Jump to content
Sign in to follow this  
mary_to78

Unable To Produce A Hijack This Log

Recommended Posts

Hello,

 

I have another computer that has an infection. JonTom recently helped me with another one and hopefully this one can be fixed. I was able to run malwarebytes and it found 17 infections. When I run Hijack This I get two errors. The first one says access was denied to the hosts files and when it completes the scan a box appears that says, "Cannot find the C:\Program Files\TrendMicro\Hijackthis\hijackthis.log file. Do you want to create a new file?" It doesn't matter what I choose. A blank notepad is all that shows up. Please help.

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 5207

 

Windows 6.0.6001 Service Pack 1

Internet Explorer 8.0.6001.18975

 

11/28/2010 5:13:56 PM

mbam-log-2010-11-28 (17-13-56).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 295280

Time elapsed: 2 hour(s), 46 minute(s), 55 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 3

Registry Values Infected: 1

Registry Data Items Infected: 4

Folders Infected: 2

Files Infected: 17

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

HKEY_CLASSES_ROOT\AppID\{fa8edcdd-efa2-477b-b00a-7f28f02cd37e} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1602f07d-8bf3-4c08-bdd6-dddb1c48aedc} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet security suite (Rogue.InternetSecuritySuite) -> Quarantined and deleted successfully.

 

Registry Data Items Infected:

HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/...q={searchTerms}) Good: (http://www.google.co...age={startPage}) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

 

Folders Infected:

C:\ProgramData\System Data Configuration (Malware.Trace) -> Delete on reboot.

C:\Users\Owner\AppData\Roaming\Virus Doctor (Rogue.VirusDoctor) -> Delete on reboot.

 

Files Infected:

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E8CXEKW1\XvidSetup[1].exe (Adware.HotBar) -> Quarantined and deleted successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FIOEHD0I\XvidSetup[1].exe (Adware.HotBar) -> Quarantined and deleted successfully.

C:\Users\Owner\AppData\Local\Temp\nsb901.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\Users\Owner\AppData\Local\Temp\nsb901.tmp\Setup.dll (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\Users\Owner\AppData\Local\Temp\nsh77D5.tmp\Install.dll (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\Users\Owner\AppData\Local\Temp\nsh77D5.tmp\Setup.dll (Adware.Seekmo) -> Quarantined and deleted successfully.

C:\ProgramData\System Data Configuration\config.cfg (Malware.Trace) -> Quarantined and deleted successfully.

C:\ProgramData\System Data Configuration\DB.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\ProgramData\System Data Configuration\fsvd6398.db (Malware.Trace) -> Quarantined and deleted successfully.

C:\Users\Owner\AppData\Roaming\Virus Doctor\Instructions.ini (Rogue.VirusDoctor) -> Quarantined and deleted successfully.

C:\Users\Owner\AppData\Roaming\Virus Doctor\settings.ini (Rogue.VirusDoctor) -> Quarantined and deleted successfully.

C:\Users\Owner\AppData\Roaming\Virus Doctor\uill.ini (Rogue.VirusDoctor) -> Quarantined and deleted successfully.

C:\Users\Owner\Desktop\Internet Security Suite.lnk (Rogue.Link) -> Quarantined and deleted successfully.

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virus Doctor.lnk (Rogue.VirusDoctor) -> Quarantined and deleted successfully.

C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Internet Security Suite.lnk (Rogue.InternetSecuritySuite) -> Quarantined and deleted successfully.

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Internet Security Suite.lnk (Rogue.InternetSecuritySuite) -> Quarantined and deleted successfully.

C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Security Suite.lnk (Rogue.InternetSecuritySuite) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

Hello mary_to78

 

Sorry for the delay.

 

Before we take a look at your machine I should point out that I will not be online for the next two weeks starting this coming Friday. I will ask another one of our Trusted Advisors to continue helping you from Friday onwards.

 

 

Please do the following:

 

 

  • Download and run OTL by Oldtimer

     

     

    • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
    • Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
    • Check the boxes beside "LOP Check" and "Purity Check".
    • Under Custom Scan paste this in:

    netsvcs

    %SYSTEMDRIVE%\*.exe

    /md5start

    eventlog.dll

    scecli.dll

    netlogon.dll

    cngaudit.dll

    sceclt.dll

    ntelogon.dll

    logevent.dll

    iaStor.sys

    nvstor.sys

    atapi.sys

    IdeChnDr.sys

    viasraid.sys

    AGP440.sys

    vaxscsi.sys

    nvatabus.sys

    viamraid.sys

    nvata.sys

    nvgts.sys

    iastorv.sys

    ViPrt.sys

    eNetHook.dll

    ahcix86.sys

    KR10N.sys

    nvstor32.sys

    ahcix86s.sys

    nvrd32.sys

    symmpi.sys

    adp3132.sys

    /md5stop

    %systemroot%\*. /mp /s

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\system32\drivers\*.sys /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\drivers\*.sys /90

    • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.

    • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
    • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.

  • DeFogger

     

     

    • Please download DeFogger to your desktop.
    • Right Click on DeFogger and select "Run as Administrator" to run the tool.
    • The application window will appear.
    • Click the Disable button to disable your CD Emulation drivers.
    • Click Yes to continue.
    • A 'Finished!' message will appear.
    • Click OK.
    • DeFogger will now ask to reboot the machine - click OK.

      IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

      Do not re-enable these drivers until otherwise instructed.

  • Please scan your system with GMER

     

     

    Posted Image

    Download GMER Rootkit Scanner from here or here.

    • Extract the contents of the zipped file to desktop.
    • Right click on GMER.exe and select "Run as Administrator" to run the program. If asked to allow gmer.sys driver to load, please consent.
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

  • Save it where you can easily find it, such as your desktop, and post it in your reply.

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

Please post the OTL logs and the GMER log in your next reply. If you have any problems with the scans let me know :)

 

 

 

Share this post


Link to post
Share on other sites

Hi JonTom,

 

Sorry for the delay.

