Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Fake Symantec Endpoint Protection


  • This topic is locked This topic is locked
30 replies to this topic

#1 tarcher

tarcher

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 07 June 2013 - 10:51 AM

Hi,

I am a new member to Bleeping Computers so forgive me if I am not posting in the forum correctly.

For the last few weeks I've had a problem with some applications running slowly on my laptop.

Outlook stops responding also.

I regularly run MalwareBytes and supper anti spy ware (free versions) and have Symantec Endpoint protection running.

I noticed today that the Symantec dashboard looked different, there is a graphic at the top of the screen like a meter running left to right and indicating that a scan is running, I have also noticed there are 2 shields in my notifications area instead the usual 1 shield. I have just managed to start the normal scanner in symantec and its now showing a tracking cookie, filename is Cookie:"myusername"@smartadserver.com/ it shows the computer as a server within our organisation rather than my local hardrive.

I have run Super anti spyware many times and even though I remove the items from quarantine and then scan again it finds more Adware tracking cookies.

I get the feeling that I am just removing the result of a virus without getting the cause, is there someway I can find if there is an infection?

I have to confess I have also run several other tools eg, Combo fix, Minitoolbow, Tdsskiller, OTL, Adware cleaner etc, most of which I have seen in various other forum discussions where the symptoms looked similar to mine.

 

Looking forward to some expert advice.

Regards

 



BC AdBot (Login to Remove)

 


#2 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:07:09 PM

Posted 11 June 2013 - 09:36 AM

Hello tarcher,

:welcome: to Bleeping Computer!

My name is whoabuddy and I will be assisting you today. Before we get started, please keep the following in mind while I am helping you to make things go easier and faster for both of us.


Please do not run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

Please do not attach logs or use code boxes, just copy and paste the text.

Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

Please read every post completely before doing anything.

Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process. Also watch for items italicized or in green, these entries are notes to help explain the process or common occurrences.

Please provide feedback about your experience as we go.

A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of headaches as we go along. For more information about backing up your system, please review the links in the first item of the Malware Removal Preparation Guide.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

===================================================

I have just managed to start the normal scanner in symantec and its now showing a tracking cookie, filename is Cookie:"myusername"@smartadserver.com/ it shows the computer as a server within our organisation rather than my local hardrive.

Note: Before we get started, it sounds like this machine is on a corporate/work network based on your description. The tools we run are very powerful, and depending on how your network administrator has setup your environment, the fixes may not apply as expected or may cause more issues in the long run. Please be sure you are authorized to administer this machine, otherwise contact your IT department or network consultant to have the issue resolved.

Also, were there any recent upgrades to Symantec Endpoint Protection? That may explain the duplication, please respond and acknowledge that you have read my introduction so we can get started!

Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#3 tarcher

tarcher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 13 June 2013 - 03:26 PM

Hi Whoabuddy,

 

The Lap top is a stand alone machine, I use Citrix to sign onto the corporate network.

The issue occurs when I am not on Citrix.

Re Symantec, no there aren't any upgrades I have the latest installed and after running supper anti spyware the issue with Symantec is resolved.

likewise Microsoft security essentials reports that Real time protection isn't on and when clicking fix nothing happens, the microsoft security essentials screen doesn't look the same either, after running supper anti spyware this screen changes and runs correctly.

I have also noticed that when trying to launch programmes they delay opening,Google Chrome sometimes doesn't open at all until I run super anti spyware.

Regards

Tony



#4 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:07:09 PM

Posted 13 June 2013 - 05:44 PM

Hi Tony,

Thank you for acknowledging my post.

Re Symantec, ... likewise Microsoft security essentials

Running two antivirus programs at the same time can cause performance issues, but please leave the system as is for now, we will address this after we run a few scans. Please follow the instructions below so we can get some additional information about the issue:

We need to run a scan with Farbar's Recovery Scan Tool (FRST):

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
We need to run a scan with aswMBR:

Please download aswMBR ( 4.5MB ) to your desktop.
  • Double click the aswMBR.exe icon, and click Run.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Click the Scan button to start the scan.
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.
In your next post I need the following:
  • FRST.txt and Addition.txt from FRST scan
  • aswMBR.txt from aswMBR scan
  • status update - are there any other details you would like to include at this time?
Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#5 tarcher

tarcher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 14 June 2013 - 07:53 AM

Hi Whoabuddy,

 

Please see below Texts from the scans, please note I ran the Farbar scan and then when I ran the aswMBR scan my machine shut down part way through the scan, I wasn't at my machine at the time so, I'm not sure if it was a consquence of the scan or something else. I had a message when I logged back on that windows shut down unexpectedly. 

Symantec ran an automatic scan this morning and reported a trojan.Gen2, I have tried to paste a picture of the scan result here but as its a picture it wont paste.

 

