Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ping.exe and Redirect


  • Please log in to reply

#1
jcollins

jcollins

    Member

  • Member
  • PipPip
  • 14 posts
I am having the same problem as others here. I first got the fake XP Security Center 2012 shield appear in the bottom-right taskbar, which prevented opening of MBAM. At the same time, Google started redirecting to various sites such as yellowise.com and adultfriendfinder.com. I was able to find a description of this virus as using an XXX.exe filename (where X is random letters), and I found that the process emo.exe was currently running and had very recently been installed to my Local Settings file. After deleting this file, I was able to run MBAM, which did not find anything further. Today, however, the ping.exe program has been running constantly, and the Google redirect is still happening. Both Sophos and MBAM have been occasionally finding and quarantining various dll files with names containing either 'trojan' or 'virus', which seems odd to me. The last MBAM scan found nothing.

The OTL log is below, any help much appreciated - thank you.

OTL logfile created on: 04/12/2011 13:33:52 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\James\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.11 Mb Total Physical Memory | 124.54 Mb Available Physical Memory | 12.18% Memory free
3.90 Gb Paging File | 2.75 Gb Available in Paging File | 70.48% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 6.14 Gb Free Space | 10.99% Space Free | Partition Type: NTFS
Drive D: | 47.98 Gb Total Space | 18.27 Gb Free Space | 38.08% Space Free | Partition Type: NTFS

Computer Name: COLLINS | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/04 13:31:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
PRC - [2011/11/22 15:45:32 | 000,161,336 | ---- | M] (Google) -- C:\Documents and Settings\James\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/05/25 12:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/10/08 06:15:18 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2010/10/08 06:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/09/30 03:08:31 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/09/30 03:08:30 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2010/06/04 02:23:16 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2008/04/13 16:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/20 03:37:09 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/11/07 06:30:08 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/04/13 04:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/04 05:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/11/28 04:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 04:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/08 18:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/07 08:56:08 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/24 20:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005/11/28 02:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 02:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 02:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/09/08 18:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
MOD - [2005/05/20 08:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/10/08 06:15:18 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2010/10/08 06:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/09/30 03:08:30 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/06/04 02:23:16 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2007/01/20 03:37:09 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/11/07 06:30:08 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/08/25 03:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/06/12 23:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 00:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 01:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 01:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/05/07 19:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 08:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 08:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 08:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 04:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/04/04 05:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 04:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 04:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 04:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/08 18:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/07/14 10:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/01/04 02:09:36 | 000,398,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -- (VCI)


========== Driver Services (SafeList) ==========

DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/07 08:56:08 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2010/11/08 13:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 13:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/10/08 06:14:59 | 000,153,344 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2010/10/08 06:14:59 | 000,024,064 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2009/08/05 14:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/05/22 23:38:25 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2008/04/13 11:18:00 | 000,052,480 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\i8042prt.sys -- (i8042prt)
DRV - [2006/09/01 07:45:07 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/05/25 14:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/06 01:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/21 01:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/08 08:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/02 14:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/31 09:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/12/29 01:42:00 | 000,234,496 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/12/14 08:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/12/04 15:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 03:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/24 04:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/11 06:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/17 23:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/17 23:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/17 23:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/20 16:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005/09/19 22:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2005/08/01 07:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 09:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 04:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/21 20:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/31 19:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2000/12/05 07:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 02:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....=PCAFSI1190&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=11.0: C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=11.0: C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/25 13:28:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/15 15:47:43 | 000,000,000 | ---D | M]