 

Before we take a look at your machine I should point out that I will not be online for the next two weeks starting this coming Friday. I will ask another one of our Trusted Advisors to continue helping you from Friday onwards.

No worries. Thanks for the help. I was able to run OTL. I'll post those two logs. I ran defogger and it says it finished. I click ok, but it does not ask me to restart. I can't run GMER. After a couple of minutes I get a blue screen.

 

OTL Extras logfile created on: 11/30/2010 5:07:17 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1,014.00 Mb Total Physical Memory | 149.00 Mb Available Physical Memory | 15.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 178.94 Gb Total Space | 123.73 Gb Free Space | 69.15% Space Free | Partition Type: NTFS

 

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0558EC68-148E-452C-9478-CBC1D9D0F34C}" = lport=137 | protocol=17 | dir=in | app=system |

"{2422ED25-0756-4771-9AFA-A52DDDFCD2DA}" = lport=10243 | protocol=6 | dir=in | app=system |

"{2FFC1F96-5C14-477D-9C2E-B1E764BB392A}" = lport=445 | protocol=6 | dir=in | app=system |

"{3758F666-8861-486E-A371-1418DFAB2D2A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{37B142AC-86CB-410C-AB4C-FAADC7AB3F98}" = rport=445 | protocol=6 | dir=out | app=system |

"{532D9474-86A5-4734-869F-5F7DF79D2F34}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5434D589-7542-4D99-BBB1-C7E297856A92}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{603B409A-420C-4530-A0A2-478666335DD2}" = rport=139 | protocol=6 | dir=out | app=system |

"{69702564-38BF-4254-A8F7-E66BC41B8993}" = lport=139 | protocol=6 | dir=in | app=system |

"{7F55D45D-B14F-4A67-A354-FA56D1CD7224}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{82CF360D-627A-4E1D-8B5F-7738FCD1EF7E}" = rport=138 | protocol=17 | dir=out | app=system |

"{BB39FDA2-3774-4AF6-83AA-6BA389BF0A39}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{C4575D30-5B7B-4AA6-9361-FD7E7DEC7751}" = rport=10243 | protocol=6 | dir=out | app=system |

"{DB771D67-5529-4F82-A9FB-13233BF6D5CB}" = rport=137 | protocol=17 | dir=out | app=system |

"{E4045C26-A34F-4261-8AB4-4AF2B7B11629}" = lport=138 | protocol=17 | dir=in | app=system |

"{E8896F4A-3DFA-4AAE-8500-26165204C271}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EA1F0584-9443-40D5-B462-F5B83AFED368}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EB45448E-9DB7-418D-B52C-B48182F7EE1A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{FAE68C12-8441-42AA-8A66-1C211984203A}" = lport=2869 | protocol=6 | dir=in | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0DFDEFB4-65F3-4208-98CA-DC3E07B42D95}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{1842F617-33E9-43E5-9812-15FC80C21AC4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{1E6659FD-B8BE-4D86-87A2-55BC46C3A404}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{3DCDD2F2-3A06-453C-97B8-8FBB47FBB4FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{42B67673-15BD-464A-9AA8-86AF7CFB05E5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{468F110F-4F37-40B2-9F54-7F77F93CD4DC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{56ABF228-0CB4-4B24-8C1F-2CF4393DCD65}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{591B580A-5A49-4709-A2E2-5533A4761765}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{612F3916-08D0-4353-B4B8-025EE1DB4B4B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{67E91301-5C4E-43A4-A3E7-B7E1554AC719}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{6FE6F5D2-0D44-4B42-97A1-CE1E3D613E2A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{7214DC80-392C-4161-91D1-21F7F67CCAD2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{72D61C0F-A9E7-4686-9B6E-728855C168CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{749B93C0-E058-4C61-981C-816728A894AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{8C12B3CE-0F8D-47C2-BF59-C4ED26CE2978}" = protocol=6 | dir=out | app=system |

"{98978833-6B19-489A-BE6B-A11507BE9AA6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{9B711830-6E1F-41A0-B5C2-74D6ACA1DF23}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{9C9A4CC5-D04E-42E1-B575-3F978568CE8F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{A1B83C8B-80B3-48B5-8606-FE185951DED3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{AAA4E5E5-86FE-4BFA-84AD-B70154C5B853}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{B3FDFFF6-A2C3-4D81-B9D5-E596A2A78431}" = protocol=6 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |

"{BA5EC0DC-77F3-425F-86F9-866309F625F0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{BDB87115-951F-4AA7-B83F-244AEA9FDFA4}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"{C1276CC4-0275-4F38-AC3F-DF34F2E3B35C}" = protocol=17 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |

"{C333A3E2-D480-499E-8A1F-7AEDD86E4346}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

"{CA5B5E5A-B25E-4E4F-9584-B688ABCDCB40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{CA93053E-8325-494D-8B5B-52D12BC98A3E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{CE9CEF90-3FDA-4EAB-AB13-9814F81DE337}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E4FEC0FA-FC9B-4370-AE85-BE44B300D50F}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"{F18C99A6-6AE8-44CB-9CFD-CB88DDF29DF6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"TCP Query User{34D6E9B6-3166-404C-9EE6-6DDACAD89E27}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"TCP Query User{5D20D6F2-CB89-447F-A830-7624C4C16B97}C:\programdata\32b918\is32b_2204.exe" = protocol=6 | dir=in | app=c:\programdata\32b918\is32b_2204.exe |

"TCP Query User{69662283-5673-45B3-AD80-F01FD595245A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{DE259543-A4EE-40FB-BE51-99212CD1DC1C}C:\program files\sony pictures games\wheel of fortune\wheel of fortune.exe" = protocol=6 | dir=in | app=c:\program files\sony pictures games\wheel of fortune\wheel of fortune.exe |

"TCP Query User{F3DBDD10-2CDC-490E-A2AF-3FC9F2F27B18}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{6FDF780B-EFCA-4C02-993F-7A6CFA4EF365}C:\program files\sony pictures games\wheel of fortune\wheel of fortune.exe" = protocol=17 | dir=in | app=c:\program files\sony pictures games\wheel of fortune\wheel of fortune.exe |