 Far bar - FRST.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-06-2013
Ran by sony (administrator) on 14-06-2013 10:07:14
Running from C:\Users\sony\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(UPEK Inc.) C:\Program Files\Protector Suite\upeksvr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
( ) C:\Windows\system32\LMabcoms.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
( ) C:\Windows\system32\lxeacoms.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe
(QUALCOMM, Inc.) c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(UPEK Inc.) C:\Program Files\Protector Suite\psqltray.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
(Primax Electronics Ltd.) C:\Windows\System32\ico.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Primax Electronics Ltd.) C:\Windows\System32\Pelmiced.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
( ) C:\Program Files\Lexmark\ErrorApp\lmab1err.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Dropbox, Inc.) C:\Users\sony\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sony Corporation) C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe
(Symantec Corporation) C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
() C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe
() C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
() C:\Program Files (x86)\Attractel\Zoiper\Zoiper.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Google Inc.) C:\Users\sony\AppData\Local\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Google Inc.) C:\Users\sony\AppData\Local\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Google Inc.) C:\Users\sony\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sony\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sony\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\sony\AppData\Local\Google\Chrome\Application\chrome.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Users\sony\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [16395880 2009-11-02] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [9636896 2009-12-07] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1861416 2009-11-02] (Synaptics Incorporated)
HKLM\...\Run: [PSQLLauncher] "C:\Program Files\Protector Suite\launcher.exe" /startup [84744 2009-07-20] (UPEK Inc.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2010-02-25] (Sun Microsystems, Inc.)
HKLM\...\Run: [lxeamon.exe] "C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe" [766632 2009-10-01] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe" [139944 2009-10-01] ()
HKLM\...\Run: [Mouse Suite 98 Daemon] ICO.EXE [94720 2008-04-03] (Primax Electronics Ltd.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
Winlogon\Notify\igfxcui: 
Winlogon\Notify\psfus: 
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19604072 2013-06-03] (Skype Technologies S.A.)
HKCU\...\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.exe [582312 2010-08-03] ( )
HKCU\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-02-25] (Google Inc.)
HKCU\...\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe" [2699344 2011-11-26] (Plex, Inc.)
HKCU\...\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5179880 2012-12-20] (Nero AG)
HKCU\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-15] (SUPERAntiSpyware.com)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" [320880 2009-08-26] (Sony Corporation)
HKLM-x32\...\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe [26624 2010-02-25] (Sony Corporation)
HKLM-x32\...\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe" [115560 2009-07-08] (Symantec Corporation)
HKLM-x32\...\Run: []  [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun [618496 2010-06-07] ()
HKLM-x32\...\Run: [CLX3180_Scan2Pc] C:\Windows\Twain_32\Samsung\CLX3180\Scan2pc.exe [1990144 2011-04-29] ()
HKLM-x32\...\Run: [3180 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3180\Scan2Pc.exe" [1990144 2011-04-29] ()
HKLM-x32\...\Run: [3170 Scan2PC] "C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe" [503808 2009-06-11] ()
HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [358336 2011-08-11] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN [5179880 2012-12-20] (Nero AG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.)
HKU\Administrator\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-02-25] (Google Inc.)
Lsa: [Notification Packages] scecli C:\Program Files\Protector Suite\psqlpwd.dll
Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\sony\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\sony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Zoiper.lnk
ShortcutTarget: Zoiper.lnk -> C:\Program Files (x86)\Attractel\Zoiper\Zoiper.exe ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: continuetosayvie - {9EA51ECA-55CF-7091-F749-03EC48C00BBE} - C:\ProgramData\continuetosayvie\51819af965132.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -  No File
Toolbar: HKCU - No Name - {22E03916-85C5-44B0-8DC9-1830C11238D9} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager.egg.com/Pinsafe/accounttracking.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR RestoreOnStartup: "hxxp://www.google.co.uk/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\sony\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\sony\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\sony\AppData\Local\Google\Chrome\Application\27.0.1453.110\gcswf32.dll No File
CHR Plugin: (Skype Toolbars) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U32) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.320.5) - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Skype Click to Call) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0
CHR Extension: (Gmail) - C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ccEvtMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [108392 2009-07-08] (Symantec Corporation)
S3 LiveUpdate; C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE [3093880 2009-07-13] (Symantec Corporation)
R2 lmab_device; C:\Windows\system32\LMabcoms.exe [1048576 2010-08-03] ( )
R2 lxea_device; C:\Windows\system32\lxeacoms.exe [1052328 2010-01-07] ( )
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R2 NeroMediaHomeService.4; C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe [518632 2012-12-20] (Nero AG)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Reader\1.0\NitroPDFReaderDriverServicex64.exe [341296 2011-01-14] (Nitro PDF Software)
R2 QDLService2kSony; c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [330488 2009-12-03] (QUALCOMM, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1124184 2013-02-13] (Trusteer Ltd.)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe [3197256 2009-09-17] (Symantec Corporation)
S4 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE [411976 2009-09-17] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2477304 2009-09-17] (Symantec Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-25] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-25] (Samsung Electronics Co., Ltd.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130611.018\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
R3 NAVENG; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130611.018\ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130611.018\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20130611.018\EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [35840 2008-01-19] (Primax Electronics Ltd.)
S3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [27648 2008-06-03] (Primax Electronics Ltd.)
R3 qcfilterSny2k; C:\Windows\System32\DRIVERS\qcfilterSny2k.sys [6400 2009-12-03] (QUALCOMM Incorporated)
R3 qcusbnetsny2k; C:\Windows\System32\DRIVERS\qcusbnetsny2k.sys [240640 2009-12-03] (QUALCOMM Incorporated)
R3 qcusbsersny2k; C:\Windows\System32\DRIVERS\qcusbserSny2k.sys [121216 2009-12-03] (QUALCOMM Incorporated)
R1 RapportCerberus_50414; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys [585944 2013-02-21] ()
R1 RapportCerberus_50414; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_50414.sys [585944 2013-02-21] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [228760 2013-02-13] (Trusteer Ltd.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [228760 2013-02-13] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [236248 2013-02-13] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [357272 2013-02-13] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [357272 2013-02-13] (Trusteer Ltd.)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R0 shpf; C:\Windows\System32\DRIVERS\shpf.sys [25120 2009-05-28] (Sony Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
R1 SRTSP; C:\Windows\SysWow64\Drivers\SRTSP64.SYS [443952 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
S3 SRTSPL; C:\Windows\SysWow64\Drivers\SRTSPL64.SYS [481840 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\SysWow64\Drivers\SRTSPX64.SYS [32304 2009-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [172592 2010-05-05] (Symantec Corporation)
R3 Teefer2; C:\Windows\System32\DRIVERS\teefer2.sys [62512 2009-05-27] (Symantec Corporation)
R1 WPS; C:\Windows\system32\drivers\wpsdrvnt.sys [52784 2009-09-17] (Symantec Corporation)
R3 WpsHelper; C:\Windows\system32\drivers\WpsHelper.sys [233120 2012-10-05] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 DFUBTUSB; System32\Drivers\frmupgr.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-06-14 09:58 - 2013-06-14 09:59 - 01920398 ____A (Farbar) C:\Users\sony\Downloads\FRST64 (1).exe
2013-06-14 09:45 - 2013-06-14 09:45 - 01920398 ____A (Farbar) C:\Users\sony\Downloads\FRST64.exe
2013-06-14 09:45 - 2013-06-14 09:45 - 00000000 ____D C:\FRST
2013-06-12 13:04 - 2013-06-12 13:04 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 09:25 - 2013-06-12 09:25 - 00001620 ____A C:\Users\sony\Downloads\launch (9).ica
2013-06-12 07:54 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 07:54 - 2013-05-17 02:25 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-12 07:54 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 07:54 - 2013-05-17 02:25 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-12 07:54 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 07:54 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 07:54 - 2013-05-17 02:25 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-12 07:54 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 07:54 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 07:54 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 07:54 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 07:54 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 07:54 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 07:54 - 2013-05-17 01:58 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-12 07:54 - 2013-05-17 01:58 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-12 07:54 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 07:54 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 07:54 - 2013-05-17 01:58 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-12 07:54 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 07:54 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 07:54 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 07:54 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 07:54 - 2013-05-14 14:14 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-12 07:54 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 07:54 - 2013-05-14 10:23 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 07:54 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-12 07:53 - 2013-05-17 02:25 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-12 07:53 - 2013-05-17 02:25 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-12 07:53 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 07:53 - 2013-05-17 01:58 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-12 07:53 - 2013-05-17 01:58 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-12 07:37 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 07:37 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 07:37 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 07:37 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 07:37 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 07:37 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 07:37 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 07:37 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 07:37 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 07:37 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 07:37 - 2013-05-10 06:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 07:37 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 07:37 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 07:37 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 07:37 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 07:37 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 07:37 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 07:37 - 2013-04-17 07:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 07:37 - 2013-03-31 23:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 09:55 - 2013-06-11 09:55 - 00089134 ____A C:\Users\sony\Downloads\OBCOCB987220.pdf.zip