[2011/02/03 02:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2011/12/02 21:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\2ngdthb1.default\extensions
[2011/02/03 05:30:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\2ngdthb1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/02 21:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/07 20:52:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 20:52:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/23 20:38:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/15 15:47:35 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/07 11:04:08 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011/10/15 15:47:35 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/15 15:47:35 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/15 15:47:35 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - Startup: C:\Documents and Settings\James\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} http://as.photoprint...PSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55AFEFDB-F7E2-4390-888D-2F1CD3F55B08}: DhcpNameServer = 192.168.7.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/25 08:47:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/09/19 18:58:06 | 000,000,000 | ---D | M] - C:\Autostitch -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/04 13:31:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/12/03 08:59:30 | 000,000,000 | ---D | C] -- C:\camera back up from 3rd Dec
[2011/11/28 21:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/11/28 21:35:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/11/28 21:35:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/11/25 15:08:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\James\Recent
[2011/11/25 09:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\vlc
[2011/11/25 09:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/11/25 09:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/11/07 21:28:38 | 000,056,208 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/04 13:45:10 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-294901063-826198544-1246034819-1006UA.job
[2011/12/04 13:32:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/04 13:31:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/12/04 12:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/12/04 11:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2011/12/04 10:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/12/04 09:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2011/12/04 09:24:13 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\mksl.sys
[2011/12/04 08:57:07 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/04 08:56:56 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/04 08:55:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/04 08:55:52 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/03 18:06:03 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/03 17:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2011/12/03 17:36:07 | 001,547,774 | ---- | M] () -- C:\Documents and Settings\James\Desktop\tdsskiller.zip
[2011/12/03 16:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/12/03 15:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2011/12/03 14:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/12/03 13:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2011/12/03 13:27:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\8AS8c07.dat
[2011/12/03 13:27:02 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\k3IHi57.exe
[2011/12/03 13:26:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\k3IHi57.com
[2011/12/03 13:26:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\k3IHi57.com
[2011/12/03 12:29:28 | 000,010,606 | -HS- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/12/03 12:29:28 | 000,010,606 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/12/03 10:35:44 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/03 08:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/12/02 22:50:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/12/02 21:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2011/12/02 21:45:03 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-294901063-826198544-1246034819-1006Core.job
[2011/12/02 20:49:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/01 20:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/11/30 22:19:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/30 19:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2011/11/29 07:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2011/11/29 06:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/11/29 05:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2011/11/29 04:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/11/29 03:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/11/29 03:20:52 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/11/29 03:20:51 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/11/29 02:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/11/29 01:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/11/29 00:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/11/28 23:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2011/11/28 21:40:44 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Windows Media Player.lnk
[2011/11/28 21:38:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/11/28 21:35:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/11/28 08:05:17 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\_rgpl
[2011/11/27 19:30:09 | 000,000,594 | ---- | M] () -- C:\WINDOWS\tasks\New scan.job
[2011/11/27 18:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/11/25 09:20:24 | 004,393,569 | ---- | M] () -- C:\Documents and Settings\James\Desktop\IMG_0085.MOV
[2011/11/24 14:36:56 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Imperial College.lnk
[2011/11/19 12:45:42 | 002,620,690 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Baby Jools 051.psd
[2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2011/11/06 07:19:09 | 000,512,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/06 07:19:09 | 000,100,310 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/04 09:24:13 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\mksl.sys
[2011/12/03 17:36:03 | 001,547,774 | ---- | C] () -- C:\Documents and Settings\James\Desktop\tdsskiller.zip
[2011/12/03 13:27:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8AS8c07.dat
[2011/12/03 13:27:02 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\k3IHi57.exe
[2011/12/03 13:26:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\k3IHi57.com
[2011/12/03 13:26:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\k3IHi57.com
[2011/12/03 12:25:18 | 000,010,606 | -HS- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/12/03 12:25:18 | 000,010,606 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/11/28 21:40:44 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Windows Media Player.lnk
[2011/11/28 21:35:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/11/28 21:34:20 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/28 08:05:17 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\_rgpl
[2011/11/25 09:20:24 | 004,393,569 | ---- | C] () -- C:\Documents and Settings\James\Desktop\IMG_0085.MOV
[2011/11/24 14:36:56 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Imperial College.lnk
[2011/11/19 12:45:41 | 002,620,690 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Baby Jools 051.psd
[2011/05/06 07:11:01 | 000,002,376 | ---- | C] () -- C:\WINDOWS\COLLINS0826.ini
[2011/05/02 19:14:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/12 04:45:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/02/03 02:31:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/24 07:31:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/11/01 02:32:43 | 317,539,720 | ---- | C] () -- C:\Program Files\cb3u1101.exe
[2007/08/28 10:37:54 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/23 01:28:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/11/12 07:13:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2006/10/31 09:01:33 | 000,000,952 | ---- | C] () -- C:\Documents and Settings\James\Application Data\wklnhst.dat
[2006/09/01 07:41:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/01 07:33:41 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/09/01 07:31:56 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/09/01 07:30:08 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/26 04:04:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/26 03:26:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/26 03:26:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/26 03:26:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/26 03:26:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/26 03:26:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/26 03:26:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/26 03:17:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2006/07/26 03:16:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/07/25 09:36:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/25 09:36:07 | 000,321,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/25 08:50:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/25 08:44:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/25 00:30:07 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/25 00:30:02 | 000,003,822 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/25 00:29:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/25 00:29:05 | 000,512,974 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/25 00:29:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/25 00:29:05 | 000,100,310 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/25 00:29:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/25 00:29:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/25 00:29:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/25 00:29:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/25 00:28:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/25 00:28:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/25 00:28:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/25 00:28:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/04 17:07:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 05:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/03 15:14:38 | 000,052,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\i8042prt.sys

