Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Sound Bites,Site Redirects


  • This topic is locked This topic is locked
11 replies to this topic

#1 melibu1974

melibu1974

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 13 November 2010 - 11:28 PM

Within the last week my husband and I have noticed our laptop playing random commericals, sound bites of programs, and odd noises. In the same time period, I also have noticed redirects from weblinks chosen from Yahoo. Tonight, the computer is saying there is a problem with the website you're viewing. On our desktop, I caught a message from Trend Micro stating that a Trojan was trying to infiltrate that computer, but I never saw anything for the laptop. My hunch is - the laptop is infected with that P.O.S.

DDS as follows:

DDS (Ver_10-11-10.01) - NTFS_AMD64
Run by WBFE at 22:21:47.18 on Sat 11/13/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3934.1376 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k yksvcs
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\sdclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\WBFE\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mWinlogon: Userinit=userinit.exe
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: D: {1af73f22-c40b-35b0-9f51-85fc15695b9c} - C:\Windows\SysWow64\wy76802.dll
BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
mRun: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"
mRun: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
mRun: [MediaFace Integration] C:\Program Files (x86)\Fellowes\MediaFACE 5.0\SetHook.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
Trusted Zone: corel.com
Trusted Zone: corel.com\www
Trusted Zone: intervideo.com
Trusted Zone: intervideo.com\www
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://mercynow.health-partners.org/dana-cached/sc/JuniperSetupClient.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
Notify: VESWinlogon - VESWinlogon.dll
IFEO: ctfmon.exe - C:\Windows\system32\ctfmonnnq.exe
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [Apoint] C:\Program Files\Apoint\Apoint.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
mRun-x64: [WrtMon.exe] C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-8-31 55024]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\System32\drivers\tmlwf.sys [2009-10-16 200720]
R2 MyWebSearchService;My Web Search Service;C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [2010-3-14 28762]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-16 14112]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-4-23 141344]
R2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2010-9-30 42576]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\System32\drivers\tmwfp.sys [2009-10-16 339984]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-8-31 104960]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-8-31 19968]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-4-23 126464]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-4-23 11392]
R3 TmPfw;Trend Micro Personal Firewall;C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-10-16 595960]
R3 TmProxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-10-16 917768]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-4-23 403968]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security; [x]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-4-23 36392]
S3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-4-23 300032]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-10-14 167424]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-8-31 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-8-31 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-8-31 390440]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-8-31 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-8-31 91432]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-5 89920]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-11-12 15:40:41 754688 ----a-w- C:\Windows\SysWow64\webservices.dll
2010-11-12 15:40:41 1103872 ----a-w- C:\Windows\System32\webservices.dll
2010-11-11 00:46:49 253952 ----a-w- C:\Windows\SysWow64\wy76802.dll
2010-11-10 18:08:50 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-11-10 18:08:50 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-10-27 15:48:58 -------- d-----w- C:\Users\WBFE\AppData\Roaming\Digiarty
2010-10-27 15:48:46 -------- d-----w- C:\Program Files (x86)\Digiarty
2010-10-27 11:44:46 1927680 ----a-w- C:\Windows\System32\gameux.dll
2010-10-27 11:44:46 1696256 ----a-w- C:\Windows\SysWow64\gameux.dll
2010-10-27 11:44:45 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2010-10-27 11:44:45 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2010-10-27 11:44:45 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2010-10-27 11:44:44 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2010-10-16 21:20:54 -------- d-----w- C:\Users\WBFE\AppData\Local\Microsoft Games