2013-06-11 01:10 - 2013-06-11 01:25 - 00000000 ____D C:\Users\sony\Documents\Homebase
2013-06-06 07:41 - 2013-06-06 07:41 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-06 07:37 - 2013-06-06 07:41 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-06 07:37 - 2013-06-06 07:41 - 00000000 ____D C:\Program Files\iTunes
2013-06-06 07:37 - 2013-06-06 07:41 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-06 07:37 - 2013-06-06 07:37 - 00000000 ____D C:\Program Files\iPod
2013-06-03 14:02 - 2013-06-13 14:02 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6705b339-948c-4db1-b833-509b3b9b97cf.job
2013-06-03 14:02 - 2013-06-13 02:00 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task eb07eca6-1357-41f5-9295-bbe903d94c40.job
2013-06-03 14:01 - 2013-06-03 14:01 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-03 13:59 - 2013-06-03 14:00 - 25943520 ____A (SUPERAntiSpyware.com) C:\Users\sony\Downloads\SUPERAntiSpyware (3).exe
2013-06-03 13:40 - 2013-06-03 13:41 - 00001454 ____A C:\AdwCleaner[R6].txt
2013-06-03 13:35 - 2013-06-14 09:16 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-06-03 13:26 - 2013-06-03 13:28 - 00001396 ____A C:\AdwCleaner[S5].txt
2013-06-03 13:25 - 2013-06-03 13:26 - 00001333 ____A C:\AdwCleaner[R5].txt
2013-06-03 13:19 - 2013-06-03 13:19 - 25943520 ____A (SUPERAntiSpyware.com) C:\Users\sony\Downloads\SUPERAntiSpyware (2).exe
2013-06-03 13:14 - 2013-06-03 14:01 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-03 13:14 - 2013-06-03 13:14 - 00000000 ____D C:\Users\sony\AppData\Roaming\SUPERAntiSpyware.com
2013-06-03 13:14 - 2013-06-03 13:14 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-06-03 12:57 - 2013-06-03 12:57 - 25943520 ____A (SUPERAntiSpyware.com) C:\Users\sony\Downloads\SAS_4455853.EXE
2013-06-03 12:08 - 2013-06-03 12:08 - 25943520 ____A (SUPERAntiSpyware.com) C:\Users\sony\Downloads\SAS_6211.EXE
2013-06-03 11:05 - 2013-06-03 11:05 - 00001621 ____A C:\Users\sony\Downloads\launch (7).ica
2013-05-30 13:54 - 2013-05-30 13:54 - 00001035 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-05-30 13:53 - 2013-05-30 13:56 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-05-30 13:53 - 1998-07-06 01:00 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2013-05-30 13:53 - 1998-06-24 01:00 - 00137000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2013-05-29 22:18 - 2013-05-29 22:18 - 00140389 ____A C:\Users\sony\Downloads\Attachments_2013529.zip
2013-05-28 15:05 - 2013-05-28 15:05 - 00941258 ____A C:\Users\sony\AppData\Local\census.cache
2013-05-28 14:55 - 2013-05-28 14:55 - 00145782 ____A C:\Users\sony\AppData\Local\ars.cache
2013-05-28 13:56 - 2013-05-28 17:07 - 00000000 ____D C:\Users\sony\Doctor Web
2013-05-28 13:44 - 2013-05-28 13:44 - 00000036 ____A C:\Users\sony\AppData\Local\housecall.guid.cache
2013-05-28 13:41 - 2013-05-28 13:41 - 00001945 ____A C:\Windows\epplauncher.mif
2013-05-28 13:41 - 2013-05-28 13:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-05-28 13:40 - 2013-05-28 13:41 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-28 13:09 - 2013-05-28 13:09 - 00042667 ____A C:\ComboFix.txt
2013-05-28 12:43 - 2013-05-28 13:09 - 00000000 ____D C:\ComboFix
2013-05-28 10:36 - 2013-05-28 10:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-05-28 10:23 - 2013-05-28 10:26 - 00000474 ____A C:\rkill.log
2013-05-28 09:45 - 2013-05-28 09:46 - 00001276 ____A C:\AdwCleaner[S4].txt
2013-05-28 09:42 - 2013-05-28 09:44 - 00001213 ____A C:\AdwCleaner[R4].txt
2013-05-28 09:17 - 2013-05-28 09:19 - 66325160 ____A (Microsoft Corporation) C:\Users\sony\Downloads\Plex-Media-Server-0.9.722.511-4b5280f-en-US (1).exe
2013-05-28 09:15 - 2013-05-28 09:17 - 66325160 ____A (Microsoft Corporation) C:\Users\sony\Downloads\Plex-Media-Server-0.9.722.511-4b5280f-en-US.exe
2013-05-27 22:39 - 2013-05-27 22:39 - 05073915 ____A (Swearware) C:\Users\sony\Downloads\ComboFix (1).exe
2013-05-27 13:00 - 2013-05-27 13:00 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Nero
2013-05-27 12:45 - 2013-05-27 12:47 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero
2013-05-27 12:45 - 2013-05-27 12:45 - 00000020 ___SH C:\Users\NeroMediaHomeUser.4\ntuser.ini
2013-05-27 12:45 - 2013-05-27 12:45 - 00000000 ____D C:\Users\sony\AppData\Roaming\Nero
2013-05-27 12:44 - 2013-05-27 12:45 - 00000000 ____D C:\users\NeroMediaHomeUser.4
2013-05-27 12:44 - 2013-05-27 12:44 - 00000000 ____D C:\Users\sony\AppData\Local\Nero
2013-05-27 12:44 - 2012-11-01 08:32 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Local\Trusteer
2013-05-27 12:44 - 2011-07-11 08:36 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Local\Symantec
2013-05-27 12:44 - 2011-04-11 16:38 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Macromedia
2013-05-27 12:44 - 2010-02-27 10:24 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Local\Microsoft Help
2013-05-27 12:39 - 2013-05-27 12:39 - 00002391 ____A C:\Users\Public\Desktop\Nero MediaHome 4.lnk
2013-05-27 12:38 - 2013-05-27 12:41 - 00000000 ____D C:\Program Files (x86)\Nero
2013-05-27 12:37 - 2013-05-27 12:45 - 00000000 ____D C:\ProgramData\Nero
2013-05-27 12:33 - 2013-05-27 12:37 - 00000000 ____D C:\Users\sony\AppData\Local\Plex Media Server
2013-05-27 12:32 - 2013-05-27 12:32 - 00000000 ____D C:\Program Files (x86)\Plex
2013-05-27 12:22 - 2013-05-27 12:23 - 52385872 ____A (Microsoft Corporation) C:\Users\sony\Downloads\Plex-Media-Server-v0.9.502-en-US.exe
2013-05-27 12:22 - 2013-05-27 12:22 - 00000000 ____D C:\Users\sony\Downloads\NMH-4.5.20.74_LGE
2013-05-27 12:21 - 2013-05-27 12:22 - 85172540 ____A C:\Users\sony\Downloads\NMH-4.5.20.74_LGE (1).zip
2013-05-27 12:20 - 2013-05-27 12:21 - 85172540 ____A C:\Users\sony\Downloads\NMH-4.5.20.74_LGE.zip
2013-05-26 09:48 - 2013-05-26 09:48 - 00001085 ____A C:\AdwCleaner[S3].txt
2013-05-26 09:47 - 2013-05-26 09:47 - 00001024 ____A C:\AdwCleaner[R3].txt
2013-05-26 09:46 - 2013-05-26 09:46 - 00000319 ____A C:\AdwCleaner[S2].txt
2013-05-26 09:45 - 2013-05-26 09:45 - 00000906 ____A C:\AdwCleaner[R2].txt
2013-05-26 09:29 - 2013-05-26 09:29 - 00001622 ____A C:\Users\sony\Downloads\launch (6).ica
2013-05-23 06:52 - 2013-05-23 06:52 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-23 06:52 - 2013-05-23 06:52 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-21 15:13 - 2013-05-30 13:30 - 00940470 ____A C:\Windows\SysWOW64\~.tmp
2013-05-21 11:59 - 2013-05-21 12:00 - 04811793 ____A (FileZilla Project) C:\Users\sony\Downloads\FileZilla_3.7.0.1_win32-setup.exe
2013-05-20 22:28 - 2013-05-20 22:28 - 90909008 ____A (Apple Inc.) C:\Users\sony\Downloads\iTunes64Setup (2).exe
2013-05-20 22:05 - 2013-05-20 22:05 - 00006007 ____A C:\Users\sony\Desktop\JRT.txt
2013-05-20 21:56 - 2013-05-20 21:56 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\sony\Downloads\JRT.exe
2013-05-20 21:56 - 2013-05-20 21:56 - 00000000 ____D C:\Windows\ERUNT
2013-05-20 21:56 - 2013-05-20 21:56 - 00000000 ____D C:\JRT
2013-05-20 21:46 - 2013-05-20 21:46 - 00013752 ____A C:\AdwCleaner[S1].txt
2013-05-20 21:43 - 2013-05-20 21:43 - 00013330 ____A C:\AdwCleaner[R1].txt
2013-05-20 21:41 - 2013-05-20 21:41 - 00632031 ____A C:\Users\sony\Downloads\adwcleaner.exe
2013-05-20 21:38 - 2013-05-20 21:38 - 00113390 ____A C:\Users\sony\Downloads\Extras.Txt
2013-05-20 21:36 - 2013-05-20 22:25 - 00146944 ____A C:\Users\sony\Downloads\OTL.Txt
2013-05-20 21:21 - 2013-05-20 21:21 - 00602112 ____A (OldTimer Tools) C:\Users\sony\Downloads\OTL.exe
2013-05-20 18:46 - 2011-06-26 07:45 - 00256000 ____A C:\Windows\PEV.exe
2013-05-20 18:46 - 2010-11-07 18:20 - 00208896 ____A C:\Windows\MBR.exe
2013-05-20 18:46 - 2009-04-20 05:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-05-20 18:46 - 2000-08-31 01:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-05-20 18:46 - 2000-08-31 01:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-05-20 18:46 - 2000-08-31 01:00 - 00098816 ____A C:\Windows\sed.exe
2013-05-20 18:46 - 2000-08-31 01:00 - 00080412 ____A C:\Windows\grep.exe
2013-05-20 18:46 - 2000-08-31 01:00 - 00068096 ____A C:\Windows\zip.exe
2013-05-20 18:45 - 2013-05-28 13:09 - 00000000 ____D C:\Qoobox
2013-05-20 18:44 - 2013-05-24 20:31 - 05070409 ____R (Swearware) C:\Users\sony\Downloads\ComboFix.exe
2013-05-20 18:44 - 2013-05-20 19:11 - 00000000 ____D C:\Windows\erdnt
2013-05-20 18:43 - 2013-05-20 18:43 - 00774592 ____A C:\Users\sony\Downloads\ZipOpenerSetup.exe
2013-05-15 04:30 - 2013-04-10 07:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 04:30 - 2013-04-10 07:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 04:30 - 2011-02-03 12:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 04:29 - 2013-03-19 06:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 04:29 - 2013-03-19 06:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 04:29 - 2013-02-27 07:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 04:29 - 2013-02-27 06:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 04:29 - 2013-02-27 06:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 04:29 - 2013-02-27 06:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 04:29 - 2013-02-27 06:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 04:29 - 2013-02-27 05:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 04:29 - 2013-02-27 05:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 04:29 - 2013-02-27 05:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 04:28 - 2013-04-10 04:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
2013-06-14 10:06 - 2011-02-26 17:08 - 00000000 ____D C:\Users\sony\AppData\Roaming\Skype
2013-06-14 10:04 - 2012-04-03 20:41 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-14 09:59 - 2013-06-14 09:58 - 01920398 ____A (Farbar) C:\Users\sony\Downloads\FRST64 (1).exe
2013-06-14 09:51 - 2011-12-03 15:16 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2139711780-3601160794-2734296524-1003UA.job
2013-06-14 09:49 - 2009-07-14 05:45 - 00014160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-14 09:49 - 2009-07-14 05:45 - 00014160 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-14 09:45 - 2013-06-14 09:45 - 01920398 ____A (Farbar) C:\Users\sony\Downloads\FRST64.exe
2013-06-14 09:45 - 2013-06-14 09:45 - 00000000 ____D C:\FRST
2013-06-14 09:40 - 2010-02-25 13:49 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-14 09:18 - 2011-09-16 22:38 - 00000000 ____D C:\Users\sony\AppData\Roaming\Dropbox
2013-06-14 09:17 - 2011-09-16 22:40 - 00000000 ___RD C:\Users\sony\Dropbox
2013-06-14 09:16 - 2013-06-03 13:35 - 00000000 ____D C:\ProgramData\boost_interprocess
2013-06-14 09:16 - 2010-05-05 15:32 - 00275579 ____A C:\ProgramData\lxeascan.log
2013-06-14 09:16 - 2010-02-25 13:49 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-14 09:14 - 2010-02-25 13:35 - 01403639 ____A C:\Windows\WindowsUpdate.log
2013-06-14 09:09 - 2009-07-14 06:13 - 00855752 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-14 09:02 - 2010-08-24 09:16 - 00155373 ____A C:\Windows\setupact.log
2013-06-14 09:02 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-13 15:58 - 2011-06-07 16:13 - 00000000 ____D C:\Users\sony\AppData\Roaming\Nitro PDF
2013-06-13 14:09 - 2010-09-17 11:14 - 00000000 ____D C:\Users\sony\Documents\Salary
2013-06-13 14:02 - 2013-06-03 14:02 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6705b339-948c-4db1-b833-509b3b9b97cf.job
2013-06-13 13:59 - 2013-05-14 10:35 - 00000000 ____D C:\Users\sony\Documents\Sailun FOB Pricing
2013-06-13 13:59 - 2010-09-03 10:50 - 00000000 ____D C:\Users\sony\Documents\Sailun Truck Tyres
2013-06-13 07:58 - 2011-03-14 00:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-13 07:58 - 2011-02-26 17:08 - 00000000 ____D C:\ProgramData\Skype
2013-06-13 02:51 - 2011-12-03 15:16 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2139711780-3601160794-2734296524-1003Core.job
2013-06-13 02:00 - 2013-06-03 14:02 - 00000508 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task eb07eca6-1357-41f5-9295-bbe903d94c40.job
2013-06-13 00:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 22:41 - 2010-09-07 09:50 - 00000000 ____D C:\Update