"UDP Query User{7D835EDB-9103-4E1B-B34C-72405718F670}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{8FA164A5-5CD5-49B5-9AFD-55E8C580A079}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{91C2E784-E591-4BFD-A7B7-6B54A560B002}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{DAC3B7FC-B8B2-42DD-8FDD-24952992D292}C:\programdata\32b918\is32b_2204.exe" = protocol=17 | dir=in | app=c:\programdata\32b918\is32b_2204.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library

"{0312BD0D-A1FE-4E1A-9208-D436F566D867}" = VAIO Azure Float Wallpaper

"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire

"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher

"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg

"{190C7419-C254-408e-81F8-BE11FCD72A1F}" = dj_sf_software

"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center

"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0

"{235915A8-1C0D-4920-95EA-FE8B773E5F57}" = VAIO Teal Whisper Wallpaper

"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6

"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey

"{359DF682-BC8F-429D-AB6D-3C8002099F38}" = VAIO Content Metadata Intelligent Analyzing Manager

"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3

"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox

"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic

"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0

"{58535A90-1788-44f5-80BB-CFF62D9CE6D5}" = HP Deskjet 8.0 Software

"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{5AD96CF5-2627-4F29-9D2D-72FCD85F6355}" = AVG 2011

"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer VAIO Content Exporter

"{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}" = VAIO Content Metadata XML Interface Library

"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant

"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works

"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter

"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1

"{7D716354-2C08-48DC-9AC5-957348048817}" = VAIO Help And Support

"{7E545666-F419-45FD-B3DF-C0B99A1A579F}" = QuickBooks Simple Start Free Starter Edition

"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112731397}" = Wheel of Fortune 2

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service

"{92F8615C-43B7-4925-8457-B6D004E8D478}" = VAIO Content Metadata XML Interface Library

"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch

"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status

"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music

"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins

"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO

"{A23061AF-5361-433C-B7F0-CE5F79A22C49}" = AVG 2011

"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter

"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting

"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series

"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch

"{AF36CE1D-FD2C-4BA0-93FA-1196785DD610}" = Adobe Flash Player 10 Plugin

"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story

"{B59B3DA8-06F8-4B4C-AE94-5180753EF108}" = VAIO Floral Dusk Wallpaper

"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home

"{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center

"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard

"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm

"{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar

"{C716522C-3731-4667-8579-40B098294500}" = Toolbox

"{C7E154EF-D5EC-4da4-9D00-43B85967B120}" = dj_sf_ProductContext

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center

"{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media

"{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool

"{D937DD80-3928-4617-876F-538A25AECB17}" = LocationFree Player

"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter

"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport

"{E58AB36F-9D50-4969-9228-AC24270741BF}" = VAIO Content Metadata Intelligent Analyzing Manager

"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio

"{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center

"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00

"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential

"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply

"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story

"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset

"{EFF78ADB-B586-4b49-8473-F2441B47F9AD}" = D1400_Help

"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F327A8F7-00C6-4491-9782-1DFFBB0594A2}" = dj_sf_software_req

"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =

"{F6E69D86-4A9D-436D-AAE7-B764EA87420D}" = D1400

"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager

"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.2 Professional

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"AOL Toolbar 4.0" = AOL Toolbar 4.0

"AVG" = AVG 2011

"CAL" = Canon Camera Access Library

"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX

"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"conduitEngine" = Conduit Engine

"CSCLIB" = Canon Camera Support Core Library

"EOS Utility" = Canon Utilities EOS Utility

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"HP Imaging Device Functions" = HP Imaging Device Functions 8.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0

"HPExtendedCapabilities" = HP Customer Participation Program 8.0

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01

"PhotoStitch" = Canon Utilities PhotoStitch

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX

"TV_Bar_1.2 Toolbar" = TV Bar 1.2 Toolbar

"VAIO Service Utility" = VAIO Service Utility

"Wheel of Fortune" = Wheel of Fortune (remove only)

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Media Player" = Move Media Player

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 10/27/2010 9:06:56 PM | Computer Name = Owner-PC | Source = VzCdbSvc | ID = 7

Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error

code = 0x80042019)

 

Error - 10/27/2010 9:07:38 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000

Description = Faulting application NSUService.exe, version 1.1.0.6290, time stamp

0x46848bae, faulting module PluginRas.plugin, version 1.0.0.1, time stamp 0x46848b99,

exception code 0xc0000409, fault offset 0x000060e7, process id 0x1064, application

start time 0x01cb763c733c3028.

 

Error - 11/1/2010 9:57:18 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp

0x4c8710a6, faulting module SHELL32.dll, version 6.0.6001.18505, time stamp 0x4c4dbdfe,

exception code 0xc0000005, fault offset 0x0008bdec, process id 0xd660, application

start time 0x01cb7a2ff0f6ad58.

 

Error - 11/2/2010 8:42:03 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000

Description = Faulting application iexplore.exe, version 8.0.6001.18975, time stamp

0x4c8710a6, faulting module SHELL32.dll, version 6.0.6001.18505, time stamp 0x4c4dbdfe,

exception code 0xc0000005, fault offset 0x000897a9, process id 0xc2f8, application

start time 0x01cb7aed480758f0.

 

Error - 11/9/2010 11:12:28 AM | Computer Name = Owner-PC | Source = VSS | ID = 8194

Description =

 

Error - 11/9/2010 11:16:37 AM | Computer Name = Owner-PC | Source = VSS | ID = 8194

Description =

 

Error - 11/9/2010 11:17:19 AM | Computer Name = Owner-PC | Source = ESENT | ID = 490

Description = Catalog Database (1804) Catalog Database: An attempt to open the file

"C:\Windows\system32\CatRoot2\edb.chk" for read / write access failed with system

error 32 (0x00000020): "The process cannot access the file because it is being

used by another process. ". The open file operation will fail with error -1032

(0xfffffbf8).