==================== Find3M ====================

2010-09-15 09:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-09-13 14:32:37 8147968 ----a-w- C:\Windows\System32\wmploc.DLL
2010-09-13 13:56:41 8147456 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2010-09-08 06:41:05 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-09-08 06:36:53 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-09-08 06:36:38 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-09-08 06:36:24 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-09-08 06:36:23 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-09-08 06:01:28 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-09-08 06:01:28 10240 ----a-w- C:\Windows\SysWow64\ctfmonnnq.exe
2010-09-08 05:57:18 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-09-08 05:36:07 479232 ----a-w- C:\Windows\System32\html.iec
2010-09-08 05:04:36 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-09-08 04:51:18 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-09-08 04:49:56 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-09-08 04:26:46 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-09-07 20:49:19 9079808 ----a-w- C:\Windows\SysWow64\alltoall.exe
2010-09-06 18:28:38 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2010-09-06 18:28:38 12288 ----a-w- C:\Windows\System32\sscore.dll
2010-09-06 18:27:03 17920 ----a-w- C:\Windows\System32\netevent.dll
2010-09-06 16:20:29 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2010-09-06 16:19:06 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2010-09-06 15:34:14 451584 ----a-w- C:\Windows\System32\drivers\srv.sys
2010-09-06 15:33:51 175104 ----a-w- C:\Windows\System32\drivers\srv2.sys
2010-09-06 15:33:49 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2010-09-06 02:59:11 755320 ----a-w- C:\Windows\SysWow64\awrdscdc.ax
2010-08-31 17:27:07 633856 ----a-w- C:\Windows\System32\comctl32.dll
2010-08-31 15:46:37 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- C:\Windows\SysWow64\comctl32.dll
2010-08-31 14:57:39 2753024 ----a-w- C:\Windows\System32\win32k.sys
2010-08-26 17:46:52 189952 ----a-w- C:\Windows\System32\t2embed.dll
2010-08-26 17:40:08 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2010-08-26 17:40:07 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2010-08-26 17:40:07 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2010-08-26 16:37:45 157184 ----a-w- C:\Windows\SysWow64\t2embed.dll
2010-08-26 16:33:06 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2010-08-20 16:57:50 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2010-08-20 16:05:07 867328 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2010-08-17 14:54:20 273920 ----a-w- C:\Windows\System32\spoolsv.exe

============= FINISH: 22:23:14.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 PM

Posted 22 November 2010 - 07:38 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 melibu1974

melibu1974
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 22 November 2010 - 12:05 PM

I have the OTL and Extra logs, but I am having difficulty with getting the RootKit Unhooker to run. I'm getting an error that a driver is missing. Suggestions?

In the meantime...

OTL logfile created on: 11/22/2010 11:24:27 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\WBFE\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
8.00 Gb Paging File | 4.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.71 Gb Total Space | 201.50 Gb Free Space | 70.03% Space Free | Partition Type: NTFS

Computer Name: WBFEJR | User Name: WBFE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtProc.exe
PRC - File not found -- C:\Windows\SysWow64\spool\drivers\x64\3\WrtMon.exe
PRC - [2010/11/22 11:22:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WBFE\Desktop\OTL.exe
PRC - [2010/11/21 02:21:27 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/03/14 12:38:07 | 000,028,762 | ---- | M] (MyWebSearch.com) -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
PRC - [2010/01/04 18:07:06 | 000,083,280 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
PRC - [2009/12/09 08:25:16 | 000,615,720 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2009/03/05 20:05:26 | 000,173,872 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
PRC - [2009/03/04 17:20:22 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
PRC - [2009/03/04 17:20:06 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/03/04 17:19:48 | 000,045,056 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
PRC - [2009/03/04 17:18:48 | 000,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
PRC - [2009/01/21 12:07:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/01/21 12:07:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/01/19 14:49:24 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/19 14:49:24 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/01/14 15:38:40 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/12/18 12:53:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/09/18 12:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/11 00:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/10/11 12:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