2013-06-12 13:04 - 2013-06-12 13:04 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-12 13:04 - 2012-04-03 20:41 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-12 13:04 - 2012-03-27 13:51 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-12 12:46 - 2011-10-31 14:21 - 00000000 ____D C:\Users\sony\Documents\Reporting
2013-06-12 09:25 - 2013-06-12 09:25 - 00001620 ____A C:\Users\sony\Downloads\launch (9).ica
2013-06-12 08:00 - 2010-02-25 13:41 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-06-12 07:55 - 2010-09-03 17:04 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 16:22 - 2010-10-25 08:58 - 00000000 ____D C:\Users\sony\Documents\Bank Account
2013-06-11 16:21 - 2010-09-03 15:16 - 00000000 ____D C:\Users\sony\Documents\Navision
2013-06-11 15:26 - 2011-11-10 12:07 - 00011499 ____A C:\Users\sony\AppData\Roaming\SmarThruOptions.xml
2013-06-11 13:03 - 2010-09-15 11:30 - 00000000 ____D C:\Users\sony\Documents\Personal
2013-06-11 12:38 - 2011-05-11 10:37 - 00000000 ____D C:\Users\sony\Documents\Tyre Labelling
2013-06-11 10:33 - 2010-11-08 12:12 - 00000000 ____D C:\Users\sony\Documents\Customers
2013-06-11 09:55 - 2013-06-11 09:55 - 00089134 ____A C:\Users\sony\Downloads\OBCOCB987220.pdf.zip
2013-06-11 01:25 - 2013-06-11 01:10 - 00000000 ____D C:\Users\sony\Documents\Homebase
2013-06-07 11:23 - 2010-09-02 15:20 - 00000000 ____D C:\Users\sony\Documents\Marketing
2013-06-07 11:22 - 2012-11-17 00:19 - 00000000 ____D C:\Users\sony\Documents\China Visits
2013-06-07 10:53 - 2010-04-08 14:11 - 00239503 ____A C:\test.xml
2013-06-07 09:35 - 2011-09-16 22:40 - 00000976 ____A C:\Users\sony\Desktop\Dropbox.lnk
2013-06-07 07:53 - 2011-12-03 15:16 - 00002364 ____A C:\Users\sony\Desktop\Google Chrome.lnk
2013-06-06 07:41 - 2013-06-06 07:41 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-06-06 07:41 - 2013-06-06 07:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-06 07:41 - 2013-06-06 07:37 - 00000000 ____D C:\Program Files\iTunes
2013-06-06 07:41 - 2013-06-06 07:37 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-06-06 07:37 - 2013-06-06 07:37 - 00000000 ____D C:\Program Files\iPod
2013-06-05 17:54 - 2011-04-11 11:11 - 00000000 ____D C:\Users\sony\Documents\SeaTex Invoices
2013-06-04 16:29 - 2011-09-21 14:20 - 00000000 ____D C:\Users\sony\Documents\Certificates
2013-06-03 15:28 - 2010-10-08 12:44 - 00000000 ____D C:\Users\sony\AppData\Local\Windows Live
2013-06-03 15:21 - 2012-09-21 07:50 - 00000000 ____D C:\Users\sony\AppData\Roaming\FileZilla
2013-06-03 14:01 - 2013-06-03 14:01 - 00001808 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-06-03 14:01 - 2013-06-03 13:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-06-03 14:00 - 2013-06-03 13:59 - 25943520 ____A (SUPERAntiSpyware.com) C:\Users\sony\Downloads\SUPERAntiSpyware (3).exe
2013-06-03 13:41 - 2013-06-03 13:40 - 00001454 ____A C:\AdwCleaner[R6].txt
2013-06-03 13:30 - 2010-08-24 09:15 - 00109670 ____A C:\Windows\PFRO.log
2013-06-03 13:28 - 2013-06-03 13:26 - 00001396 ____A C:\AdwCleaner[S5].txt
2013-06-03 13:26 - 2013-06-03 13:25 - 00001333 ____A C:\AdwCleaner[R5].txt
2013-06-03 13:19 - 2013-06-03 13:19 - 25943520 ____A (SUPERAntiSpyware.com) C:\Users\sony\Downloads\SUPERAntiSpyware (2).exe
2013-06-03 13:14 - 2013-06-03 13:14 - 00000000 ____D C:\Users\sony\AppData\Roaming\SUPERAntiSpyware.com
2013-06-03 13:14 - 2013-06-03 13:14 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-06-03 12:57 - 2013-06-03 12:57 - 25943520 ____A (SUPERAntiSpyware.com) C:\Users\sony\Downloads\SAS_4455853.EXE
2013-06-03 12:08 - 2013-06-03 12:08 - 25943520 ____A (SUPERAntiSpyware.com) C:\Users\sony\Downloads\SAS_6211.EXE
2013-06-03 11:05 - 2013-06-03 11:05 - 00001621 ____A C:\Users\sony\Downloads\launch (7).ica
2013-06-03 10:47 - 2011-02-18 10:00 - 00000000 ____D C:\Users\sony\Documents\International Trade
2013-06-02 22:16 - 2013-03-27 00:00 - 00004698 ____A C:\ProgramData\lmab.log
2013-06-02 19:48 - 2010-07-21 11:22 - 00000000 ____D C:\Users\sony\Documents\Company Set up
2013-05-30 13:56 - 2013-05-30 13:53 - 00000000 ____D C:\Program Files (x86)\PDFCreator
2013-05-30 13:54 - 2013-05-30 13:54 - 00001035 ____A C:\Users\Public\Desktop\PDFCreator.lnk
2013-05-30 13:30 - 2013-05-21 15:13 - 00940470 ____A C:\Windows\SysWOW64\~.tmp
2013-05-29 22:18 - 2013-05-29 22:18 - 00140389 ____A C:\Users\sony\Downloads\Attachments_2013529.zip
2013-05-28 17:07 - 2013-05-28 13:56 - 00000000 ____D C:\Users\sony\Doctor Web
2013-05-28 15:05 - 2013-05-28 15:05 - 00941258 ____A C:\Users\sony\AppData\Local\census.cache
2013-05-28 14:55 - 2013-05-28 14:55 - 00145782 ____A C:\Users\sony\AppData\Local\ars.cache
2013-05-28 13:56 - 2010-02-25 18:51 - 00000000 ____D C:\users\sony
2013-05-28 13:44 - 2013-05-28 13:44 - 00000036 ____A C:\Users\sony\AppData\Local\housecall.guid.cache
2013-05-28 13:41 - 2013-05-28 13:41 - 00001945 ____A C:\Windows\epplauncher.mif
2013-05-28 13:41 - 2013-05-28 13:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-05-28 13:41 - 2013-05-28 13:40 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-28 13:09 - 2013-05-28 13:09 - 00042667 ____A C:\ComboFix.txt
2013-05-28 13:09 - 2013-05-28 12:43 - 00000000 ____D C:\ComboFix
2013-05-28 13:09 - 2013-05-20 18:45 - 00000000 ____D C:\Qoobox
2013-05-28 13:03 - 2009-07-14 03:34 - 00000215 ____A C:\Windows\system.ini
2013-05-28 10:36 - 2013-05-28 10:36 - 00000000 ____D C:\TDSSKiller_Quarantine
2013-05-28 10:26 - 2013-05-28 10:23 - 00000474 ____A C:\rkill.log
2013-05-28 09:46 - 2013-05-28 09:45 - 00001276 ____A C:\AdwCleaner[S4].txt
2013-05-28 09:44 - 2013-05-28 09:42 - 00001213 ____A C:\AdwCleaner[R4].txt
2013-05-28 09:19 - 2013-05-28 09:17 - 66325160 ____A (Microsoft Corporation) C:\Users\sony\Downloads\Plex-Media-Server-0.9.722.511-4b5280f-en-US (1).exe
2013-05-28 09:17 - 2013-05-28 09:15 - 66325160 ____A (Microsoft Corporation) C:\Users\sony\Downloads\Plex-Media-Server-0.9.722.511-4b5280f-en-US.exe
2013-05-27 22:39 - 2013-05-27 22:39 - 05073915 ____A (Swearware) C:\Users\sony\Downloads\ComboFix (1).exe
2013-05-27 13:00 - 2013-05-27 13:00 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Nero
2013-05-27 12:47 - 2013-05-27 12:45 - 00000000 ____D C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero
2013-05-27 12:45 - 2013-05-27 12:45 - 00000020 ___SH C:\Users\NeroMediaHomeUser.4\ntuser.ini
2013-05-27 12:45 - 2013-05-27 12:45 - 00000000 ____D C:\Users\sony\AppData\Roaming\Nero
2013-05-27 12:45 - 2013-05-27 12:44 - 00000000 ____D C:\users\NeroMediaHomeUser.4
2013-05-27 12:45 - 2013-05-27 12:37 - 00000000 ____D C:\ProgramData\Nero
2013-05-27 12:44 - 2013-05-27 12:44 - 00000000 ____D C:\Users\sony\AppData\Local\Nero
2013-05-27 12:41 - 2013-05-27 12:38 - 00000000 ____D C:\Program Files (x86)\Nero
2013-05-27 12:39 - 2013-05-27 12:39 - 00002391 ____A C:\Users\Public\Desktop\Nero MediaHome 4.lnk
2013-05-27 12:37 - 2013-05-27 12:33 - 00000000 ____D C:\Users\sony\AppData\Local\Plex Media Server
2013-05-27 12:33 - 2011-08-14 13:01 - 00000000 ____D C:\Users\sony\AppData\Roaming\Apple Computer
2013-05-27 12:33 - 2011-08-14 13:01 - 00000000 ____D C:\Users\sony\AppData\Local\Apple Computer
2013-05-27 12:32 - 2013-05-27 12:32 - 00000000 ____D C:\Program Files (x86)\Plex
2013-05-27 12:23 - 2013-05-27 12:22 - 52385872 ____A (Microsoft Corporation) C:\Users\sony\Downloads\Plex-Media-Server-v0.9.502-en-US.exe
2013-05-27 12:22 - 2013-05-27 12:22 - 00000000 ____D C:\Users\sony\Downloads\NMH-4.5.20.74_LGE
2013-05-27 12:22 - 2013-05-27 12:21 - 85172540 ____A C:\Users\sony\Downloads\NMH-4.5.20.74_LGE (1).zip
2013-05-27 12:21 - 2013-05-27 12:20 - 85172540 ____A C:\Users\sony\Downloads\NMH-4.5.20.74_LGE.zip
2013-05-26 09:48 - 2013-05-26 09:48 - 00001085 ____A C:\AdwCleaner[S3].txt
2013-05-26 09:47 - 2013-05-26 09:47 - 00001024 ____A C:\AdwCleaner[R3].txt
2013-05-26 09:46 - 2013-05-26 09:46 - 00000319 ____A C:\AdwCleaner[S2].txt
2013-05-26 09:45 - 2013-05-26 09:45 - 00000906 ____A C:\AdwCleaner[R2].txt
2013-05-26 09:29 - 2013-05-26 09:29 - 00001622 ____A C:\Users\sony\Downloads\launch (6).ica
2013-05-24 20:31 - 2013-05-20 18:44 - 05070409 ____R (Swearware) C:\Users\sony\Downloads\ComboFix.exe
2013-05-24 10:30 - 2011-02-18 16:31 - 00000000 ____D C:\Users\sony\Documents\Communication with Sailun
2013-05-23 06:52 - 2013-05-23 06:52 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-23 06:52 - 2013-05-23 06:52 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-05-22 17:41 - 2010-05-27 14:14 - 00000000 ____D C:\Users\sony\Documents\Credit Ins
2013-05-21 12:00 - 2013-05-21 11:59 - 04811793 ____A (FileZilla Project) C:\Users\sony\Downloads\FileZilla_3.7.0.1_win32-setup.exe
2013-05-21 12:00 - 2012-11-16 01:27 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2013-05-20 23:20 - 2010-10-08 13:54 - 00000000 ____D C:\Users\sony\Documents\Shipping
2013-05-20 22:40 - 2010-02-25 13:47 - 00860882 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-05-20 22:28 - 2013-05-20 22:28 - 90909008 ____A (Apple Inc.) C:\Users\sony\Downloads\iTunes64Setup (2).exe
2013-05-20 22:25 - 2013-05-20 21:36 - 00146944 ____A C:\Users\sony\Downloads\OTL.Txt
2013-05-20 22:05 - 2013-05-20 22:05 - 00006007 ____A C:\Users\sony\Desktop\JRT.txt
2013-05-20 21:56 - 2013-05-20 21:56 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\sony\Downloads\JRT.exe
2013-05-20 21:56 - 2013-05-20 21:56 - 00000000 ____D C:\Windows\ERUNT
2013-05-20 21:56 - 2013-05-20 21:56 - 00000000 ____D C:\JRT
2013-05-20 21:46 - 2013-05-20 21:46 - 00013752 ____A C:\AdwCleaner[S1].txt
2013-05-20 21:43 - 2013-05-20 21:43 - 00013330 ____A C:\AdwCleaner[R1].txt
2013-05-20 21:41 - 2013-05-20 21:41 - 00632031 ____A C:\Users\sony\Downloads\adwcleaner.exe
2013-05-20 21:38 - 2013-05-20 21:38 - 00113390 ____A C:\Users\sony\Downloads\Extras.Txt
2013-05-20 21:21 - 2013-05-20 21:21 - 00602112 ____A (OldTimer Tools) C:\Users\sony\Downloads\OTL.exe
2013-05-20 21:13 - 2011-06-27 11:52 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\sony\Downloads\tdsskiller.exe
2013-05-20 19:15 - 2009-07-14 04:20 - 00000000 ___RD C:\users\Default
2013-05-20 19:11 - 2013-05-20 18:44 - 00000000 ____D C:\Windows\erdnt
2013-05-20 19:08 - 2011-10-12 22:22 - 00000000 ____D C:\FavoriteVideo
2013-05-20 18:43 - 2013-05-20 18:43 - 00774592 ____A C:\Users\sony\Downloads\ZipOpenerSetup.exe
2013-05-17 16:00 - 2011-12-22 11:51 - 00000000 ____D C:\Users\sony\Documents\Pro- Clarity Reports
2013-05-17 02:25 - 2013-06-12 07:54 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-17 02:25 - 2013-06-12 07:54 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-17 02:25 - 2013-06-12 07:54 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-17 02:25 - 2013-06-12 07:54 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-17 02:25 - 2013-06-12 07:54 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-17 02:25 - 2013-06-12 07:54 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-17 02:25 - 2013-06-12 07:54 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-17 02:25 - 2013-06-12 07:54 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-05-17 02:25 - 2013-06-12 07:54 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-05-17 02:25 - 2013-06-12 07:54 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-17 02:25 - 2013-06-12 07:54 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-05-17 02:25 - 2013-06-12 07:53 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-17 02:25 - 2013-06-12 07:53 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-17 01:59 - 2013-06-12 07:54 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-17 01:59 - 2013-06-12 07:53 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-17 01:58 - 2013-06-12 07:54 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-17 01:58 - 2013-06-12 07:54 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-17 01:58 - 2013-06-12 07:54 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-17 01:58 - 2013-06-12 07:54 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-17 01:58 - 2013-06-12 07:54 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-17 01:58 - 2013-06-12 07:54 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-17 01:58 - 2013-06-12 07:54 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-17 01:58 - 2013-06-12 07:54 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-17 01:58 - 2013-06-12 07:54 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-17 01:58 - 2013-06-12 07:54 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-17 01:58 - 2013-06-12 07:53 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 01:58 - 2013-06-12 07:53 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-16 15:22 - 2010-09-02 15:09 - 00000000 ____D C:\Users\sony\Documents\Expenses
2013-05-15 09:41 - 2009-07-14 05:45 - 00487104 ____A C:\Windows\System32\FNTCACHE.DAT
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-06-13 00:45
 