 

Error - 11/11/2010 3:01:50 AM | Computer Name = Owner-PC | Source = ESENT | ID = 490

Description = Catalog Database (1804) Catalog Database: An attempt to open the file

"C:\Windows\system32\CatRoot2\edb.chk" for read / write access failed with system

error 32 (0x00000020): "The process cannot access the file because it is being

used by another process. ". The open file operation will fail with error -1032

(0xfffffbf8).

 

Error - 11/14/2010 3:51:35 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000

Description = Faulting application NSUService.exe, version 1.1.0.6290, time stamp

0x46848bae, faulting module PluginRas.plugin, version 1.0.0.1, time stamp 0x46848b99,

exception code 0xc0000409, fault offset 0x000060e7, process id 0xb28, application

start time 0x01cb843543c517a6.

 

Error - 11/14/2010 3:53:04 PM | Computer Name = Owner-PC | Source = VzCdbSvc | ID = 7

Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error

code = 0x80042019)

 

[ Media Center Events ]

Error - 10/7/2009 4:49:57 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

 

Error - 4/18/2010 5:34:42 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0

Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

 

[ System Events ]

Error - 11/28/2010 9:09:54 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034

Description =

 

Error - 11/28/2010 9:10:21 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009

Description =

 

Error - 11/28/2010 9:10:22 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 11/28/2010 9:11:19 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034

Description =

 

Error - 11/28/2010 9:26:19 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010

Description =

 

Error - 11/30/2010 7:57:52 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016

Description =

 

Error - 11/30/2010 7:59:07 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000

Description =

 

Error - 11/30/2010 7:59:07 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7026

Description =

 

Error - 11/30/2010 7:59:07 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034

Description =

 

Error - 11/30/2010 8:00:17 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034

Description =

 

 

< End of report >

 

 

OTL logfile created on: 11/30/2010 5:07:17 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1,014.00 Mb Total Physical Memory | 149.00 Mb Available Physical Memory | 15.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 178.94 Gb Total Space | 123.73 Gb Free Space | 69.15% Space Free | Partition Type: NTFS

 

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2010/11/30 17:02:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe

PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe

PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe

PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2008/12/22 12:55:30 | 000,521,056 | ---- | M] () -- C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe

PRC - [2008/12/15 18:09:40 | 000,596,336 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/01/19 00:33:35 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe

PRC - [2008/01/11 19:54:31 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

PRC - [2007/10/25 02:35:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2007/07/24 19:26:38 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

PRC - [2007/07/24 19:26:38 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

PRC - [2007/06/29 13:38:46 | 000,258,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe

PRC - [2007/06/29 06:45:22 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe

PRC - [2007/06/28 08:53:02 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

PRC - [2007/06/28 08:53:00 | 000,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

PRC - [2007/06/28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

PRC - [2007/06/14 08:40:46 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

PRC - [2007/06/08 05:35:43 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe

PRC - [2007/06/08 05:35:43 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe

PRC - [2007/06/08 05:35:39 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe

PRC - [2007/06/05 07:49:30 | 003,682,576 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe

PRC - [2007/05/31 09:32:14 | 000,551,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe

PRC - [2007/03/01 03:04:58 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

PRC - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2010/11/30 17:02:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

MOD - [2010/08/31 08:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2010/10/25 09:01:42 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2008/12/15 18:09:40 | 000,596,336 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2008/12/15 18:09:40 | 000,596,336 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)

SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/10/25 02:35:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/07/24 19:26:38 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2007/07/13 10:55:56 | 000,292,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV - [2007/07/05 17:43:04 | 000,079,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)

SRV - [2007/06/29 13:38:46 | 000,200,704 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)

SRV - [2007/06/28 08:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

SRV - [2007/06/28 08:53:02 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)

SRV - [2007/06/28 08:53:00 | 000,188,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

SRV - [2007/06/28 08:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)

SRV - [2007/06/20 15:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)

SRV - [2007/06/20 15:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)

SRV - [2007/06/20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)

SRV - [2007/06/20 15:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)

SRV - [2007/06/20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)

SRV - [2007/06/20 15:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)

SRV - [2007/03/01 03:04:58 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)

SRV - [2007/01/10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)

SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)

SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)

SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

SRV - [2006/11/09 15:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)

SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\FNETURPX.SYS -- (FNETURPX)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FNETTBOH.SYS -- (FNETTBOH)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2010/08/19 20:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2010/08/19 20:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2008/12/09 09:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)

DRV - [2007/07/24 05:53:06 | 000,246,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)

DRV - [2007/06/30 04:04:02 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/06/29 06:45:12 | 001,671,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)

DRV - [2007/06/27 19:29:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)

DRV - [2007/06/25 14:40:56 | 001,787,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2007/06/13 06:05:19 | 000,705,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2007/06/08 05:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2007/06/05 05:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)

DRV - [2007/05/24 17:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2007/05/01 06:16:05 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/05/01 06:15:58 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2007/05/01 06:15:55 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2007/05/01 06:15:55 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2006/11/06 00:09:26 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)

DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 02:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2006/11/02 02:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2006/11/02 02:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 00:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)

DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)

DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)

DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Inter

Share this post


Link to post
Share on other sites

Hello mary_to78

 

I can't run GMER. After a couple of minutes I get a blue screen.

Please try the following:

 

  • GMER

     

     

    • If you are having trouble getting GMER to complete a scan, please run it again, but this time uncheck everything EXCEPT "Sections" and "C:\".
    • If GMER does not produce a log please try running it from Safe Mode.

    • How to use the F8 method to Start Your Computer in Safe Mode

    • Restart your computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the "Advanced Options" menu appears.
    • Use the arrow keys to select the Safe mode menu item.
    • Press Enter.

    • If GMER in safe mode does not work, please try Rootkit Unhooker:

  • Rootkit Unhooker

     

     

    • Please Download Rootkit Unhooker and Save it to your desktop.
    • Now double-click on the .rar file and extract it to your desktop. Allow the tool to run.
    • Click the Report tab, then click Scan.
    • Check (Tick) Drivers, Stealth. Uncheck the rest, then Click OK.
    • Wait till the scanner has finished and then click File, Save Report.
    • Save the report somewhere where you can find it. Click Close.

