | 000,128,802 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2011/11/16 15:40:00 | 000,128,542 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2011/11/16 15:40:00 | 000,124,056 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2011/11/16 15:40:00 | 000,117,657 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2011/11/16 15:40:00 | 000,116,368 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2011/11/16 15:40:00 | 000,032,635 | ---- | C] () -- C:\Windows\atiogl.xml
[2011/11/16 15:40:00 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/11/16 15:40:00 | 000,003,929 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2011/11/16 11:01:39 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/11/16 11:01:17 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/11/16 11:01:11 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/11/16 01:42:22 | 000,007,088 | ---- | C] () -- C:\bootsqm.dat
[2011/11/13 12:23:20 | 005,650,020 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\Maya3D-Digital-Reconstructions-of-Chichen-Itza.pdf
[2011/11/11 18:15:48 | 000,076,187 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\period-ending-list.pdf
[2011/11/11 18:08:36 | 008,846,706 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\95015Looper01.pdf
[2011/11/11 18:00:23 | 001,017,994 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\tortuguero_6.jpg
[2011/11/11 18:00:14 | 009,928,056 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\wayeb_notes0034.pdf
[2011/11/11 17:37:50 | 000,053,808 | ---- | C] () -- C:\test.xml
[2011/11/06 17:45:14 | 003,601,165 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\Matthias_Strecker_-_Representaciones_Sexuales.pdf
[2011/11/06 17:44:29 | 000,842,482 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\Andrea_Stone_-_Commentary_on_Strecker.pdf
[2011/11/03 18:53:33 | 001,780,262 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\McKillop%201984%20Journal%20of%20Field%20Archaeology.pdf
[2011/11/02 18:35:44 | 000,131,582 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\KerrTRANSCRIPT.pdf
[2011/11/02 18:14:44 | 000,922,537 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\35_-_Borowicz.07.pdf
[2011/11/02 16:05:09 | 000,095,928 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\20.95_-_Rolando.pdf
[2011/11/02 16:03:55 | 000,217,198 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\34_-_Oswaldo.07.pdf
[2011/11/02 15:54:04 | 001,706,491 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\71_-_Oswaldo.05_-_Digital.pdf
[2011/10/25 19:02:53 | 000,513,864 | ---- | C] () -- C:\Users\Aj-T'zib'\Desktop\doaks_info_fellowships_2012-13.pdf
[2011/08/26 15:05:38 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/28 04:14:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/28 04:07:06 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011/01/14 00:20:50 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 13:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 13:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 13:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2009/07/13 21:08:49 | 000,018,500 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/11/16 01:42:22 | 000,007,088 | ---- | M] () -- C:\bootsqm.dat
[2011/11/22 17:58:18 | 000,024,304 | ---- | M] () -- C:\ComboFix.txt
[2011/11/22 19:27:49 | 3155,054,592 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/28 05:00:20 | 000,315,732 | ---- | M] () -- C:\lv.log
[2011/11/22 19:27:49 | 4206,739,456 | -HS- | M] () -- C:\pagefile.sys
[2011/03/28 04:00:42 | 000,002,175 | ---- | M] () -- C:\RHDSetup.log
[2011/03/28 05:00:13 | 000,000,074 | -H-- | M] () -- C:\splash.idx
[2011/11/17 02:08:04 | 000,161,290 | ---- | M] () -- C:\TDSSKiller.2.6.19.0_17.11.2011_02.06.34_log.txt
[2011/11/11 17:37:50 | 000,053,808 | ---- | M] () -- C:\test.xml
[2011/01/03 11:30:46 | 000,004,112 | -H-- | M] () -- C:\version

< %systemroot%\Fonts\*.com >
[2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/11/17 12:10:33 | 000,000,221 | -HS- | M] () -- C:\Users\Aj-T'zib'\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/11/20 21:47:25 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Aj-T'zib'\Desktop\aswMBR.exe
[2011/11/21 16:36:51 | 004,303,424 | R--- | M] (Swearware) -- C:\Users\Aj-T'zib'\Desktop\ComboFix.exe
[2011/11/23 07:50:04 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Aj-T'zib'\Desktop\OTL.exe
[2011/11/20 19:45:52 | 000,302,592 | ---- | M] () -- C:\Users\Aj-T'zib'\Desktop\sqhgrc8n.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/10/01 13:46:05 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/10/01 13:46:05 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/10/01 13:46:05 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/10/01 13:46:05 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/10/01 13:46:05 | 000,786,432 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/10/01 13:46:05 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/10/01 14:50:44 | 000,000,402 | -HS- | M] () -- C:\Users\Aj-T'zib'\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >

MarioGA · Nov 23, 2011

OTL Extras logfile created on: 11/23/2011 7:53:13 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Aj-T'zib'\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.92 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.96% Memory free
7.83 Gb Paging File | 5.45 Gb Available in Paging File | 69.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.95 Gb Total Space | 265.58 Gb Free Space | 58.89% Space Free | Partition Type: NTFS