==================== End Of Log ============================

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-06-2013
Ran by sony at 2013-06-14 10:09:07 Run:
Running from C:\Users\sony\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
 Update for Microsoft Office 2007 (KB2508958)
ABBYY FineReader 6.0 Sprint (Version: 6.00.2146.41621)
Adobe AIR (Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Advertising Center (Version: 0.0.0.2)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
ArcSoft WebCam Companion 3 (Version: 3.0.21.193)
Basic PAYE Tools (Version: 3.1.2.15508)
Bing Bar (Version: 7.0.609.0)
Bonjour (Version: 3.0.0.10)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Chinese Simplified Fonts Support For Adobe Reader X (Version: 10.0.0)
Citrix Receiver (HDX Flash Redirection) (Version: 13.0.0.6685)
Citrix Receiver (Version: 13.0.0.6685)
Citrix Receiver Inside (Version: 3.0.0.56418)
Citrix Receiver(Aero) (Version: 13.0.0.6685)
Citrix Receiver(DV) (Version: 13.0.0.6685)
Citrix Receiver(USB) (Version: 13.0.0.6685)
ContinueToSave 1.74
continuetosayvie (Version: )
CutePDF Writer 2.6
D3DX10 (Version: 15.4.2368.0902)
Dropbox (Version: 2.0.22)
FileZilla Client 3.7.0.1 (Version: 3.7.0.1)
Foxit PhantomPDF (Version: 5.5.6.218)
Free Word Excel Password Wizard (Version: 1.0.0)
Google Chrome (Version: 27.0.1453.110)
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
HP Laser Mobile Mouse Driver (Version: 1.7)
iCloud (Version: 2.1.2.8)
Intel PROSet Wireless
Intel® Control Center (Version: 1.2.0.1006)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2040)
Intel® Management Engine Components (Version: 6.0.0.1179)
Intel® PROSet/Wireless WiFi Software (Version: 13.00.0000)
Intel® Rapid Storage Technology (Version: 9.5.0.1037)
Internet Everywhere (Version: Orange UK 1.0)
iTunes (Version: 11.0.4.4)
Japanese Fonts Support For Adobe Reader X (Version: 10.0.0)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 16 (64-bit) (Version: 6.0.160)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 16.4.3505.0912)
KNOWHOW™ APP CENTRE (Version: 22447)
Lexmark Printable Web (Version: 1.0.0.0)
Lexmark S300-S400 Series
Lexmark Software Uninstall
Lexmark Toolbar (Version: 4.13.37.0)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.92)
Maintenance Samsung CLX-3180 Series
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access 2007 (Version: 12.0.6612.1000)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SkyDrive (Version: 16.4.6013.0910)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
MobileMe Control Panel (Version: 3.1.8.0)
Moodagent (Version: 1.3)
Movie Maker (Version: 16.4.3505.0912)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSVCRT110 (Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Nero ControlCenter (Version: 9.0.0.1)
Nero Installer (Version: 4.4.9.0)
Nero MediaHome 4 (Version: 4.5.20.74)
Nero MediaHome 4 Essentials
Nero MediaHome 4 Help (Version: 4.5.5.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nitro PDF Reader (Version: 1.4.0.11)
Norton Online Backup (Version: 1.2.20.0)
NVIDIA Drivers (Version: 1.9)
O2 Connection Manager (Version: 3.4.114)
Online Plug-in (Version: 13.0.0.6685)
Pando Media Booster (Version: 2.6.0.8)
PDFCreator (Version: 1.0.2)
Pdfedit (Version: 4.5.0.0)
pdfforge Toolbar v4.1 (Version: 4.1)
PDF-to-Word 3.1 Demo
Photo Common (Version: 16.4.3505.0912)
Photo Gallery (Version: 16.4.3505.0912)
Plex Media Server (Version: 0.9.502)
Protector Suite 2009 (Version: 5.9.2.5746)
Qualcomm Gobi 2000 Package for Sony (Version: 1.1.71)
QuickTime (Version: 7.74.80.86)
Rapport (Version: 3.5.1205.15)
Rapport (Version: 3.5.1208.24)
Readiris Pro 10
Realtek High Definition Audio Driver (Version: 6.0.1.5992)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Easy Media Creator 10 LJ (Version: 10.3)
Roxio Easy Media Creator Home (Version: 10.3.183)
Safari (Version: 5.34.57.2)
Samsung CLX-3170 Series
SAMSUNG Dr.Printer  (Version: 1.00.0000)
Samsung Scan Assistant (Version: 1.04.20.00)
Setting Utility Series (Version: 5.1.0.11200)
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.5 (Version: 6.5.158)
SmarThru 4
SmarThru PC Fax
Space Runner (Version: 1.0.0)
Stronghold Kingdoms
SUPERAntiSpyware (Version: 5.6.1020)
Symantec Endpoint Protection (Version: 11.0.5002.333)
Synaptics Pointing Device Driver (Version: 14.0.10.0)
System Requirements Lab
TeamViewer 7 (Version: 7.0.14563)
UltraSnap Trial 1.8
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Care (Version: 6.4.2.11150)
VAIO Control Center (Version: 4.1.1.07160)
VAIO Data Restore Tool (Version: 1.2.0.09150)
VAIO Event Service (Version: 5.1.0.11300)
VAIO Gate (Version: 2.4.0.06210)
VAIO Gate Default (Version: 1.0.0.10290)
VAIO Hardware Diagnostics (Version: 3.9.1)
VAIO Marketing Tools
VAIO Power Management (Version: 5.0.0.11300)
VAIO Premium Partners (Version: 1.0)
VAIO screensaver (Version: 1.0.0.0)
VAIO Smart Network (Version: 3.3.1.08110)
VAIO Transfer Support (Version: 1.1.2.06030)
VAIO Update (Version: 6.1.1.10250)
VAIO Wallpaper Contents (Version: 2.0.0.06010)
VU5x64 (Version: 1.1.0)
VU5x86 (Version: 1.0.0)
VU5x86 (Version: 1.1.0)
WIDCOMM Bluetooth Software (Version: 6.2.1.500)
Windows Driver Package - Broadcom Bluetooth  (09/09/2009 6.2.0.9405) (Version: 09/09/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Communications Platform (Version: 16.4.3505.0912)
Windows Live Essentials (Version: 16.4.3505.0912)
Windows Live Family Safety (Version: 16.4.3505.0912)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (Version: 16.4.3505.0912)
Windows Live Mail (Version: 16.4.3505.0912)
Windows Live Messenger (Version: 16.4.3505.0912)
Windows Live MIME IFilter (Version: 16.4.3505.0912)
Windows Live Photo Common (Version: 16.4.3505.0912)
Windows Live PIMT Platform (Version: 16.4.3505.0912)
Windows Live SOXE (Version: 16.4.3505.0912)
Windows Live SOXE Definitions (Version: 16.4.3505.0912)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912)
Windows Live Writer (Version: 16.4.3505.0912)
Windows Live Writer Resources (Version: 16.4.3505.0912)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.01 (32-bit) (Version: 4.01.0)
WinZip 15.5 (Version: 15.5.9510)
Zoiper (Version: 2.37)
ZTE USB Driver (Version: 1.0.1.14)
 
==================== Restore Points  =========================
 
28-05-2013 08:24:40 Installed Plex Media Server
02-06-2013 18:56:52 Windows Update
05-06-2013 21:14:01 Windows Update
10-06-2013 09:21:16 Windows Update
12-06-2013 06:52:02 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/14/2013 09:37:20 AM) (Source: Application Hang) (User: )
Description: The program WBCBatteryCare.exe version 5.1.0.9020 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1490
 
Start Time: 01ce68d7694c0cb2
 
Termination Time: 197
 
Application Path: C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe
 
Report Id: 796b8528-d4cd-11e2-8a08-d5524751d04b
 
Error: (06/13/2013 09:20:00 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (06/13/2013 03:16:47 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error.  Available content updates may have failed to install.
 
Error: (06/13/2013 03:14:50 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108
 
Error: (06/13/2013 02:13:02 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
Error: (06/11/2013 02:49:27 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.00.0.0"1".Error in manifest or policy file "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.00.0.0"2" on line Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.00.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.00.0.0".
Definition is Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/11/2013 02:48:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.00.0.0"1".Error in manifest or policy file "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.00.0.0"2" on line Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.00.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.00.0.0".
Definition is Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/11/2013 02:42:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.00.0.0"1".Error in manifest or policy file "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.00.0.0"2" on line Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.00.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.00.0.0".
Definition is Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (06/11/2013 01:40:46 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 90080108
 
Error: (06/11/2013 00:44:59 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005
 
 
System errors:
=============
Error: (06/14/2013 09:03:53 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/14/2013 09:02:45 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
 
Error: (06/14/2013 09:02:34 AM) (Source: Service Control Manager) (User: )
Description: The DgiVecp service failed to start due to the following error: 
%%20
 
Error: (06/13/2013 08:50:13 PM) (Source: Service Control Manager) (User: )
Description: The VAIO Care Performance Service service hung on starting.
 
Error: (06/13/2013 08:44:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
PxHlpa64
 
Error: (06/13/2013 08:44:05 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (06/13/2013 08:43:18 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
 
Error: (06/13/2013 08:42:55 PM) (Source: Service Control Manager) (User: )
Description: The Nero MediaHome 4 Service service failed to start due to the following error: 
%%1053
 
Error: (06/13/2013 08:42:55 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Nero MediaHome 4 Service service to connect.
 
Error: (06/13/2013 08:41:33 PM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless Event Log service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (03/11/2013 02:27:03 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 14276 seconds with 4020 seconds of active time.  This session ended with a crash.
 
Error: (03/06/2013 11:25:42 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8179 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error: (02/11/2013 11:16:40 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 159 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error: (02/11/2013 11:13:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2352 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error: (02/07/2013 01:47:35 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 1873 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error: (01/16/2013 00:07:58 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 58161 seconds with 4980 seconds of active time.  This session ended with a crash.
 
Error: (10/19/2012 02:03:52 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 15817 seconds with 4320 seconds of active time.  This session ended with a crash.
 
Error: (10/09/2012 04:46:22 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23529 seconds with 4920 seconds of active time.  This session ended with a crash.
 
Error: (09/21/2012 00:01:52 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 15745 seconds with 5880 seconds of active time.  This session ended with a crash.
 
Error: (08/17/2012 03:01:51 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 21385 seconds with 2340 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-05-28 13:02:29.519
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-28 13:02:29.349
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-28 13:02:29.169
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-28 13:02:28.999
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-24 20:51:12.247
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-24 20:51:12.067
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-24 20:51:11.887
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-24 20:51:11.687
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-20 19:07:57.329
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-05-20 19:07:57.179
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 76%
Total physical RAM: 3766.88 MB
Available physical RAM: 885.55 MB
Total Pagefile: 7531.95 MB
Available Pagefile: 3486.18 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:290.28 GB) (Free:175.5 GB) NTFS (Disk=0 Partition=3)
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: AFE7AEF6)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=101 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

 

 

aswMBR

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-06-14 11:50:31
-----------------------------
11:50:31.765    OS Version: Windows x64 6.1.7601 Service Pack 1
11:50:31.766    Number of processors: 4 586 0x2502
11:50:31.767    ComputerName: SONY-VAIO  UserName: sony
11:50:32.731    Initialize success
11:50:51.592    AVAST engine defs: 13061300
11:51:24.322    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:51:24.325    Disk 0 Vendor: TOSHIBA_ FG52 Size: 305245MB BusType: 3
11:51:24.328    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000008a
11:51:24.330    Disk 1 Vendor: RICOH 02 Size: 305245MB BusType: 0
11:51:24.334    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000008b
11:51:24.337    Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
11:51:24.460    Disk 0 MBR read successfully
11:51:24.463    Disk 0 MBR scan
11:51:24.549    Disk 0 Windows 7 default MBR code
11:51:24.562    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS         7895 MB offset 2048
11:51:24.652    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          101 MB offset 16171008
11:51:24.728    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       297248 MB offset 16377856
11:51:24.936    Disk 0 scanning C:\Windows\system32\drivers
11:52:02.717    Service scanning
11:53:25.328    Modules scanning
11:53:25.335    Disk 0 trace - called modules:
11:53:25.391    ntoskrnl.exe CLASSPNP.SYS disk.sys shpf.sys ACPI.sys iaStor.sys hal.dll 
11:53:25.396    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c39060]
11:53:25.401    3 CLASSPNP.SYS[fffff88000e8043f] -> nt!IofCallDriver -> [0xfffffa8004ae6ca0]
11:53:25.406    5 shpf.sys[fffff8800183c944] -> nt!IofCallDriver -> [0xfffffa8004959e40]
11:53:25.411    7 ACPI.sys[fffff88000f907a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800495c050]
11:53:26.343    AVAST engine scan C:\Windows
11:53:42.301    AVAST engine scan C:\Windows\system32
12:06:20.402    AVAST engine scan C:\Windows\system32\drivers
12:07:36.730    AVAST engine scan C:\Users\sony
13:13:42.779    AVAST engine scan C:\ProgramData
13:21:17.898    Scan finished successfully
13:49:47.907    Disk 0 MBR has been saved successfully to "C:\Users\sony\Downloads\MBR.dat"
13:49:48.028    The log file has been saved successfully to "C:\Users\sony\Downloads\aswMBR.txt"
 
Regards
Tony


#6 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:07:09 PM

Posted 15 June 2013 - 11:59 AM

Hi Tony,

Thank you for those logs, please allow me some time to review them and I will post our next set of instructions.

Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#7 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:07:09 PM

Posted 17 June 2013 - 01:04 PM

Hi Tony,

Please see below Texts from the scans, please note I ran the Farbar scan and then when I ran the aswMBR scan my machine shut down part way through the scan, I wasn't at my machine at the time so, I'm not sure if it was a consquence of the scan or something else. I had a message when I logged back on that windows shut down unexpectedly.

This can happen when we are looking into an infection, but you were correct to run it again and post the log, thank you for the update.

Symantec ran an automatic scan this morning and reported a trojan.Gen2, I have tried to paste a picture of the scan result here but as its a picture it wont paste.

That's ok, we are going to look at your computer in-depth from multiple angles, and once complete we will have you run a full scan with your antivirus to make sure there are not any remnants remaining. For now I would leave Symantec because if we try to use it to remove something that's already deep in the system it may cause more problems. As stated in my first post it would be ideal to not use the computer until we are done.

We need to answer some questions:

(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
() C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

Do you recognize the Plex Media Server software?

2013-06-11 09:55 - 2013-06-11 09:55 - 00089134 ____A C:\Users\sony\Downloads\OBCOCB987220.pdf.zip

Do you recognize this file? It has very suspicious formatting and we can remove it if not.

2013-05-27 12:22 - 2013-05-27 12:22 - 00000000 ____D C:\Users\sony\Downloads\NMH-4.5.20.74_LGE
2013-05-27 12:20 - 2013-05-27 12:21 - 85172540 ____A C:\Users\sony\Downloads\NMH-4.5.20.74_LGE.zip

Do you recognize this file/folder?

Pando Media Booster (Version: 2.6.0.8)
pdfforge Toolbar v4.1 (Version: 4.1)

Do you recognize these applications?

We need to run a scan with adwCleaner:

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
We need to run a scan with the Junkware Removal Tool (JRT):

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
We need to clean up your antivirus applications:

Note: As stated earlier, running multiple antiviruses can cause performance issues on your PC, and I see you have the following programs installed:

McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Symantec Endpoint Protection (Version: 11.0.5002.333)


I recommend you remove the first three entries and update Symantec Endpoint Protection to the latest definitions.

In your next post I need the following:
  • answers to questions in beginning of post
  • adwCleaner log from deletion
  • JRT.txt from Junkware Removal Tool
  • result of antivirus program removal / update
  • status update - how is your computer running now?
Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#8 tarcher

tarcher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 17 June 2013 - 04:55 PM

Hi,

Here we go, answers to the questions first

 

Plex Media, this is software from LG, it integrates the PC with my LG TV

 

C:\Users\sony\Downloads\OBCOCB987220.pdf.zip - this is a file from HSBC, im sure its ok, but it can be deleted

 

2013-05-27 12:22 - 2013-05-27 12:22 - 00000000 ____D C:\Users\sony\Downloads\NMH-4.5.20.74_LGE
2013-05-27 12:20 - 2013-05-27 12:21 - 85172540 ____A C:\Users\sony\Downloads\NMH-4.5.20.74_LGE.zip

I dont recognise these 2 files, they can be deleted

 

Pando Media Booster (Version: 2.6.0.8)

pdfforge Toolbar v4.1 (Version: 4.1)

I recognise these but both can be deleted

 

I've uninstalled McAfee and Microsoft security essentials and updated Symantec.

 

I will run the adw cleaner and JRT and post the texts in my next Post.

 

Thanks

Tony



#9 tarcher

tarcher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 17 June 2013 - 05:27 PM

Adw Cleaner Text:

 

# AdwCleaner v2.303 - Logfile created 06/17/2013 at 23:03:03
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : sony - SONY-VAIO
# Boot Mode : Normal
# Running from : C:\Users\sony\Documents\Downloads\Spyware\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
 
***** [Registry] *****
 
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [13330 octets] - [20/05/2013 21:43:37]
AdwCleaner[R2].txt - [906 octets] - [26/05/2013 09:45:01]
AdwCleaner[R3].txt - [1024 octets] - [26/05/2013 09:47:18]
AdwCleaner[R4].txt - [1213 octets] - [28/05/2013 09:42:50]
AdwCleaner[R5].txt - [1333 octets] - [03/06/2013 13:25:12]
AdwCleaner[R6].txt - [1454 octets] - [03/06/2013 13:40:29]
AdwCleaner[S1].txt - [13752 octets] - [20/05/2013 21:46:01]
AdwCleaner[S2].txt - [319 octets] - [26/05/2013 09:46:31]
AdwCleaner[S3].txt - [1085 octets] - [26/05/2013 09:48:22]
AdwCleaner[S4].txt - [1276 octets] - [28/05/2013 09:45:08]
AdwCleaner[S5].txt - [1396 octets] - [03/06/2013 13:26:42]
AdwCleaner[S6].txt - [337 octets] - [17/06/2013 23:02:41]
AdwCleaner[S7].txt - [1633 octets] - [17/06/2013 23:03:03]
 
########## EOF - C:\AdwCleaner[S7].txt - [1693 octets] ##########
 

JRT Text:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by sony on 17/06/2013 at 23:12:56.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/06/2013 at 23:23:26.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 tarcher

tarcher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 17 June 2013 - 05:35 PM

Hi,

 

Adw Cleaner Text:

 

# AdwCleaner v2.303 - Logfile created 06/17/2013 at 23:03:03
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : sony - SONY-VAIO
# Boot Mode : Normal
# Running from : C:\Users\sony\Documents\Downloads\Spyware\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
 
***** [Registry] *****
 
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v10.0.9200.16611
 
[OK] Registry is clean.
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [13330 octets] - [20/05/2013 21:43:37]
AdwCleaner[R2].txt - [906 octets] - [26/05/2013 09:45:01]
AdwCleaner[R3].txt - [1024 octets] - [26/05/2013 09:47:18]
AdwCleaner[R4].txt - [1213 octets] - [28/05/2013 09:42:50]
AdwCleaner[R5].txt - [1333 octets] - [03/06/2013 13:25:12]
AdwCleaner[R6].txt - [1454 octets] - [03/06/2013 13:40:29]
AdwCleaner[S1].txt - [13752 octets] - [20/05/2013 21:46:01]
AdwCleaner[S2].txt - [319 octets] - [26/05/2013 09:46:31]
AdwCleaner[S3].txt - [1085 octets] - [26/05/2013 09:48:22]
AdwCleaner[S4].txt - [1276 octets] - [28/05/2013 09:45:08]
AdwCleaner[S5].txt - [1396 octets] - [03/06/2013 13:26:42]
AdwCleaner[S6].txt - [337 octets] - [17/06/2013 23:02:41]
AdwCleaner[S7].txt - [1633 octets] - [17/06/2013 23:03:03]
 
########## EOF - C:\AdwCleaner[S7].txt - [1693 octets] ##########
 

JRT Text:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x64
Ran by sony on 17/06/2013 at 23:12:56.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/06/2013 at 23:23:26.77
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#11 tarcher

tarcher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 17 June 2013 - 05:39 PM

Hi, 

Sorry I posted the texts twice.

 

I don't recognise the data boost program, could this be part of the issue?

 

PC appears to be running a bit better although the symantec has quaranten'd 10 Trojan.Gen 2 virus's

 

Thanks

Tony



#12 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:07:09 PM

Posted 19 June 2013 - 10:31 AM

Hi Tony,

Thank you for those logs, please allow me some time to review them and I will get back to you.

Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#13 whoabuddy

whoabuddy

    Bleepin' Verbose


  • Malware Response Instructor
  • 2,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cottonwood, AZ
  • Local time:07:09 PM

Posted 20 June 2013 - 02:27 PM

Hi Tony,

Thank you for answering my questions, and since we are having trouble deleting that boost folder I think we definitely need to take a closer look.

We need to reboot your computer

Before we get started it is important to reboot your computer so we can start from a clean slate.

We need to run an adwCleaner search:

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
We need to delete some files:
  • Navigate to the following folder: C:\Users\sony\Downloads
  • Right-click and click Delete for the following files:
    C:\Users\sony\Downloads\OBCOCB987220.pdf.zip
    C:\Users\sony\Downloads\NMH-4.5.20.74_LGE
    C:\Users\sony\Downloads\NMH-4.5.20.74_LGE.zip
  • If prompted for administrator access, allow it
  • If an error appears during the deletion process please note the error message in your next reply
We need to remove some applications:
  • Click on the Start Orb, then Control Panel
  • Click on Programs and Features, navigate to each entry below and remove it:
    Pando Media Booster (Version: 2.6.0.8)
    pdfforge Toolbar v4.1 (Version: 4.1)
  • Restart the computer once both programs are removed
We need to review your Symantec AV log:
  • Click on the Start Orb, then click Computer
  • Copy and Paste the following folder into the address bar and press Enter:
    C:\ProgramData\Symantec\Symantec Endpoint Protection\
  • Navigate to the folder with your version number (i.e. 12.1.x.) then \Data\Logs
  • Copy and Paste the contents of these logs in your next post
    note: if the logs are extremely long, we can limit it to the last few days, I want to see the detections from the scan that you mentioned
We need to scan your computer again with FRST:

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Run FRST/FRST64 that we downloaded earlier and press the Scan button just once and wait
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
In your next post I need the following:
  • adwCleaner[Rx].txt from adwCleaner search
  • result of file deletion
  • result of application removal
  • logs from Symantec Antivirus
  • FRST.txt from new FRST scan
  • status update - how is your computer running now? do you still have two icons for Symantec?
Best Regards,
whoabuddy
Meditate. Elevate. Appreciate. | "Life is a journey, love is the destination, happiness is the path!"
If I am helping you and have not responded within 48 hours, please send me a PM.
Vi Veri Universum Vivus Vici (VVVVV)
Excellent Security Advice
Proud member of UNITE

#14 tarcher

tarcher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 20 June 2013 - 04:35 PM

Hi Whoabuddy,

Thanks for your time, this seems to be taking some time to crack.