    Please provide the GMER/Rootkit Unhooker log in your next reply. If you are still having trouble, come back and let me know.

Share this post


Link to post
Share on other sites

Hello,

 

I tried GMER again. I don't get a log. In safe mode it said it hasn't found any system modifications. I was able to run Rootkit Unhooker. Here is the log.

 

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6001 (Service Pack 1)

Number of processors #2

==============================================

>Drivers

==============================================

0x8A00F000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6184960 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)

0x81E07000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)

0x81E07000 PnpManager 3903488 bytes

0x81E07000 RAW 3903488 bytes

0x81E07000 WMIxWDM 3903488 bytes

0x8A800000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2260992 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)

0x92450000 Win32k 2109440 bytes

0x92450000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x8BE0B000 C:\Windows\system32\drivers\RTKVHDA.sys 1781760 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)

0x86401000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT File System Driver)

0x8607A000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x8BA49000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)

0x8620E000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)

0x806C6000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0xACE0A000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x8AA46000 C:\Windows\system32\drivers\ti21sony.sys 835584 bytes (Texas Instruments, ti21sony.sys)

0x8BB4C000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0xA6C24000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)

0x8632E000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x85E00000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)

0x86009000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0xA6D2A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x8060C000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)

0xAA0C4000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)

0x85F32000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8C2AD000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x8C21F000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)

0x85E89000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)

0x80685000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x8ABB3000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8A669000 C:\Windows\system32\DRIVERS\yk60x86.sys 258048 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)

0x8A60A000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8BA0C000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)

0x8C38E000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0x8C32C000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x861B0000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)

0xAA04B000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x86510000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x8A778000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x821C0000 ACPI_HAL 208896 bytes

0x821C0000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0x807A6000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8C267000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x8AB85000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x85F91000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)

0x8BFBE000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x86185000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x8A737000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0xA6CE3000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0x8AB37000 C:\Windows\system32\DRIVERS\Apfiltr.sys 167936 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)

0xACF37000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)

0xAA09C000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x86560000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x85EE0000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x8A7BD000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x8A6CA000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x86598000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0x863CD000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0xAA00C000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xAA02C000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x85FD6000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)

0xA6D97000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x862F7000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0xA6C01000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0xA6DB4000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8AB6C000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0xAA084000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8C377000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x8A6A8000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0xACF5F000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0x8C2F5000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8C209000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0xA6DCD000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x8A710000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0xACEFE000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)

0x8A6FC000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8C299000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8AB19000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)

0xA6D17000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8C319000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x8A657000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0xAA135000 C:\Windows\system32\DRIVERS\ipfltdrv.sys 73728 bytes (Microsoft Corporation, IP FILTER DRIVER)

0xACF13000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)

0x86587000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x8A7AC000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x8066C000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x807D8000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0xA6CD3000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x85FBE000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x8AA28000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)

0x8A725000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x8631B000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x865D0000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x86551000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x85F07000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x8A6ED000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8A648000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x85F23000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x8AA38000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)

0x92690000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8C30B000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x861EA000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x85F83000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)

0x8C3CA000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8BFEB000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)

0x8A76B000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x8A000000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)

0x85E7C000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0x8BA00000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)

0xACEF2000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0x8A7F0000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0xAA12A000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 45056 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)

0x8C3D7000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes

0x8AB2C000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0x8AB60000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x86200000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x8A6BF000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x8ABF4000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0x865F2000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8A5F5000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xACF2D000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)

0x85F19000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)

0x8C3E2000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes

0x8C3EC000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x85FF4000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)

0x8A761000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0xA6D0D000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8C368000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0xACEE8000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x865C7000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)

0x865B9000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x8BE00000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0xACF75000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x807E8000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0x863F6000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x92670000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x86312000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x85ECF000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x85FCE000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)

0x8067D000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x80604000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x85ED8000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8A600000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x863EE000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x86549000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0xACF25000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)

0x8A7E9000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x85F7C000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)

0x8A7E2000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x8AB12000 C:\Windows\System32\Drivers\SonyNC.sys 28672 bytes (Sony Corporation, Sony Firmware Extension Parser driver)

0x865C2000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)

0x8632A000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)

0x8C372000 C:\Windows\system32\drivers\elrawdsk.sys 16384 bytes (EldoS Corporation, RawDisk Driver. Allows write access to raw disk sectors for user mode applications in Windows 2000, XP, 2003, Vista, 2008.)

0xAA147000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)

0x85F16000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)

0x8A735000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8BFF8000 C:\Windows\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))

0x8BFF9000 C:\Windows\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))

0x8C376000 C:\Windows\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)

==============================================

>Stealth

==============================================

Share this post


Link to post
Share on other sites

Hello mary_to78

 

Thank you for the logs.

 

You have TV Bar 1.2 Toolbar installed. Do you use this toolbar? If not, I recommend that you uninstall it (you should be able to do so through add/remove programs).

 

 

  • Please open OTL

     

     

    • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

       

      :OTL
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.gamehouse...opcaploader.cab (PopCapLoader Object)
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [start explorer]
      [Reboot]
      
      

    • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
    • Allow the program to run unhindered.
    • Your machine will re-start itself. This is normal.
    • A log will be created after your machine reboots. Please post the contents of the log in your next reply.

  • MalwareBytes AntiMalware:

     

     

    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

     

    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.

    Please post the OTL log and the MBAM log in your next reply.

Share this post


Link to post
Share on other sites

Hello,

 

I uninstalled the TV Toolbar.

 

I was able to run OTL and malwarebytes. Malwarebytes did not find anything. Here is the OTL log.

 

All processes killed

========== OTL ==========

No active process named explorer.exe was found!

Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Owner

->Temp folder emptied: 286631410 bytes

->Temporary Internet Files folder emptied: 271691669 bytes

->Java cache emptied: 1515817 bytes

->Flash cache emptied: 2114467 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 37064907 bytes

RecycleBin emptied: 462206196 bytes

 

Total Files Cleaned = 1,012.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Owner

->Flash cache emptied: 0 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.17.3 log created on 12012010_165312

 

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\fb_2308.lck not found!

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Hi mary_to78,

 

JonTom will be away from the forum for a few days and asked if I'd finish this with you.

 

As a Vista user you will need to right click your browser icon and choose "Run as Administrator" in order to run this next scan. Do not do anything else with that instance of your browser except for this scan.

 

Once the scan is inished, please save the log and close that instance of your browser.

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

 

Go here to run an online scannner from

ESET

 

(Note: You must use Internet Explorer for this scan.)

 

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
  • Click Start
  • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
  • Click Scan.
  • Wait for the scan to finish.
  • Re-enable your Antivirus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. or C:\Program Files\ESET\log.txtWe will need this later.
Please post back with the ESET log.

 

Next

 

  • Right click on the icon and choose "Run as Administrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • In the Custom Scans and fixes window copy and paste the following

     

    C:\Users\Owner\AppData\Roaming\Internet Security Suite

    C:\ProgramData\ISKYS

    [2010/11/22 18:18:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\32b918

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

  • When the scan completes, it will open a notepad windows. OTL.Txt

Pleease post back with

  • Eset log
  • OTL.txt
How's the computer?

 

Thanks

Share this post


Link to post
Share on other sites

Hello and thanks for your help.

 

I ran ESET. It did not find any infections.

 

I ran OTL. I'll post the log below.

 

The computer is running much better now. Thanks!

 

OTL logfile created on: 12/2/2010 10:01:31 AM - Run 2

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1,014.00 Mb Total Physical Memory | 197.00 Mb Available Physical Memory | 19.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 178.94 Gb Total Space | 121.33 Gb Free Space | 67.81% Space Free | Partition Type: NTFS

 

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe (Adobe Systems, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)

PRC - C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)

PRC - C:\Windows\System32\igfxext.exe (Intel Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)

PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Sony\VAIO Service Utility\VAIO-SUTOOL.exe (Sony Corporation)

PRC - C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe (Sony Corporation)

PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)

PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Users\Owner\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)

SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)

SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)

SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)

SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)

SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)

SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)

SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)

SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)

SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()

SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)

SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)

 

 

========== Driver Services (SafeList) ==========

 

DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (FNETURPX) -- C:\Windows\System32\drivers\FNETURPX.SYS File not found

DRV - (FNETTBOH) -- C:\Windows\System32\drivers\FNETTBOH.SYS File not found

DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found

DRV - (ElRawDisk) -- C:\Windows\System32\drivers\elrawdsk.sys (EldoS Corporation)

DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)

DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)

DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)

DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)

DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)

DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)

DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)

DRV - (Cdralw2k) -- C:\Windows\System32\drivers\cdralw2k.sys (Sonic Solutions)

DRV - (Cdr4_xp) -- C:\Windows\System32\drivers\cdr4_xp.sys (Sonic Solutions)

DRV - (SNC) -- C:\Windows\System32\drivers\SonyNC.sys (Sony Corporation)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)

DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)

DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.azcentral.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

[2009/07/30 20:24:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions

[2009/07/30 20:24:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

 

O1 HOSTS File: ([2009/07/12 10:24:35 | 000,001,108 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - MRI_DISABLED - No CLSID value found.

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)

O13 - gopher Prefix: missing

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.11 68.105.29.11

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)

O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/12/02 08:37:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/12/02 07:50:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/12/01 16:38:41 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/12/01 11:14:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MustBeRandomlyNamed

[2010/12/01 11:13:16 | 000,719,574 | ---- | C] (UG North ) -- C:\Users\Owner\Desktop\RkU3.8.388.590.exe

[2010/11/30 17:04:20 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2010/11/28 18:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/11/28 12:43:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes

[2010/11/28 12:43:20 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/11/28 12:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/11/28 12:42:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/11/28 12:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/28 12:41:13 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Owner\Desktop\mbam-setup-1.46.exe

[2010/11/23 19:46:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVG10

[2010/11/23 19:40:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10

[2010/11/23 18:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2010/11/22 19:07:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders

[2010/11/22 19:07:13 | 000,000,000 | ---D | C] -- C:\e2521777eab362898f386a

[2010/11/22 18:19:31 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Roaming\Internet Security Suite

[2010/11/22 18:19:30 | 000,000,000 | -HSD | C] -- C:\ProgramData\ISKYS

[2010/11/22 18:18:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\32b918

[2010/11/10 03:02:23 | 000,000,000 | ---D | C] -- C:\d7b57baddcba16a6e2a472ebb8d22a1a

 

========== Files - Modified Within 30 Days ==========

 

[2010/12/02 10:00:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/12/02 10:00:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/12/02 08:00:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/12/02 07:37:06 | 000,074,703 | ---- | M] () -- C:\Windows\System32\mfc45.dll

[2010/12/01 11:09:30 | 000,629,057 | ---- | M] () -- C:\Users\Owner\Desktop\RkU3.8.388.590.rar

[2010/12/01 10:53:31 | 192,395,552 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010/11/30 17:42:06 | 000,000,000 | ---- | M] () -- C:\Users\Owner\defogger_reenable

[2010/11/30 17:08:42 | 000,050,477 | ---- | M] () -- C:\Users\Owner\Desktop\Defogger.exe

[2010/11/30 17:02:04 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/11/28 18:18:20 | 000,002,523 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.lnk

[2010/11/28 12:43:28 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/28 12:41:53 | 000,612,830 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/11/28 12:41:53 | 000,107,860 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/11/23 19:51:14 | 000,002,347 | ---- | M] () -- C:\Users\Owner\Desktop\Home.lnk

[2010/11/23 17:35:28 | 000,001,634 | ---- | M] () -- C:\Users\Owner\Desktop\Computer.lnk

[2010/11/19 13:07:22 | 000,288,107 | ---- | M] () -- C:\Users\Owner\Desktop\gmer.zip