========== Modules (SafeList) ==========

MOD - [2010/11/22 11:22:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WBFE\Desktop\OTL.exe
MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/09/06 05:00:40 | 000,836,504 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV:64bit: - [2009/10/16 08:54:57 | 000,917,768 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy)
SRV:64bit: - [2009/10/16 08:54:56 | 000,595,960 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV:64bit: - [2009/10/16 08:54:56 | 000,570,632 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV:64bit: - [2009/09/16 22:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2009/03/02 02:14:36 | 000,844,328 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/02/10 15:02:29 | 000,382,464 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\SysNative\ykx64mpcoinst.dll -- (yksvc)
SRV:64bit: - [2009/01/19 18:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/01/16 23:59:12 | 000,110,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2009/01/05 21:13:13 | 000,141,344 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2008/12/19 16:02:10 | 000,411,496 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2008/04/27 19:00:38 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/14 12:38:07 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Running] -- C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/12/09 08:25:16 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/21 12:07:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 12:07:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 12:07:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/20 13:56:06 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/01/20 13:52:18 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/01/20 13:51:48 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/01/20 13:51:18 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/01/20 13:50:48 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/19 14:49:24 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/14 15:38:40 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/08 02:10:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/09/18 12:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/11 00:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/08 23:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 21:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - File not found [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1000000.07D\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2010/07/30 12:30:26 | 000,309,840 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmxpflt.sys -- (tmxpflt)
DRV:64bit: - [2010/07/30 12:30:20 | 000,042,576 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmpreflt.sys -- (tmpreflt)
DRV:64bit: - [2010/07/30 12:24:14 | 001,988,176 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\vsapint.sys -- (vsapint)
DRV:64bit: - [2009/12/09 08:10:40 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2009/10/16 08:55:07 | 000,339,984 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2009/10/16 08:55:07 | 000,200,720 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2009/10/16 08:55:07 | 000,107,536 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/13 15:16:44 | 000,204,848 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/13 15:16:01 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/04/13 15:15:27 | 010,275,296 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/04/10 15:03:29 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/04/10 15:03:27 | 000,134,184 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/04/10 15:03:27 | 000,096,296 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/04/10 15:02:52 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/03/13 15:01:56 | 005,171,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/02/23 15:07:49 | 000,190,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/02/10 15:02:29 | 000,403,968 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/11/18 19:08:46 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SFEP.sys -- (SFEP)
DRV:64bit: - [2008/10/22 19:02:17 | 000,085,504 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2008/10/22 19:02:08 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2008/10/20 19:04:26 | 001,168,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008/06/16 05:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008/05/28 05:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wimfltr.sys -- (WimFltr)
DRV:64bit: - [2008/04/29 19:03:13 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/27 19:00:38 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio)
DRV:64bit: - [2008/04/27 19:00:35 | 001,511,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/04/27 19:00:35 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/04/27 19:00:33 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/04/27 19:00:33 | 000,300,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/04/24 16:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/01/20 21:46:57 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2008/01/20 21:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/04/16 22:51:50 | 000,014,112 | R--- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi)
DRV:64bit: - [2006/09/18 16:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\Wbem\ntfs.mof -- (Ntfs)
DRV - [2008/11/25 01:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\DMICall.sys -- (DMICall)
DRV - [2007/02/06 14:05:14 | 000,016,512 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\aspi32.sys -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-396808403-2542166034-3970600258-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKU\S-1-5-21-396808403-2542166034-3970600258-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-396808403-2542166034-3970600258-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-396808403-2542166034-3970600258-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2009/10/16 09:15:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files (x86)\MyWebSearch\bar\1.bin [2010/06/13 11:06:06 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/11/14 22:47:23 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (D) - {1AF73F22-C40B-35B0-9F51-85FC15695B9C} - C:\Windows\SysWOW64\wy76802.dll (Microsoft Corporation)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKU\S-1-5-21-396808403-2542166034-3970600258-1000\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files (x86)\Fellowes\MediaFACE 5.0\SetHook.exe (Fellowes, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RegistrationReminder] C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-396808403-2542166034-3970600258-1000\..Trusted Domains: corel.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-396808403-2542166034-3970600258-1000\..Trusted Domains: corel.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-396808403-2542166034-3970600258-1000\..Trusted Domains: intervideo.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-396808403-2542166034-3970600258-1000\..Trusted Domains: intervideo.com ([www] * in Trusted sites)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/MyFunCardsInitialSetup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://mercynow.health-partners.org/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O27 - HKLM IFEO\ctfmon.exe: Debugger - C:\Windows\system32\ctfmonnnq.exe ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/22 11:22:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\WBFE\Desktop\OTL.exe
[2010/11/13 22:28:48 | 000,000,000 | ---D | C] -- C:\Users\WBFE\Desktop\gmer
[2010/11/12 10:43:56 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/11/07 14:06:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/27 10:48:58 | 000,000,000 | ---D | C] -- C:\Users\WBFE\AppData\Roaming\Digiarty
[2010/10/27 10:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digiarty