========== LOP Check ==========

[2011/03/20 17:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2008/11/01 02:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CambridgeSoft
[2008/09/30 11:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2011/03/06 22:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ENotebook 11.0
[2007/03/25 10:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/12/18 15:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2010/12/04 05:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mestrelab Research S.L
[2011/05/06 22:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2006/11/07 06:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Pack
[2011/05/14 17:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/05/14 17:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
[2011/03/20 17:08:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/05/30 12:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/03/20 16:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/15 07:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/04/23 20:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\ChemAxon
[2006/11/12 07:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\DIMAGE
[2011/12/04 08:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Dropbox
[2011/07/29 15:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\EndNote
[2006/11/18 14:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\InterVideo
[2010/12/04 05:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mestrelab Research S.L
[2011/03/27 19:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Neverball
[2011/06/05 18:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Opera
[2006/11/07 06:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Prism Pack
[2006/10/22 07:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\sony
[2006/10/31 09:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Template
[2011/05/30 12:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Trusteer
[2011/11/29 00:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/12/04 09:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2011/12/04 10:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/12/04 11:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2011/12/04 12:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/12/03 13:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2011/12/03 14:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/12/03 15:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2011/12/03 16:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/12/03 17:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2011/11/27 18:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/11/29 01:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/11/30 19:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2011/12/01 20:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/12/02 21:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2011/12/02 22:50:05 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/11/28 23:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2011/11/29 02:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/11/29 03:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2011/11/29 04:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/11/29 05:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2011/11/29 06:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/11/29 07:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2011/12/03 08:50:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2011/11/27 19:30:09 | 000,000,594 | ---- | M] () -- C:\WINDOWS\Tasks\New scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BDC35B1C

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Run OTL, Quickscan and post the log.

Ron
  • 0

#3
jcollins

jcollins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron, sorry for the delay, I only got round to doing this tonight and it didn't exactly go smoothly. I've posted all the log files that you asked for below, and will explain here all the problems I had in case you can help someone avoid these potential issues (to do with rebooting via a log-in screen and possibly not having a USB mouse for a laptop), but obviously feel free to skip further down if this isn't useful information:

I hope this has solved my problem, thanks for your help and any further help you might be able to give.
James.


Firstly, having disabled the on-access scanning in Sophos, I immediately got a pop-up notification upon starting Combofix that Sophos had detected " 'suspicious behaviour' HIPS/RegMod-021" and removed it to quarantine, with no action taken. Immediately afterwards the blue Combofix screen appeared, and the after that Sophos notified 'suspicious behaviour' HIPS/ProcMod-002" had been detected and removed it to quarantine, with no action taken.

Combofix then asked to download recovery console, and then said 'You are infected with Rootkit.ZeroAccess!' in the tcp/ip stack. After that, another window appeared saying that Rootkit was detected and then a third window saying that Rootkit activity had been detected and that a reboot was needed.