[2010/11/18 22:30:54 | 001,402,880 | ---- | M] () -- C:\Users\Owner\Desktop\HiJackThis.msi

[2010/11/17 16:05:46 | 000,011,733 | ---- | M] () -- C:\Users\Owner\Documents\Fire Roasted Tomato Soup.docx

[2010/11/17 14:59:18 | 000,026,112 | ---- | M] () -- C:\Users\Owner\Documents\Alicia's Address Houston.doc

[2010/11/13 17:33:15 | 000,015,872 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/11/08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Users\Owner\Desktop\gmer.exe

 

========== Files Created - No Company Name ==========

 

[2010/12/02 07:37:06 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll

[2010/12/01 11:10:43 | 000,629,057 | ---- | C] () -- C:\Users\Owner\Desktop\RkU3.8.388.590.rar

[2010/11/30 17:42:06 | 000,000,000 | ---- | C] () -- C:\Users\Owner\defogger_reenable

[2010/11/30 17:41:15 | 000,288,107 | ---- | C] () -- C:\Users\Owner\Desktop\gmer.zip

[2010/11/30 17:41:03 | 000,050,477 | ---- | C] () -- C:\Users\Owner\Desktop\Defogger.exe

[2010/11/28 18:14:22 | 000,002,523 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.lnk

[2010/11/28 12:43:28 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/11/28 12:40:50 | 001,402,880 | ---- | C] () -- C:\Users\Owner\Desktop\HiJackThis.msi

[2010/11/23 19:51:14 | 000,002,347 | ---- | C] () -- C:\Users\Owner\Desktop\Home.lnk

[2010/11/22 18:20:06 | 000,001,634 | ---- | C] () -- C:\Users\Owner\Desktop\Computer.lnk

[2010/11/17 16:05:41 | 000,011,733 | ---- | C] () -- C:\Users\Owner\Documents\Fire Roasted Tomato Soup.docx

[2010/11/17 14:59:17 | 000,026,112 | ---- | C] () -- C:\Users\Owner\Documents\Alicia's Address Houston.doc

[2010/11/08 10:32:38 | 000,296,448 | ---- | C] () -- C:\Users\Owner\Desktop\gmer.exe

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2008/03/25 09:02:53 | 000,015,872 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/12/11 20:54:01 | 000,004,171 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2007/10/25 03:05:32 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll

[2007/10/25 03:01:49 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll

[2007/10/25 02:56:12 | 001,132,112 | ---- | C] () -- C:\ProgramData\pswi_preloaded.exe

[2007/08/26 15:03:19 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI

[2007/08/26 14:18:48 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll

[2007/08/26 14:18:48 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2007/08/26 14:18:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll

[2007/06/14 12:02:02 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2007/06/14 12:02:01 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2007/06/14 12:01:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

 

========== Custom Scans ==========

 

 

< C:\Users\Owner\AppData\Roaming\Internet Security Suite >

 

< C:\ProgramData\ISKYS >

 

< [2010/11/22 18:18:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\32b918 >

Invalid Switch: 22 18:18:33 | 000,000,000 | -HSD | C] -- C:\ProgramData\32b918

 

 

< >

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:17639624

 

< End of report >

Share this post


Link to post
Share on other sites

Hi mary_to78,

 

Do you still have AVG installed? It seems to have disappeared from the logs.

 

Could I get you to do another quick little scan?

 

  • Right click on OTL.exe and select "Run as Adminstrator" to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, click the None button near the top (it may looked greyed out)

  • In the window under Custom Scans/Fixes copy and paste the following

     

    C:\ProgramData\32b918\*.* /s

    C:\Users\Owner\AppData\Roaming\Internet Security Suite\*.* /s

    C:\ProgramData\ISKYS\*.* /s

     

     

     

     

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

 

Thanks

Share this post


Link to post
Share on other sites

Hello,

 

I uninstalled AVG because it would freeze the computer when I tried to disable it. Here is a new OTL log.

 

OTL logfile created on: 12/2/2010 7:24:21 PM - Run 3

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Owner\Desktop

Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1,014.00 Mb Total Physical Memory | 208.00 Mb Available Physical Memory | 20.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 178.94 Gb Total Space | 121.42 Gb Free Space | 67.86% Space Free | Partition Type: NTFS

 

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

 

========== Custom Scans ==========

 

 

< C:\ProgramData\32b918\*.* /s >

[2010/11/23 17:35:27 | 000,000,288 | ---- | M] () -- C:\ProgramData\32b918\182347.reg

[2010/11/23 17:26:59 | 000,000,085 | ---- | M] () -- C:\ProgramData\32b918\9d2a7379f890eb472243c999ebf67cc7.ocx

[2010/11/23 17:35:17 | 000,004,286 | ---- | M] () -- C:\ProgramData\32b918\ISS.ico

[2010/11/22 18:20:06 | 000,004,286 | ---- | M] () -- C:\ProgramData\32b918\mcp.ico

[2010/11/22 18:20:10 | 000,000,055 | ---- | M] () -- C:\ProgramData\32b918\vghm9s01u8ny2p45e7tm9q01ucu8dfg2p4hkn.dll

[2007/12/11 21:08:37 | 000,001,972 | ---- | M] () -- C:\ProgramData\32b918\BackUp\HP Digital Imaging Monitor.lnk

[2007/10/25 03:36:12 | 000,002,473 | -H-- | M] () -- C:\ProgramData\32b918\BackUp\MRI_DISABLED\Adobe Acrobat Speed Launcher.lnk

[2007/10/25 02:33:48 | 000,001,964 | -H-- | M] () -- C:\ProgramData\32b918\BackUp\MRI_DISABLED\Adobe Acrobat Synchronizer.lnk

[2007/08/26 14:40:30 | 000,000,582 | -H-- | M] () -- C:\ProgramData\32b918\BackUp\MRI_DISABLED\AOL DDI.lnk

[2007/10/25 02:27:18 | 000,002,291 | -H-- | M] () -- C:\ProgramData\32b918\BackUp\MRI_DISABLED\QuickBooks Update Agent.lnk

 

< C:\Users\Owner\AppData\Roaming\Internet Security Suite\*.* /s >

[2010/11/22 18:20:04 | 000,001,377 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Internet Security Suite\Instructions.ini

 

< C:\ProgramData\ISKYS\*.* /s >

[2010/11/23 17:36:03 | 000,027,352 | -HS- | M] () -- C:\ProgramData\ISKYS\ISJZHNFQS.cfg

 

< >

 

< End of report >

Share this post


Link to post
Share on other sites

Hi mary_to78,

 

I'll give you some links for some free antivrus programs including AVG. Please do this fix first then reinstall AVG or an alternate antivirus programs.