Please see the log file below:

AdwCleaner txt:

# AdwCleaner v2.303 - Logfile created 06/20/2013 at 21:14:56

# Updated 08/06/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : sony - SONY-VAIO

# Boot Mode : Normal

# Running from : C:\Users\sony\Documents\Downloads\Spyware\AdwCleaner.exe

# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\sony\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [13330 octets] - [20/05/2013 21:43:37]

AdwCleaner[R2].txt - [906 octets] - [26/05/2013 09:45:01]

AdwCleaner[R3].txt - [1024 octets] - [26/05/2013 09:47:18]

AdwCleaner[R4].txt - [1213 octets] - [28/05/2013 09:42:50]

AdwCleaner[R5].txt - [1333 octets] - [03/06/2013 13:25:12]

AdwCleaner[R6].txt - [1454 octets] - [03/06/2013 13:40:29]

AdwCleaner[R7].txt - [1086 octets] - [20/06/2013 21:14:56]

AdwCleaner[S1].txt - [13752 octets] - [20/05/2013 21:46:01]

AdwCleaner[S2].txt - [319 octets] - [26/05/2013 09:46:31]

AdwCleaner[S3].txt - [1085 octets] - [26/05/2013 09:48:22]

AdwCleaner[S4].txt - [1276 octets] - [28/05/2013 09:45:08]

AdwCleaner[S5].txt - [1396 octets] - [03/06/2013 13:26:42]

AdwCleaner[S6].txt - [337 octets] - [17/06/2013 23:02:41]

AdwCleaner[S7].txt - [1760 octets] - [17/06/2013 23:03:03]

 

########## EOF - C:\AdwCleaner[R7].txt - [1565 octets] ##########



#15 tarcher

tarcher
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 20 June 2013 - 04:55 PM

2B0511070A1F,14,2,8,SONY-VAIO,sony,,,,,,,16777216,"Symantec Endpoint Protection services startup was successful.",0,,0,,,,,0,,,,,,,,,,,{5236E459-B436-4E28-9EC8-964B985EE425},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511083139,14,2,8,SONY-VAIO,SYSTEM,,,,,,,16777216,"Symantec Endpoint Protection services startup was successful.",0,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511091538,7,3,8,SONY-VAIO,sony,,,,,,,16777216,"New virus definition file loaded. Version: 150616h.",0,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511091612,3,2,1,SONY-VAIO,sony,,,,,,,16777216,"Scan started on all drives and all extensions.",1371457340,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511091618,5,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWHAF52.tmp,5,1,14,256,37769284,"",0,,0,201 4 3 0 0 5 1 6 0 0 0,0,41129,0,1,0,0,0,0,,0,2,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,2d06771e-dd4d-43f2-991d-e885e264e49f,0,,
2B0511091618,5,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH10E1.tmp,5,1,14,256,37769284,"",0,,0,201 4 3 0 0 5 1 6 0 0 0,0,41129,0,1,0,0,0,0,,0,2,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,fca351d1-dac6-4b67-b69f-3c3e15ea89cf,0,,
2B0511091708,5,1,2,SONY-VAIO,SYSTEM,Trojan.Gen.2,C:\ProgramData\Symantec\SRTSP\Quarantine\APQFF09.tmp,5,1,14,256,37769284,"",1371457348,,0,201 1 3 0 1 5 0 1 1 1 0,0,41129,0,1,0,0,0,0,,0,2,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,13e61d53-1be3-4d8d-8a09-a421d66e4612,0,,
2B0511091A05,46,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWHAF52.tmp,5,1,1,256,33554436,"",1371457348,,0,101 {106EAB6F-B362-4E59-BFD7-886CC27BDC55} 0 1 Trojan.Gen.2 2;0;13 0 0 2d06771e-dd4d-43f2-991d-e885e264e49f 0,0,41129,0,0,0,,,0,,0,0,1,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,999,,7e317b7c-acb7-4c66-a75c-ea610f2c27bd,0,,
2B0511091A05,5,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWHAF52.tmp,5,1,1,256,37769284,"",1371457348,,0,201 4 3 0 0 5 1 6 0 0 0,1409206301,41129,0,1,0,0,0,0,,0,2,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,7e317b7c-acb7-4c66-a75c-ea610f2c27bd,334757888,,
2B0511091A19,51,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWHAF52.tmp,5,1,1,256,37748804,"",1371457348,,0,101 {106EAB6F-B362-4E59-BFD7-886CC27BDC55} 0 1 Trojan.Gen.2 2;0;13 0 0 2d06771e-dd4d-43f2-991d-e885e264e49f 0,334757888,41129,0,0,0,,,0,,0,0,1,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,999,,7e317b7c-acb7-4c66-a75c-ea610f2c27bd,334757888,,
2B0511091B2C,46,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH10E1.tmp,5,1,1,256,33554436,"",1371457589,,0,101 {F053A251-6128-45C1-8DFB-46BE3C1A87FF} 0 1 Trojan.Gen.2 2;0;13 0 0 fca351d1-dac6-4b67-b69f-3c3e15ea89cf 0,0,41129,0,0,0,,,0,,0,0,1,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,999,,e48544e9-0f29-4247-87eb-7ee9666df0d0,0,,
2B0511091B2D,5,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH10E1.tmp,5,1,1,256,37769284,"",1371457589,,0,201 4 3 0 0 5 1 6 0 0 0,1409206401,41129,0,1,0,0,0,0,,0,2,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,e48544e9-0f29-4247-87eb-7ee9666df0d0,334757889,,
2B0511091C07,50,1,2,SONY-VAIO,sony,,Internet browser temporary file cache,5,1,3,256,4,"",1371457589,,0,101 0 0 Browser Cache Remediation Delete Internet browser temporary file cache 2011 1 fca351d1-dac6-4b67-b69f-3c3e15ea89cf 0,0,41129,0,0,0,,,0,,0,0,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,e48544e9-0f29-4247-87eb-7ee9666df0d0,0,,
2B0511091C07,51,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH10E1.tmp,5,1,1,256,37748804,"",1371457589,,0,101 {F053A251-6128-45C1-8DFB-46BE3C1A87FF} 0 2 Trojan.Gen.2 2;0;13 0 0 fca351d1-dac6-4b67-b69f-3c3e15ea89cf 0,334757889,41129,0,0,0,,,0,,0,0,1,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,999,,e48544e9-0f29-4247-87eb-7ee9666df0d0,334757889,,
2B0511091E11,46,1,2,SONY-VAIO,SYSTEM,Trojan.Gen.2,C:\ProgramData\Symantec\SRTSP\Quarantine\APQFF09.tmp,5,1,5,256,33554436,"",1371457693,,0,101 {0A8B340C-DB85-46D1-A4A3-75F12E863C27} 0 1 Trojan.Gen.2 2;0;13 0 0 13e61d53-1be3-4d8d-8a09-a421d66e4612 0,0,41129,0,0,0,,,0,,0,0,0,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,999,,91800263-531c-4025-9dcf-512dc7c22a78,0,,
2B0511091E12,5,1,2,SONY-VAIO,SYSTEM,Trojan.Gen.2,C:\ProgramData\Symantec\SRTSP\Quarantine\APQFF09.tmp,5,1,4,256,37769284,"",1371457693,,0,201 1 3 0 1 5 0 1 1 1 0,0,41129,0,1,0,0,0,0,,0,2,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,91800263-531c-4025-9dcf-512dc7c22a78,334757890,,
2B0511091E1E,50,1,2,SONY-VAIO,SYSTEM,,Internet browser temporary file cache,5,1,3,256,4,"",1371457693,,0,101 0 0 Browser Cache Remediation Delete Internet browser temporary file cache 2011 1 13e61d53-1be3-4d8d-8a09-a421d66e4612 0,0,41129,0,0,0,,,0,,0,0,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,91800263-531c-4025-9dcf-512dc7c22a78,0,,
2B0511091E1E,51,1,2,SONY-VAIO,SYSTEM,Trojan.Gen.2,C:\ProgramData\Symantec\SRTSP\Quarantine\APQFF09.tmp,5,1,4,256,37748804,"",1371457693,,0,101 {0A8B340C-DB85-46D1-A4A3-75F12E863C27} 0 2 Trojan.Gen.2 2;0;13 0 0 13e61d53-1be3-4d8d-8a09-a421d66e4612 0,0,41129,0,0,0,,,0,,0,0,0,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,999,,91800263-531c-4025-9dcf-512dc7c22a78,0,,
2B051109352D,46,1,1,SONY-VAIO,sony,Tracking Cookies,Unavailable,1,4,1,112,33554436,"",1371457340,,0,101 {05E0B844-26F7-492E-A5D4-0A6F3B4E2730} 1 4 Tracking Cookies 1;15 0 0 0,0,4294909925,0,0,0,,,0,,0,0,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,999,,cc6ae8d4-7003-4a4d-b193-77e9b8033397,0,,
2B051109352D,47,2,1,SONY-VAIO,sony,,,,,,,16777216,"Cookie Detection: State: 1, Operation: Scan, RemoveReference: true, Depth: 10, ScanDLLs: false, ScanDomain: 1",0,,0,101 0 0 Cookie Detection Scan State: 1\~ Operation: Scan\~ RemoveReference: true\~ Depth: 10\~ ScanDLLs: false\~ ScanDomain: 1 0 0 0,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,cc6ae8d4-7003-4a4d-b193-77e9b8033397,,,
2B051109352D,50,1,1,SONY-VAIO,sony,,Cookie:sony@c.atdmt.com/,1,4,3,112,4,"",1371457340,,0,101 0 0 Cookie Remediation Delete Cookie:sony@c.atdmt.com/ 2013 1 0,0,4294909925,0,0,0,,,0,,0,0,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,cc6ae8d4-7003-4a4d-b193-77e9b8033397,0,,
2B051109352D,50,1,1,SONY-VAIO,sony,,Cookie:sony@m.webtrends.com/,1,4,3,112,4,"",1371457340,,0,101 0 0 Cookie Remediation Delete Cookie:sony@m.webtrends.com/ 2013 1 0,0,4294909925,0,0,0,,,0,,0,0,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,cc6ae8d4-7003-4a4d-b193-77e9b8033397,0,,
2B051109352D,50,1,1,SONY-VAIO,sony,,Cookie:sony@atdmt.com/,1,4,3,112,4,"",1371457340,,0,101 0 0 Cookie Remediation Delete Cookie:sony@atdmt.com/ 2013 1 0,0,4294909925,0,0,0,,,0,,0,0,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,cc6ae8d4-7003-4a4d-b193-77e9b8033397,0,,
2B051109352E,50,1,1,SONY-VAIO,sony,,Unused Cookies,1,4,3,112,4,"",1371457340,,0,101 0 0 Cookie Remediation Delete Unused Cookies 2013 1 0,0,4294909925,0,0,0,,,0,,0,0,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,cc6ae8d4-7003-4a4d-b193-77e9b8033397,0,,
2B051109352E,51,1,1,SONY-VAIO,sony,Tracking Cookies,Unavailable,1,4,3,112,33554436,"",1371457340,,0,101 {05E0B844-26F7-492E-A5D4-0A6F3B4E2730} 1 4 Tracking Cookies 1;15 0 0 0,0,4294909925,0,0,0,,,0,,0,0,4,0,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,999,,cc6ae8d4-7003-4a4d-b193-77e9b8033397,0,,
2B0511093603,6,2,1,SONY-VAIO,sony,,,,,,,16777216,"Could not scan 1 files inside c:\Documentation\Documentation\CS\Uzivatelska prirucka VPCS11_CS.pdf due to extraction errors encountered by the Decomposer Engines.",1371457340,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511093604,6,2,1,SONY-VAIO,sony,,,,,,,16777216,"Could not scan 1 files inside c:\Documentation\Documentation\DK\Brugervejledning VPCS11_DK.pdf due to extraction errors encountered by the Decomposer Engines.",1371457340,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511093605,6,2,1,SONY-VAIO,sony,,,,,,,16777216,"Could not scan 1 files inside c:\Documentation\Documentation\ES\Guia del usuario VPCS11_ES.pdf due to extraction errors encountered by the Decomposer Engines.",1371457340,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511093606,6,2,1,SONY-VAIO,sony,,,,,,,16777216,"Could not scan 1 files inside c:\Documentation\Documentation\EN\User Guide VPCS11_EN.pdf due to extraction errors encountered by the Decomposer Engines.",1371457340,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511093608,6,2,1,SONY-VAIO,sony,,,,,,,16777216,"Could not scan 1 files inside c:\Documentation\Documentation\DE\Benutzerhandbuch VPCS11_DE.pdf due to extraction errors encountered by the Decomposer Engines.",1371457340,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511093609,6,2,1,SONY-VAIO,sony,,,,,,,16777216,"Could not scan 1 files inside c:\Documentation\Documentation\NL\Gebruikershandleiding VPCS11_NL.pdf due to extraction errors encountered by the Decomposer Engines.",1371457340,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B051109360A,6,2,1,SONY-VAIO,sony,,,,,,,16777216,"Could not scan 1 files inside c:\Documentation\Documentation\IT\Guida utente VPCS11_IT.pdf due to extraction errors encountered by the Decomposer Engines.",1371457340,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,