After rebooting, the keyboard and mouse pad were frozen, and therefore I was stuck at the log-in screen (I have various accounts). After much deliberation, the only thing I was able to do was a forced shutdown, but on startup, the same thing happened. The same thing also happened in safemode. Using a USB mouse, I was able to log onto one non-administrator account without a password, and got two recurring Combofix windows cascading in rapid succession titled Combofix\pev.exe and Combofix\CF32643.exe. These proceeded to flash on and off continuously for 5-10 minutes (I occasionally saw the words 'access denied', before stopping whilst I was trying to log off. I was then able to painstakingly type out the required password using the mouse and copy it to later paste into the login screen. At this point, I got the correct Combofix Autoscan window. This all went straightforwardly, although I had to go through the whole process again following another reboot. After it had finished, I ran TDSSKiller, which found and cured Rootkit.win32.2Access.k, and rebooted, at which point the keyboard and mouse pad finally unfroze. The rest of the process went smoothly.

ComboFix 11-12-09.04 - James 09/12/2011 21:42:12.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.422 [GMT -8:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\k3IHi57.exe
c:\documents and settings\All Users\Application Data\TEMP
c:\program files\cb3u1101.exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\windows\$NtUninstallKB58345$\1049759885
c:\windows\$NtUninstallKB58345$\1777109509\@
c:\windows\$NtUninstallKB58345$\1777109509\bckfg.tmp
c:\windows\$NtUninstallKB58345$\1777109509\cfg.ini
c:\windows\$NtUninstallKB58345$\1777109509\Desktop.ini
c:\windows\$NtUninstallKB58345$\1777109509\keywords
c:\windows\$NtUninstallKB58345$\1777109509\kwrd.dll
c:\windows\$NtUninstallKB58345$\1777109509\L\netzvixw
c:\windows\$NtUninstallKB58345$\1777109509\lsflt7.ver
c:\windows\$NtUninstallKB58345$\1777109509\U\[email protected]
c:\windows\$NtUninstallKB58345$\1777109509\U\[email protected]
c:\windows\$NtUninstallKB58345$\1777109509\U\[email protected]
c:\windows\$NtUninstallKB58345$\1777109509\U\[email protected]
c:\windows\$NtUninstallKB58345$\1777109509\U\[email protected]
c:\windows\$NtUninstallKB58345$\1777109509\U\[email protected]
c:\windows\kb913800.exe
c:\windows\setupapi.log
c:\windows\system32\config\systemprofile\k3IHi57.exe
c:\windows\$NtUninstallKB58345$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2011-11-10 to 2011-12-10 )))))))))))))))))))))))))))))))
.
.
2011-12-10 05:37 . 2011-12-10 05:37 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2011-12-10 05:23 . 2011-12-10 05:23 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2011-12-03 23:07 . 2011-12-03 23:07 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-03 21:26 . 2011-12-03 21:26 0 ----a-w- c:\documents and settings\James\Local Settings\Application Data\k3IHi57.com
2011-12-03 21:26 . 2011-12-03 21:26 0 ----a-w- c:\windows\system32\k3IHi57.com
2011-12-03 16:59 . 2011-12-03 18:35 -------- d-----w- C:\camera back up from 3rd Dec
2011-11-29 05:40 . 2011-11-29 05:40 -------- d-----w- c:\program files\Windows Media Connect 2
2011-11-29 05:35 . 2011-11-29 05:37 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-11-29 05:35 . 2011-11-29 05:35 -------- d-----w- c:\windows\system32\LogFiles
2011-11-25 17:34 . 2011-11-25 17:37 -------- d-----w- c:\documents and settings\James\Application Data\vlc
2011-11-25 17:32 . 2011-11-25 17:32 -------- d-----w- c:\program files\VideoLAN
2011-11-24 15:52 . 2011-11-24 15:52 -------- d-----w- c:\documents and settings\staples\Local Settings\Application Data\Trusteer
2011-11-24 15:51 . 2011-11-24 15:51 -------- d-sh--w- c:\documents and settings\staples\IETldCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 03:31 . 2011-06-21 02:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 05:28 . 2011-11-08 05:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-10-13 17:18 . 2011-05-15 01:49 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe
2011-10-10 14:22 . 2006-07-25 16:45 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-07-25 08:28 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2006-07-25 08:29 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2006-07-25 08:29 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
<pre>
c:\program files\Apoint\Apoint .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain .exe
c:\program files\Sony\ISB Utility\ISBMgr .exe
c:\program files\Sony\SonicStage\SsAAD .exe
c:\program files\Sony\VAIO Camera Utility\VCUServe .exe
c:\program files\Sony\VAIO Power Management\SPMgr .exe
c:\program files\Sony\VAIO Update 2\VAIOUpdt .exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher .exe
c:\program files\Symantec AntiVirus\VPTray .exe
c:\windows\ehome\ehtray .exe
</pre>
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2010-09-30 439536]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\James\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\staples\Application Data\Dropbox\bin\Dropbox.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 13:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask .exe -atboottime [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-04 04:03 136176 ----atw- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mouse Suite 98 Daemon]
ICO.EXE [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ChemDraw\\ChemDraw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\Chem3D\\Chem3D.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ENotebook\\ENClientRemote.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\James\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\James\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [14/05/2011 17:48 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [14/05/2011 17:48 24064]
R2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/12/2010 17:29 29293408]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [08/10/2010 06:15 163056]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [04/06/2010 02:23 97520]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [08/10/2010 06:15 1541360]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 08:56 21520]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [25/07/2006 00:30 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [25/07/2006 00:30 226304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/02/2010 04:49 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/02/2010 04:49 135664]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [14/05/2011 17:48 14976]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 12:48]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 12:48]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-294901063-826198544-1246034819-1006Core.job
- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 04:03]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-294901063-826198544-1246034819-1006UA.job
- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 04:03]
.
2011-12-05 c:\windows\Tasks\New scan.job
- c:\program files\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe [2010-06-04 10:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.club-vaio.com/en/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Add RSS Support Site to VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
LSP: c:\documents and settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
TCP: DhcpNameServer = 192.168.7.254
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\2ngdthb1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-09 22:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'lsass.exe'(980)
c:\documents and settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll
.
- - - - - - - > 'explorer.exe'(140)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-12-09 22:14:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-10 06:14
.
Pre-Run: 6,426,861,568 bytes free
Post-Run: 9,557,782,528 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"
.
- - End Of File - - EE9743A13F7AD3C23678BE01AA6B1D3D