========== Files - Modified Within 30 Days ==========

[2010/11/22 11:30:59 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2010/11/22 11:25:49 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2010/11/22 11:22:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\WBFE\Desktop\OTL.exe
[2010/11/22 10:41:06 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/22 10:41:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/22 10:41:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/21 13:19:27 | 000,029,403 | ---- | M] () -- C:\test.xml
[2010/11/21 10:33:18 | 4126,167,040 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/21 10:30:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/14 22:47:23 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/11/14 22:35:48 | 000,703,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/11/14 22:35:48 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/11/14 22:35:48 | 000,104,170 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/11/13 22:27:49 | 000,288,107 | ---- | M] () -- C:\Users\WBFE\Desktop\gmer.zip
[2010/11/13 22:21:03 | 000,630,272 | ---- | M] () -- C:\Users\WBFE\Desktop\dds.scr
[2010/11/13 22:17:18 | 000,000,000 | ---- | M] () -- C:\Users\WBFE\defogger_reenable
[2010/11/07 14:06:48 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/27 10:48:51 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk

========== Files Created - No Company Name ==========

[2010/11/13 22:27:45 | 000,288,107 | ---- | C] () -- C:\Users\WBFE\Desktop\gmer.zip
[2010/11/13 22:20:59 | 000,630,272 | ---- | C] () -- C:\Users\WBFE\Desktop\dds.scr
[2010/11/13 22:17:18 | 000,000,000 | ---- | C] () -- C:\Users\WBFE\defogger_reenable
[2010/11/07 14:06:48 | 000,001,917 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/27 10:48:51 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\WinX DVD Ripper Platinum.lnk
[2010/10/09 21:33:45 | 000,387,630 | ---- | C] () -- C:\Users\WBFE\AppData\Local\dd_vcredistMSI1A48.txt
[2010/10/09 21:33:45 | 000,011,426 | ---- | C] () -- C:\Users\WBFE\AppData\Local\dd_vcredistUI1A48.txt
[2010/08/27 22:01:26 | 000,001,548 | ---- | C] () -- C:\Users\WBFE\AppData\Roaming\dvdae.config
[2010/08/27 21:13:17 | 000,442,026 | ---- | C] () -- C:\Users\WBFE\AppData\Local\dd_vcredistMSI6ACC.txt
[2010/08/27 21:13:09 | 000,019,424 | ---- | C] () -- C:\Users\WBFE\AppData\Local\dd_vcredistUI6ACC.txt
[2010/08/27 20:17:50 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/05/19 19:24:32 | 000,029,216 | ---- | C] () -- C:\Users\WBFE\AppData\Roaming\UserTile.png
[2010/02/01 20:34:00 | 000,009,728 | ---- | C] () -- C:\Users\WBFE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/29 22:54:43 | 000,000,000 | ---- | C] () -- C:\Users\WBFE\AppData\Roaming\wklnhst.dat
[2009/12/19 18:45:24 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\IPPCPUID.DLL
[2009/12/19 18:43:37 | 000,011,776 | ---- | C] () -- C:\Windows\SysWow64\pmsbfn32.dll
[2009/12/19 18:41:06 | 000,000,428 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2009/12/05 01:02:16 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/05 01:01:09 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/08/31 05:51:46 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/08/31 04:58:39 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2004/05/24 16:04:00 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\lttls13n.dll
[2004/05/24 16:03:00 | 000,708,608 | ---- | C] () -- C:\Windows\SysWow64\ltcry13n.dll
[2004/05/24 16:01:00 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\lfkodak.dll
[2004/05/24 16:00:00 | 000,338,944 | ---- | C] () -- C:\Windows\SysWow64\lffpx7.dll

========== LOP Check ==========

[2010/02/26 09:11:24 | 000,000,000 | ---D | M] -- C:\Users\WBFE\AppData\Roaming\Auslogics
[2010/08/28 22:55:05 | 000,000,000 | ---D | M] -- C:\Users\WBFE\AppData\Roaming\Canon
[2010/07/03 14:26:08 | 000,000,000 | ---D | M] -- C:\Users\WBFE\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/31 13:41:40 | 000,000,000 | ---D | M] -- C:\Users\WBFE\AppData\Roaming\COWON
[2010/10/27 10:48:58 | 000,000,000 | ---D | M] -- C:\Users\WBFE\AppData\Roaming\Digiarty
[2009/12/19 18:25:25 | 000,000,000 | ---D | M] -- C:\Users\WBFE\AppData\Roaming\E-centives
[2010/08/27 20:39:25 | 000,000,000 | ---D | M] -- C:\Users\WBFE\AppData\Roaming\HandBrake
[2010/08/04 15:38:27 | 000,000,000 | ---D | M] -- C:\Users\WBFE\AppData\Roaming\InterVideo
[2010/02/18 11:04:27 | 000,000,000 | ---D | M] -- C:\Users\WBFE\AppData\Roaming\Juniper Networks
[2010/01/23 18:10:49 | 000,000,000 | ---D | M] -- C:\Users\WBFE\AppData\Roaming\NewSoft
[2010/03/18 14:53:34 | 000,000,000 | ---D | M] -- C:\Users\WBFE\AppData\Roaming\NLOP
[2010/03/18 14:55:31 | 000,000,000 | ---D | M] -- C:\Users\WBFE\AppData\Roaming\PokerCreations
[2009/12/19 18:41:01 | 000,000,000 | ---D | M] -- C:\Users\WBFE\AppData\Roaming\ScanSoft
[2010/11/21 10:30:45 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 11/22/2010 11:24:27 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\WBFE\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
8.00 Gb Paging File | 4.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.71 Gb Total Space | 201.50 Gb Free Space | 70.03% Space Free | Partition Type: NTFS