 

______________________>>>>>>>> File too large, lots more "Could not Scan File inside C:/ xxxxxxx etc <<<<<<<<<<<_______________________

 

Then end of file as below:

 

2B0511100D05,6,2,0,SONY-VAIO,sony,,,,,,,16777216,"Could not scan 1 files inside c:\Users\sony\Documents\Certificates\235 85R16 HT E Cert.pdf due to extraction errors encountered by the Decomposer Engines.",1371457868,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511100D06,6,2,0,SONY-VAIO,sony,,,,,,,16777216,"Could not scan 1 files inside c:\Users\sony\Documents\Certificates\235.65R17 CVR E9-02.1173 CN12060053.pdf due to extraction errors encountered by the Decomposer Engines.",1371457868,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511100D06,6,2,0,SONY-VAIO,sony,,,,,,,16777216,"Could not scan 1 files inside c:\Users\sony\Documents\Certificates\235.85R16 HT.pdf due to extraction errors encountered by the Decomposer Engines.",1371457868,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511101638,6,2,0,SONY-VAIO,sony,,,,,,,16777216,"Could not scan 1562 files inside c:\Users\sony\Documents\Certificates\CERTIFICATES.rar due to extraction errors encountered by the Decomposer Engines.",1371457868,,0,,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511101700,21,2,0,SONY-VAIO,sony,,,,,,,16777216,"Scan Canceled:  Risks: 0   Scanned: 253863   Files/Folders/Drives Omitted: 2143",1371457868,,0,0:0:253863:2143,,,,0,,,,,,,,,,,{82A2E490-EDCF-4E18-AC44-2D3599E4AC9D},,,,WORKGROUP,00:24:BE:EC:3F:3C,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511122A1E,14,2,8,SONY-VAIO,sony,,,,,,,16777216,"Symantec Endpoint Protection services startup was successful.",0,,0,,,,,0,,,,,,,,,,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511141C03,7,3,8,SONY-VAIO,sony,,,,,,,16777216,"New virus definition file loaded. Version: 150617b.",0,,0,,,,,0,,,,,,,,,,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,
2B0511141C28,5,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWHFB.tmp,5,1,14,256,37769284,"",0,,0,201 4 3 0 0 5 1 6 0 0 0,0,41129,0,1,0,0,0,0,,0,2,4,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,72027f61-f885-4c80-84cd-bcda53761aa7,0,,
2B0511141C28,5,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH511D.tmp,5,1,14,256,37769284,"",0,,0,201 4 3 0 0 5 1 6 0 0 0,0,41129,0,1,0,0,0,0,,0,2,4,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,8f6d6ca2-6272-4f2c-87c6-4333a79a751e,0,,
2B0511141C28,5,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH6F47.tmp,5,1,14,256,37769284,"",1371497322,,0,201 4 3 0 0 5 1 6 0 0 0,0,41129,0,1,0,0,0,0,,0,2,4,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,5b61a3b3-ab27-4b8c-9107-3444fcb2ba2b,0,,
2B0511141C28,5,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH8E0D.tmp,5,1,14,256,37769284,"",1371497322,,0,201 4 3 0 0 5 1 6 0 0 0,0,41129,0,1,0,0,0,0,,0,2,4,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,55d7923b-ee58-47d8-a002-015a156950cc,0,,
2B0511141E2F,46,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWHFB.tmp,5,1,1,256,33554436,"",1371497322,,0,101 {817BFC07-B99F-422E-8697-BD4C0D5EF0C8} 0 1 Trojan.Gen.2 2;0;13 0 0 72027f61-f885-4c80-84cd-bcda53761aa7 0,0,41129,0,0,0,,,0,,0,0,1,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,999,,db7986ff-e11f-4227-b904-ca5313ebf6d3,0,,
2B0511141E2F,5,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWHFB.tmp,5,1,1,256,37769284,"",1371497322,,0,201 4 3 0 0 5 1 6 0 0 0,1472160743,41129,0,1,0,0,0,0,,0,2,4,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,db7986ff-e11f-4227-b904-ca5313ebf6d3,370409472,,
2B0511141E3A,50,1,2,SONY-VAIO,sony,,Internet browser temporary file cache,5,1,3,256,4,"",1371497322,,0,101 0 0 Browser Cache Remediation Delete Internet browser temporary file cache 2011 1 72027f61-f885-4c80-84cd-bcda53761aa7 0,0,41129,0,0,0,,,0,,0,0,4,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,db7986ff-e11f-4227-b904-ca5313ebf6d3,0,,
2B0511141E3A,51,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWHFB.tmp,5,1,1,256,37748804,"",1371497322,,0,101 {817BFC07-B99F-422E-8697-BD4C0D5EF0C8} 0 2 Trojan.Gen.2 2;0;13 0 0 72027f61-f885-4c80-84cd-bcda53761aa7 0,370409472,41129,0,0,0,,,0,,0,0,1,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,999,,db7986ff-e11f-4227-b904-ca5313ebf6d3,370409472,,
2B0511141F37,46,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH511D.tmp,5,1,1,256,33554436,"",1371497461,,0,101 {7CD12F67-1A43-4D71-8AFF-CE8B98148C0B} 0 1 Trojan.Gen.2 2;0;13 0 0 8f6d6ca2-6272-4f2c-87c6-4333a79a751e 0,0,41129,0,0,0,,,0,,0,0,1,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,999,,029c6471-e23a-4952-8727-58d7f1fbb8b0,0,,
2B0511141F37,5,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH511D.tmp,5,1,1,256,37769284,"",1371497461,,0,201 4 3 0 0 5 1 6 0 0 0,1472160811,41129,0,1,0,0,0,0,,0,2,4,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,029c6471-e23a-4952-8727-58d7f1fbb8b0,370409473,,
2B0511142001,50,1,2,SONY-VAIO,sony,,Internet browser temporary file cache,5,1,3,256,4,"",1371497461,,0,101 0 0 Browser Cache Remediation Delete Internet browser temporary file cache 2011 1 8f6d6ca2-6272-4f2c-87c6-4333a79a751e 0,0,41129,0,0,0,,,0,,0,0,4,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,029c6471-e23a-4952-8727-58d7f1fbb8b0,0,,
2B0511142001,51,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH511D.tmp,5,1,1,256,37748804,"",1371497461,,0,101 {7CD12F67-1A43-4D71-8AFF-CE8B98148C0B} 0 2 Trojan.Gen.2 2;0;13 0 0 8f6d6ca2-6272-4f2c-87c6-4333a79a751e 0,370409473,41129,0,0,0,,,0,,0,0,1,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,999,,029c6471-e23a-4952-8727-58d7f1fbb8b0,370409473,,
2B0511142036,46,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH6F47.tmp,5,1,1,256,33554436,"",1371497525,,0,101 {9B6E59C7-64A3-4DD0-B238-898E1C49AFFE} 0 1 Trojan.Gen.2 2;0;13 0 0 5b61a3b3-ab27-4b8c-9107-3444fcb2ba2b 0,0,41129,0,0,0,,,0,,0,0,1,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,999,,345ca205-c289-41b3-9125-503d60b45299,0,,
2B0511142036,5,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH6F47.tmp,5,1,1,256,37769284,"",1371497525,,0,201 4 3 0 0 5 1 6 0 0 0,1472160870,41129,0,1,0,0,0,0,,0,2,4,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,345ca205-c289-41b3-9125-503d60b45299,370409474,,
2B051114203A,50,1,2,SONY-VAIO,sony,,Internet browser temporary file cache,5,1,3,256,4,"",1371497525,,0,101 0 0 Browser Cache Remediation Delete Internet browser temporary file cache 2011 1 5b61a3b3-ab27-4b8c-9107-3444fcb2ba2b 0,0,41129,0,0,0,,,0,,0,0,4,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,345ca205-c289-41b3-9125-503d60b45299,0,,
2B051114203A,51,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH6F47.tmp,5,1,1,256,37748804,"",1371497525,,0,101 {9B6E59C7-64A3-4DD0-B238-898E1C49AFFE} 0 2 Trojan.Gen.2 2;0;13 0 0 5b61a3b3-ab27-4b8c-9107-3444fcb2ba2b 0,370409474,41129,0,0,0,,,0,,0,0,1,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,999,,345ca205-c289-41b3-9125-503d60b45299,370409474,,
2B051114212E,46,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH8E0D.tmp,5,1,1,256,33554436,"",1371497583,,0,101 {276D8690-44BC-4F0F-A552-98ED687FC58B} 0 1 Trojan.Gen.2 2;0;13 0 0 55d7923b-ee58-47d8-a002-015a156950cc 0,0,41129,0,0,0,,,0,,0,0,1,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,999,,8e7b7489-dfbd-44e1-8ebd-c5446f674728,0,,
2B051114212E,5,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH8E0D.tmp,5,1,1,256,37769284,"",1371497583,,0,201 4 3 0 0 5 1 6 0 0 0,1472160922,41129,0,1,0,0,0,0,,0,2,4,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,8e7b7489-dfbd-44e1-8ebd-c5446f674728,370409475,,
2B0511142131,50,1,2,SONY-VAIO,sony,,Internet browser temporary file cache,5,1,3,256,4,"",1371497583,,0,101 0 0 Browser Cache Remediation Delete Internet browser temporary file cache 2011 1 55d7923b-ee58-47d8-a002-015a156950cc 0,0,41129,0,0,0,,,0,,0,0,4,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,8e7b7489-dfbd-44e1-8ebd-c5446f674728,0,,
2B0511142131,51,1,2,SONY-VAIO,sony,Trojan.Gen.2,C:\Users\sony\AppData\Local\Temp\DWH8E0D.tmp,5,1,1,256,37748804,"",1371497583,,0,101 {276D8690-44BC-4F0F-A552-98ED687FC58B} 0 2 Trojan.Gen.2 2;0;13 0 0 55d7923b-ee58-47d8-a002-015a156950cc 0,370409475,41129,0,0,0,,,0,,0,0,1,0,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,999,,8e7b7489-dfbd-44e1-8ebd-c5446f674728,370409475,,
2B0511170F03,14,2,8,SONY-VAIO,sony,,,,,,,16777216,"Symantec Endpoint Protection services startup was successful.",0,,0,,,,,0,,,,,,,,,,,{28ADF84E-1E4F-44D6-93F3-9CD019EA56BB},,,,WORKGROUP,00:23:14:1B:0D:79,11.0.5002.290,,,,,,,,,,,,,,,,0,,,,,





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users