Computer Name: AJ-TZIB-VAIO | User Name: Aj-T'zib' | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1471082805-2386370728-3380099341-1005\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1CCF1727-A817-4FEE-A028-5466FB542934}" = Motorola Mobile Drivers Installation 5.2.0
"{1CDECA98-23DA-5C22-7BDF-3CED743FFC3D}" = ATI Catalyst Install Manager
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{9FBC0857-8191-0886-BEEB-4A4901CCEE60}" = AMD Media Foundation Decoders
"{AF162E20-417F-4946-A06D-65734984957F}" = Intel(R) PROSet/Wireless WiFi Software
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = OOBE
"{1C5EC8F6-5C5F-421F-85BE-919B5D0CAD4C}" = Adobe Flash Player 10 Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{31ABC808-794B-4710-B3E4-85F77784882E}" = VAIO Hardware Diagnostics
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Wireless Wizard
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{884A242B-BE5C-4F9F-9177-F44156A5D081}" = VAIO Help and Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{995845A2-5767-429D-8986-694050AE1F34}" = Remote Keyboard
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A0E583D1-23F7-4C35-9620-B169D7715E4B}" = Adobe Premiere Elements 8.0
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat 9 Standard
"{AC76BA86-1033-0000-BA7E-000000000004}_946" = Adobe Acrobat 9.4.6 - CPSID_83708
"{AC76BA86-1033-0000-BA7E-000000000004}{AC76BA86-1033-0000-BA7E-000000000004}" = Adobe Acrobat 9 Standard
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AFE462CB-8D7D-1E68-1D3A-071E485CAF58}" = PX Profile Update
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B99A2A0D-F2D7-FA59-0B28-18C26113047D}" = Catalyst Control Center InstallProxy
"{C0357E79-BAED-48F4-8AFE-A5E71AFC2658}" =
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D531F5A4-18F6-4130-B9A4-9179D6E349FC}" = VAIO Care
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EFBEE79D-E49D-9451-459E-F776AC857F99}" = PX Profile Update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Display Audio Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F8B48758-410A-4B09-A734-C5DEA282C7C9}" = VAIO Data Restore Tool
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1FC66F-536F-46BD-98E3-D8DA127A810E}" = PMB VAIO Edition Guide
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Application Manager for VAIO" = Application Manager for VAIO
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{4685A344-6718-4923-AA9D-158A0A2E1CFB}" = SmartSound Quicktracks for Premiere Elements 8.0
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{FF1FC66F-536F-46BD-98E3-D8DA127A810E}" = VAIO - PMB VAIO Edition Guide
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"MotoHelper" = MotoHelper 2.0.53 Driver 5.2.0
"PremElem80" = Adobe Premiere Elements 8.0
"splashtop" = VAIO Quick Web Access
"VAIO Messenger" = VAIO Messenger
"VAIO Satisfaction Survey.3.0" = VAIO Satisfaction Survey.
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/16/2011 3:40:25 PM | Computer Name = Aj-Tzib-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 11/16/2011 3:51:18 PM | Computer Name = Aj-Tzib-VAIO | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16700,
time stamp: 0x4cd23213 Faulting module name: Flash11e.ocx, version: 11.1.102.55,
time stamp: 0x4eaf89fc Exception code: 0xc0000005 Fault offset: 0x001b10d5 Faulting
process id: 0xf58 Faulting application start time: 0x01cca4935a458f16 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Report Id: 595d24ec-108c-11e1-bad4-ccaf78aeb2eb

Error - 11/16/2011 4:13:44 PM | Computer Name = Aj-Tzib-VAIO | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16700,
time stamp: 0x4cd23213 Faulting module name: Flash11e.ocx, version: 11.1.102.55,
time stamp: 0x4eaf89fc Exception code: 0xc0000005 Fault offset: 0x001b10d5 Faulting
process id: 0x107c Faulting application start time: 0x01cca49a55c6ca69 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Report Id: 7b793d5d-108f-11e1-bad4-ccaf78aeb2eb

Error - 11/16/2011 4:15:44 PM | Computer Name = Aj-Tzib-VAIO | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16700,
time stamp: 0x4cd23213 Faulting module name: Flash11e.ocx, version: 11.1.102.55,
time stamp: 0x4eaf89fc Exception code: 0xc0000005 Fault offset: 0x001b10d5 Faulting
process id: 0x1084 Faulting application start time: 0x01cca49c42c8f02a Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Report Id: c2f6e683-108f-11e1-bad4-ccaf78aeb2eb

Error - 11/16/2011 10:08:07 PM | Computer Name = Aj-Tzib-VAIO | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16700,
time stamp: 0x4cd23213 Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000 Faulting process id:
0x458 Faulting application start time: 0x01cca4cdb69a5998 Faulting application path:
C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: unknown
Report
Id: fd3ff461-10c0-11e1-ab3e-f0bf97689bae