Computer Name: WBFEJR | User Name: WBFE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 8B BD AA 87 85 91 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21AF5EE5-E32A-4788-8BED-BE234DB8161D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8CDED3F4-AF38-453E-9448-73005A64974F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{047BC1C5-9D3F-4E7C-BAFB-8403D368F258}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{2636EAA2-2FFD-4451-8FD9-612F51419ADD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{29A14482-4A04-4E88-B8C1-9637B6287931}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3A82AD61-DC62-41C7-94AA-F6C61FCA2717}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{6975D267-E444-4B79-A9CB-A23C0B19D19C}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8A19ABEB-9801-4B34-A3F4-6CA6F3EEA369}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{8AA8373D-DA17-414C-89E1-94A675BEA8BE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{A96E711D-2D74-4C2F-967A-302320355562}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{E5AF5676-B75A-44B2-901F-7E04CE1881E9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security Pro
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security Pro
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9EFC40E3-5F31-4F75-8445-286273F74D8E}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{C9C243B9-03BD-44BA-A592-AB09630AE2D2}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0F962B79-D0DC-40D9-96BA-ED1355120CBA}" = QuickBooks Financial Center
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2208D65A-1BF9-485E-A308-1BA6CADCDC1D}" = Windows Live Movie Maker Beta
"{223A0070-C924-48E3-AEB6-2E06CC835CC0}" = VAIO Care
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 22
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{376DCC77-BFDA-4AC0-A57E-2CEB000D5E47}" = VAIO Content Metadata Intelligent Analyzing Manager
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{47A2CE5C-EA1F-4F58-8A0A-9452CBA795CD}" = Click to Disc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{66F324A1-BDC0-11D7-9E5C-00D0B76A8705}" = Creative NOMAD Jukebox Zen Xtra
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70A3C0E1-1953-4A95-9C66-99FDCDD5E357}" = MediaFACE
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72B5983C-80C7-4225-BA72-E92AE1D59C62}" = VAIO My Memory Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78780A45-B180-4297-AE6D-12C45EC5AD35}" = VAIO Content Metadata Manager Setting
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E8C79CC-AC40-4E67-A959-332A366230DA}" = COWON iAUDIO 9 User's Guide
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = Splashtop
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F0810-3619-4E86-9072-973FBE1679C5}" = QuickBooks Simple Start 2009
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9D3D707-4A1A-4227-BE6E-F16448B4CB63}" = VAIO Entertainment Platform
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC2541A6-BC6A-4099-B711-7911C884AEB8}" = VAIO Content Metadata XML Interface Library
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.14
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Application Manager for VAIO" = Application Manager for VAIO
"AudibleManager" = AudibleManager
"Audio Free Files Convert" = Audio Free Files Convert 1.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"Bookworm Deluxe" = Bookworm Deluxe
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon MP530 User Registration" = Canon MP530 User Registration
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"Collectorz.com Music Collector" = Collectorz.com Music Collector
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EZ Vinyl/Tape Converter by MixMeister_is1" = EZ Vinyl/Tape Converter 4.1 by MixMeister
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator 2.2" = Canon MP Navigator 2.2
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"MyWebSearch bar Uninstall" = My Web Search (My Fun Cards)
"NLOP" = NLOP
"Personal Printing Guide" = Canon Personal Printing Guide
"PhotoStitch" = Canon Utilities PhotoStitch
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SoftwareStarterGuide-DCSD40_46" = Canon Digital Camera Solution Disk 40-46 Software Starter Guide
"splashtop" = Splashtop
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.0.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-396808403-2542166034-3970600258-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{70A3C0E1-1953-4A95-9C66-99FDCDD5E357}" = MediaFACE
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/16/2010 3:26:47 AM | Computer Name = WBFEjr | Source = WinMgmt | ID = 10
Description =