 

 

Next, Right click on OTL.exe and chose Run as Administrator to run it

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Services

:OTL
O4 - HKLM..\Run: [] File not found
IE - HKCU\..\URLSearchHook: {70a38074-97a6-45da-b1a1-34b0a34dc3ff} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.

:Files
C:\ProgramData\32b918\182347.reg
C:\ProgramData\32b918\9d2a7379f890eb472243c999ebf67cc7.ocx
C:\ProgramData\32b918\ISS.ico
C:\ProgramData\32b918\mcp.ico
C:\Users\Owner\AppData\Roaming\Internet Security Suite
C:\ProgramData\32b918\vghm9s01u8ny2p45e7tm9q01ucu8dfg2p4hkn.dll
C:\ProgramData\ISKYS

:Commands
[createrestorepoint]
[emptytemp]

Then click the Run Fix button at the top

  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.

Please install one of these antivirus programs.

 

Avast

Help and support can be found here Avast Forum

AVG

Help and support can be found here AVG Forum

Antivir PersonalEditionClassic

Help and support can be found here Avira Personal Support Forum

 

 

Please post back with the OTL fix log. We'll clean up the tools after you have posted back.

 

Thanks

Share this post


Link to post
Share on other sites

Hello,

 

I'll reinstall AVG. Here is a new OTL log.

 

All processes killed

========== SERVICES/DRIVERS ==========

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{70a38074-97a6-45da-b1a1-34b0a34dc3ff} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70a38074-97a6-45da-b1a1-34b0a34dc3ff}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.

========== FILES ==========

C:\ProgramData\32b918\182347.reg moved successfully.

C:\ProgramData\32b918\9d2a7379f890eb472243c999ebf67cc7.ocx moved successfully.

C:\ProgramData\32b918\ISS.ico moved successfully.

C:\ProgramData\32b918\mcp.ico moved successfully.

C:\Users\Owner\AppData\Roaming\Internet Security Suite folder moved successfully.

C:\ProgramData\32b918\vghm9s01u8ny2p45e7tm9q01ucu8dfg2p4hkn.dll moved successfully.

C:\ProgramData\ISKYS folder moved successfully.

========== COMMANDS ==========

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Owner

->Temp folder emptied: 2206300 bytes

->Temporary Internet Files folder emptied: 4160758 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 456 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 29621 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 6.00 mb

 

 

OTL by OldTimer - Version 3.2.17.3 log created on 12022010_233829

 

Files\Folders moved on Reboot...

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5CXNVJG0\index[1].htm moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

C:\Users\Owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Hi mary_to78,

 

Keep Defogger, we will use it shortly.

 

From your desktop, please delete, if present

  • any notepads/logs that we created
  • Rootkit Unhooker
  • GMER.exe
  • GMER.zip

 

Next

 

*Create a new Restore Point*

 

  • Click on the Start button to open your Start Menu.
  • Click on the Control Panel menu option.
  • Click on the System and Maintenance menu option.
  • Click on the System menu option.
  • Click on System Protection in the left-hand task list.
  • Create the manual restore point you should click on the Create button. When you press this button a prompt will appear asking you to provide a title for this manual restore point.
  • Type in a title for the manual restore point and press the Create button.
  • Close the System window after you have been advised that the procedure has been successfully completed.

     

     

    *Remove old Restore Points*

  • Next, go to Start > Run and type in cleanmgr
  • Select the More options tab
  • Choose the option to clean up system restore and Ok it
This will remove all restore points except the most recent one.

 

 

Next

 

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

 

Your Emulation drivers are now re-enabled.

 

 

Next

 

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

 

 

I suggest you keep MBAM. Keep it updated and use it regularly.

 

 

Eset online scanner can be uninstalled if you wish,

 

Click on the Start button > Control Panel

 

Depending on your setings, either

  • click on the Uninstall a program option under the Programs category.
  • If you are using the Classic View of the Control Panel, then you would double-click on the Programs and Features icon instead.

 

Some Recommendations and prevention tips

 

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall.

 

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

 

Click FIREWALL for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware)

 

 

You should also use Spyware Blaster to help immunize your computer.

 

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer

settings that will protect you from running and downloading known malicious programs.

 

OR

 

A guide to understanding and using the hosts file.

 

Learn how your Hosts file can protect you and how you can protect it.

Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.

HOSTS

 

Please read the info on disabling the DNS Client before installing a custom hosts file.

 

 

-Secure your Internet Explorer

 

From within Internet Explorer click on the Tools menu and then click on Options.

  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

 

 

- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis

 

- Ensure that Automatic Update is turned on so you get all the latest patches.

Click start, control panel, click Security Center.

 

- Keep your antivirus program updated, as well as any other security programs you have.

 

-Check this site out to check for out of date programs

Secunia Personal Software Inspector (PSI) 1.0

 

-More tips and programs can be found HERE

 

- You may also want to read this article By Tony Klein

http://www.freedomlist.com/forum/viewtopic.php?t=22879

 

 

Please post back if you have any problems. We'll keep this thread open for a couple of days.

 

Take care

Share this post


Link to post
Share on other sites

As this problem appears to be resolved this thread is now closed.

 

I would like to send out a huge Thank You to oldman960 for all of his fantastic help during my absence.

 

Best wishes

JonTom

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×