Error - 11/17/2011 2:22:47 AM | Computer Name = Aj-Tzib-VAIO | Source = Application Error | ID = 1000
Description = Faulting application name: Explorer.EXE, version: 6.1.7600.16450,
time stamp: 0x4aebab8d Faulting module name: unknown, version: 0.0.0.0, time stamp:
0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000000027e40ae Faulting process
id: 0x7d4 Faulting application start time: 0x01cca4eb20f6eafc Faulting application
path: C:\Windows\Explorer.EXE Faulting module path: unknown Report Id: 90d715b3-10e4-11e1-9991-ccaf78aeb2eb

Error - 11/17/2011 5:36:01 AM | Computer Name = Aj-Tzib-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 11/17/2011 7:04:28 AM | Computer Name = Aj-Tzib-VAIO | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16700,
time stamp: 0x4cd23213 Faulting module name: Flash11e.ocx, version: 11.1.102.55,
time stamp: 0x4eaf89fc Exception code: 0xc0000005 Fault offset: 0x001b10d5 Faulting
process id: 0x15ec Faulting application start time: 0x01cca5152a41a18a Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Report Id: eaa293bb-110b-11e1-9de9-ccaf78aeb2eb

Error - 11/17/2011 3:29:21 PM | Computer Name = Aj-Tzib-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: The data is invalid. .

Error - 11/17/2011 3:44:28 PM | Computer Name = Aj-Tzib-VAIO | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16700,
time stamp: 0x4cd23213 Faulting module name: Flash11e.ocx, version: 11.1.102.55,
time stamp: 0x4eaf89fc Exception code: 0xc0000005 Fault offset: 0x001b10d5 Faulting
process id: 0xed8 Faulting application start time: 0x01cca5609c0b3df1 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\Macromed\Flash\Flash11e.ocx Report Id: 8f7510e9-1154-11e1-be9f-ccaf78aeb2eb

[ Media Center Events ]
Error - 10/26/2011 2:50:27 PM | Computer Name = Aj-Tzib-VAIO | Source = MCUpdate | ID = 0
Description = 11:50:27 AM - Error connecting to the internet. 11:50:27 AM - Unable
to contact server..

Error - 10/26/2011 2:53:43 PM | Computer Name = Aj-Tzib-VAIO | Source = MCUpdate | ID = 0
Description = 11:53:37 AM - Error connecting to the internet. 11:53:37 AM - Unable
to contact server..

Error - 11/11/2011 12:12:30 PM | Computer Name = Aj-Tzib-VAIO | Source = MCUpdate | ID = 0
Description = 8:12:30 AM - Error connecting to the internet. 8:12:30 AM - Unable
to contact server..

Error - 11/11/2011 12:15:53 PM | Computer Name = Aj-Tzib-VAIO | Source = MCUpdate | ID = 0
Description = 8:15:51 AM - Failed to retrieve NetTV (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

Error - 11/11/2011 12:18:14 PM | Computer Name = Aj-Tzib-VAIO | Source = MCUpdate | ID = 0
Description = 8:17:53 AM - Failed to retrieve SportsV2 (Error: The underlying connection
was closed: An unexpected error occurred on a receive.)

[ System Events ]
Error - 11/17/2011 1:51:13 PM | Computer Name = Aj-Tzib-VAIO | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Provider
Host service which failed to start because of the following error: %%1068

Error - 11/17/2011 2:00:22 PM | Computer Name = Aj-Tzib-VAIO | Source = Service Control Manager | ID = 7003
Description = The SBSD Security Center Service service depends the following service:
wscsvc. This service might not be installed.

Error - 11/17/2011 2:57:40 PM | Computer Name = Aj-Tzib-VAIO | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/17/2011 3:16:18 PM | Computer Name = Aj-Tzib-VAIO | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 11/17/2011 4:07:13 PM | Computer Name = Aj-Tzib-VAIO | Source = DCOM | ID = 10010
Description =

Error - 11/17/2011 4:07:27 PM | Computer Name = Aj-Tzib-VAIO | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%32

Error - 11/17/2011 4:09:41 PM | Computer Name = Aj-Tzib-VAIO | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

Error - 11/17/2011 4:09:40 PM | Computer Name = Aj-Tzib-VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom PxHlpa64

Error - 11/17/2011 4:24:42 PM | Computer Name = Aj-Tzib-VAIO | Source = DCOM | ID = 10010
Description =

Error - 11/17/2011 5:46:54 PM | Computer Name = Aj-Tzib-VAIO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom PxHlpa64

< End of report >

Broni · Nov 23, 2011

Is the issue still present after uninstalling YouTube Downloader?

I just noticed that you don't have any AV program running.
I can see some Norton's leftovers though.
Run Norton removal tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

Then install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings>

When done....

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O37 - HKU\S-1-5-21-1471082805-2386370728-3380099341-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:CB0AACC9

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

===============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

Inactive Internet Explorer gets redirected and music and ads play in the background!

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 30 +0

Posts: 56,041 +516

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 30 +0

Posts: 56,041 +516

Similar threads