Error - 9/16/2010 9:36:46 AM | Computer Name = WBFEjr | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/16/2010 9:36:46 AM | Computer Name = WBFEjr | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/16/2010 9:36:46 AM | Computer Name = WBFEjr | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/16/2010 9:36:47 AM | Computer Name = WBFEjr | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/16/2010 9:36:47 AM | Computer Name = WBFEjr | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/16/2010 9:36:47 AM | Computer Name = WBFEjr | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/16/2010 9:36:48 AM | Computer Name = WBFEjr | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 9/16/2010 9:48:54 AM | Computer Name = WBFEjr | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 9/16/2010 9:49:26 AM | Computer Name = WBFEjr | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/3/2010 1:39:16 PM | Computer Name = WBFEjr | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 1/3/2010 1:39:27 PM | Computer Name = WBFEjr | Source = HTTP | ID = 15016
Description =

Error - 1/3/2010 1:40:37 PM | Computer Name = WBFEjr | Source = Service Control Manager | ID = 7000
Description =

Error - 1/3/2010 1:40:37 PM | Computer Name = WBFEjr | Source = Service Control Manager | ID = 7026
Description =

Error - 1/3/2010 1:41:04 PM | Computer Name = WBFEjr | Source = DCOM | ID = 10005
Description =

Error - 1/3/2010 1:41:04 PM | Computer Name = WBFEjr | Source = Service Control Manager | ID = 7009
Description =

Error - 1/3/2010 1:41:04 PM | Computer Name = WBFEjr | Source = Service Control Manager | ID = 7000
Description =

Error - 1/4/2010 12:08:12 PM | Computer Name = WBFEjr | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\DRIVERS\DMICall.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 1/4/2010 12:08:25 PM | Computer Name = WBFEjr | Source = HTTP | ID = 15016
Description =

Error - 1/4/2010 12:08:54 PM | Computer Name = WBFEjr | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 PM

Posted 22 November 2010 - 02:09 PM

RKU will not run on a 64 bit system. Please try this instead:

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.Link 1
Link 2
Link 3
  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 melibu1974

melibu1974
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 23 November 2010 - 09:47 AM

Here's is the MBRCheck:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VGN-NW115J
Logical Drives Mask: 0x0000005c

Kernel Drivers (total 145):
0x01C0D000 \SystemRoot\system32\ntoskrnl.exe
0x02124000 \SystemRoot\system32\hal.dll
0x0060E000 \SystemRoot\system32\kdcom.dll
0x00618000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00653000 \SystemRoot\system32\PSHED.dll
0x00667000 \SystemRoot\system32\CLFS.SYS
0x006C4000 \SystemRoot\system32\CI.dll
0x0080A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F2000 \SystemRoot\system32\drivers\acpi.sys
0x00948000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00951000 \SystemRoot\system32\drivers\msisadrv.sys
0x0095B000 \SystemRoot\system32\drivers\pci.sys
0x0098B000 \SystemRoot\System32\drivers\partmgr.sys
0x009A0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x009A4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x009B0000 \SystemRoot\system32\drivers\volmgr.sys
0x00776000 \SystemRoot\System32\drivers\volmgrx.sys
0x009C4000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A02000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x00B10000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B57000 \SystemRoot\system32\drivers\fileinfo.sys
0x00B6B000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x00B77000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C02000 \SystemRoot\system32\drivers\ndis.sys
0x00E05000 \SystemRoot\system32\drivers\msrpc.sys
0x00E55000 \SystemRoot\system32\drivers\NETIO.SYS
0x01001000 \SystemRoot\System32\drivers\tcpip.sys
0x01177000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01207000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01387000 \SystemRoot\system32\drivers\volsnap.sys
0x013CB000 \SystemRoot\System32\Drivers\spldr.sys
0x013D3000 \SystemRoot\System32\Drivers\mup.sys
0x011A3000 \SystemRoot\System32\drivers\ecache.sys
0x013E5000 \SystemRoot\system32\drivers\disk.sys
0x011CF000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x00EAE000 \SystemRoot\system32\drivers\crcdisk.sys
0x00FD4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x00FE1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02605000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x02204000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x022E7000 \SystemRoot\System32\drivers\watchdog.sys
0x022F7000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02303000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02349000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0300A000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x030F7000 \SystemRoot\system32\DRIVERS\yk60x64.sys
0x03202000 \SystemRoot\system32\DRIVERS\athrx.sys
0x03325000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x03337000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x03347000 \SystemRoot\system32\DRIVERS\risdsn64.sys
0x0335F000 \SystemRoot\system32\DRIVERS\rimssn64.sys
0x0337D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03393000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x033A1000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x033D7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x033E3000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x0315E000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x033E6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x033F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0317A000 \SystemRoot\system32\DRIVERS\dsNcAdpt.sys
0x03187000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x0235A000 \SystemRoot\system32\DRIVERS\storport.sys
0x031C0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x031CD000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x031F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x023B7000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x023E8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02FD2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00DC5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x00FEA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x033FE000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0340F000 \SystemRoot\system32\DRIVERS\ks.sys
0x03443000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x0344E000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0345E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x034A6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0440E000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04590000 \SystemRoot\system32\drivers\portcls.sys
0x045CB000 \SystemRoot\system32\drivers\drmk.sys
0x045EE000 \SystemRoot\system32\drivers\ksthunk.sys
0x034BA000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x034DE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x045F4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x034FA000 \SystemRoot\System32\Drivers\usbvideo.sys
0x045F6000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x04400000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x03524000 \SystemRoot\System32\Drivers\Null.SYS
0x03538000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x03540000 \SystemRoot\System32\drivers\vga.sys
0x0354E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03573000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0357C000 \SystemRoot\system32\drivers\rdpencdd.sys
0x03585000 \SystemRoot\System32\Drivers\Msfs.SYS
0x03590000 \SystemRoot\System32\Drivers\Npfs.SYS
0x035A1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x035AA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x035C7000 \SystemRoot\system32\DRIVERS\smb.sys
0x04602000 \SystemRoot\system32\drivers\afd.sys
0x0466D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x046B1000 \SystemRoot\system32\DRIVERS\pacer.sys
0x046CF000 \SystemRoot\system32\DRIVERS\tmlwf.sys
0x04704000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04713000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0472E000 \SystemRoot\system32\DRIVERS\tmtdi.sys
0x0474B000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04798000 \SystemRoot\system32\drivers\nsiproxy.sys
0x047A4000 \SystemRoot\System32\Drivers\dfsc.sys
0x047C1000 \SystemRoot\System32\Drivers\crashdmp.sys
0x00EB8000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x00030000 \SystemRoot\System32\win32k.sys
0x047CF000 \SystemRoot\System32\drivers\Dxapi.sys
0x047DB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x00660000 \SystemRoot\System32\cdd.dll
0x00DDD000 \SystemRoot\system32\drivers\luafv.sys
0x047EE000 \SystemRoot\system32\DRIVERS\tmpreflt.sys
0x15A09000 \SystemRoot\system32\DRIVERS\vsapint.sys
0x15C0A000 \SystemRoot\system32\DRIVERS\tmxpflt.sys
0x15C69000 \SystemRoot\system32\drivers\spsys.sys
0x15D03000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x15D17000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x15D4B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x15D56000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x1660F000 \SystemRoot\system32\drivers\HTTP.sys
0x166B2000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x166DB000 \SystemRoot\system32\DRIVERS\bowser.sys
0x166F9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x16713000 \SystemRoot\system32\drivers\mrxdav.sys
0x1673A000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x16763000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x167AC000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x167CB000 \SystemRoot\System32\DRIVERS\srv2.sys
0x16A08000 \SystemRoot\System32\DRIVERS\srv.sys
0x16A9C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x16AA1000 \SystemRoot\system32\drivers\peauth.sys
0x16B57000 \??\C:\Windows\system32\drivers\regi.sys
0x16B5F000 \SystemRoot\System32\Drivers\secdrv.SYS
0x16B6A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x17005000 \SystemRoot\system32\DRIVERS\tmwfp.sys
0x171C4000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x171E4000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x16B7A000 \SystemRoot\system32\DRIVERS\xaudio64.sys
0x16B82000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77B00000 \Windows\System32\ntdll.dll

Processes (total 107):
0 System Idle Process
4 System
576 C:\Windows\System32\smss.exe
644 csrss.exe
688 C:\Windows\System32\wininit.exe
700 csrss.exe
736 C:\Windows\System32\services.exe
748 C:\Windows\System32\lsass.exe
760 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\winlogon.exe
948 C:\Windows\System32\svchost.exe
220 C:\Windows\System32\svchost.exe
728 C:\Windows\System32\svchost.exe
936 C:\Windows\System32\svchost.exe
832 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\audiodg.exe
1092 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\SLsvc.exe
1148 C:\Windows\System32\svchost.exe
1268 C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
1372 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\svchost.exe
1620 C:\Windows\System32\spoolsv.exe
1644 C:\Windows\System32\svchost.exe
1824 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1868 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1880 C:\Windows\System32\svchost.exe
1896 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1936 C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
652 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1100 C:\PROGRA~2\MYWEBS~1\bar\1.bin\MWSSVC.EXE
1388 C:\Windows\System32\svchost.exe
1028 C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
2060 C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
2096 C:\Windows\System32\svchost.exe
2300 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
2320 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
2344 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
2376 dllhost.exe
2392 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
2432 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
2460 C:\Windows\System32\svchost.exe
2512 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2544 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
2636 VESGfxMgr.exe
2712 dllhost.exe
2756 C:\Windows\System32\SearchIndexer.exe
2832 WUDFHost.exe
2860 C:\Windows\System32\drivers\XAudio64.exe
2880 C:\Windows\System32\taskeng.exe
2796 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2672 C:\Windows\System32\taskeng.exe
2688 C:\Windows\System32\dwm.exe
3088 C:\Windows\System32\taskeng.exe
3140 C:\Windows\explorer.exe
3180 C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
3264 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
3608 C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
3724 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
3836 C:\Windows\System32\mobsync.exe
4016 C:\Program Files\Apoint\Apoint.exe
3152 C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
3208 C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
1232 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
3376 C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
2068 C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
724 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3740 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3564 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1352 C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
2664 C:\Program Files\Sony\VAIO Care\VCsystray.exe
3080 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
404 C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
3764 C:\Program Files\iPod\bin\iPodService.exe
4224 C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
4244 C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
4312 C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
4336 C:\Program Files\Apoint\ApMsgFwd.exe
4388 C:\Program Files\Apoint\Apvfb.exe
4404 C:\Program Files\Apoint\ApntEx.exe
4536 C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
620 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe
4300 C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
3788 C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
4272 C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
5384 C:\Windows\System32\wuauclt.exe
5968 C:\Program Files\Trend Micro\BM\TMBMSRV.exe
4116 C:\Windows\System32\svchost.exe
5812 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1332 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4796 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1732 C:\Program Files (x86)\Internet Explorer\iexplore.exe
6056 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5708 C:\Program Files (x86)\Internet Explorer\iexplore.exe
320 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4364 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3616 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3652 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5548 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4040 C:\Program Files (x86)\Internet Explorer\iexplore.exe
4924 C:\Program Files (x86)\Internet Explorer\iexplore.exe
2632 C:\Windows\System32\SearchProtocolHost.exe
5000 C:\Windows\System32\SearchFilterHost.exe
5632 C:\Windows\System32\SearchProtocolHost.exe
4604 dllhost.exe
5532 dllhost.exe
4908 C:\Users\WBFE\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`984f1600 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9SA00, Rev: FB4OC43C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 PM

Posted 23 November 2010 - 03:02 PM

Did you upgrade from XP to Vista?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 melibu1974

melibu1974
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 24 November 2010 - 11:56 AM

No, this laptop came as a Vista. I have the discs to upgrade to Win 7, but never did.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 PM

Posted 24 November 2010 - 12:03 PM

To be sure, please run this:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 melibu1974

melibu1974
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 26 November 2010 - 03:47 PM

Nothing was found in the scan.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 PM

Posted 27 November 2010 - 04:13 AM

Hi again,


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 PM

Posted 02 December 2010 - 07:02 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,316 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:01 PM

Posted 06 December 2010 - 07:47 AM

Due to lack of feedback this topic will now be closed.

If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users