22:21:49.0687 6024 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
22:21:56.0125 6024 Perform update action was selected
22:21:56.0125 6008 Deinitialize success



22:23:04.0828 4956 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
22:23:05.0328 4956 ============================================================
22:23:05.0328 4956 Current date / time: 2011/12/09 22:23:05.0328
22:23:05.0328 4956 SystemInfo:
22:23:05.0328 4956
22:23:05.0328 4956 OS Version: 5.1.2600 ServicePack: 3.0
22:23:05.0328 4956 Product type: Workstation
22:23:05.0328 4956 ComputerName: COLLINS
22:23:05.0328 4956 UserName: James
22:23:05.0328 4956 Windows directory: C:\WINDOWS
22:23:05.0328 4956 System windows directory: C:\WINDOWS
22:23:05.0328 4956 Processor architecture: Intel x86
22:23:05.0328 4956 Number of processors: 2
22:23:05.0328 4956 Page size: 0x1000
22:23:05.0328 4956 Boot type: Normal boot
22:23:05.0328 4956 ============================================================
22:23:07.0062 4956 Initialize success
22:23:16.0609 4316 ============================================================
22:23:16.0609 4316 Scan started
22:23:16.0609 4316 Mode: Manual;
22:23:16.0609 4316 ============================================================
22:23:19.0250 4316 Abiosdsk - ok
22:23:19.0296 4316 abp480n5 - ok
22:23:19.0375 4316 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
22:23:19.0375 4316 ACPI - ok
22:23:19.0437 4316 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
22:23:19.0437 4316 ACPIEC - ok
22:23:19.0453 4316 adpu160m - ok
22:23:19.0484 4316 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
22:23:19.0484 4316 aec - ok
22:23:19.0546 4316 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
22:23:19.0546 4316 AegisP - ok
22:23:19.0609 4316 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
22:23:19.0609 4316 AFD - ok
22:23:19.0625 4316 Aha154x - ok
22:23:19.0640 4316 aic78u2 - ok
22:23:19.0640 4316 aic78xx - ok
22:23:19.0671 4316 AliIde - ok
22:23:19.0671 4316 amsint - ok
22:23:19.0734 4316 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
22:23:19.0734 4316 ApfiltrService - ok
22:23:19.0859 4316 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
22:23:19.0859 4316 Arp1394 - ok
22:23:19.0890 4316 asc - ok
22:23:19.0953 4316 asc3350p - ok
22:23:19.0984 4316 asc3550 - ok
22:23:20.0062 4316 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
22:23:20.0078 4316 AsyncMac - ok
22:23:20.0140 4316 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
22:23:20.0140 4316 atapi - ok
22:23:20.0156 4316 Atdisk - ok
22:23:20.0187 4316 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
22:23:20.0203 4316 Atmarpc - ok
22:23:20.0218 4316 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
22:23:20.0218 4316 audstub - ok
22:23:20.0281 4316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
22:23:20.0281 4316 Beep - ok
22:23:20.0531 4316 catchme - ok
22:23:20.0671 4316 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
22:23:20.0671 4316 cbidf2k - ok
22:23:20.0750 4316 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
22:23:20.0765 4316 CCDECODE - ok
22:23:20.0796 4316 cd20xrnt - ok
22:23:20.0937 4316 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
22:23:20.0937 4316 Cdaudio - ok
22:23:21.0000 4316 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
22:23:21.0000 4316 Cdfs - ok
22:23:21.0093 4316 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
22:23:21.0093 4316 Cdrom - ok
22:23:21.0125 4316 Changer - ok
22:23:21.0171 4316 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
22:23:21.0187 4316 CmBatt - ok
22:23:21.0218 4316 CmdIde - ok
22:23:21.0265 4316 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
22:23:21.0265 4316 Compbatt - ok
22:23:21.0328 4316 Cpqarray - ok
22:23:21.0375 4316 dac2w2k - ok
22:23:21.0421 4316 dac960nt - ok
22:23:21.0500 4316 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
22:23:21.0500 4316 Disk - ok
22:23:21.0562 4316 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
22:23:21.0593 4316 dmboot - ok
22:23:21.0703 4316 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
22:23:21.0703 4316 DMICall - ok
22:23:21.0781 4316 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
22:23:21.0781 4316 dmio - ok
22:23:21.0906 4316 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
22:23:21.0921 4316 dmload - ok
22:23:21.0984 4316 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
22:23:21.0984 4316 DMusic - ok
22:23:22.0031 4316 dpti2o - ok
22:23:22.0140 4316 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
22:23:22.0140 4316 drmkaud - ok
22:23:22.0203 4316 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
22:23:22.0203 4316 E100B - ok
22:23:22.0328 4316 e1express (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
22:23:22.0328 4316 e1express - ok
22:23:22.0390 4316 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
22:23:22.0390 4316 Fastfat - ok
22:23:22.0453 4316 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
22:23:22.0453 4316 Fdc - ok
22:23:22.0562 4316 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
22:23:22.0562 4316 Fips - ok
22:23:22.0578 4316 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
22:23:22.0578 4316 Flpydisk - ok
22:23:22.0609 4316 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
22:23:22.0609 4316 FltMgr - ok
22:23:22.0687 4316 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
22:23:22.0687 4316 fssfltr - ok
22:23:22.0703 4316 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
22:23:22.0703 4316 Fs_Rec - ok
22:23:22.0734 4316 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
22:23:22.0734 4316 Ftdisk - ok
22:23:22.0781 4316 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
22:23:22.0781 4316 Gpc - ok
22:23:22.0812 4316 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
22:23:22.0812 4316 HDAudBus - ok
22:23:22.0843 4316 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
22:23:22.0843 4316 HidUsb - ok
22:23:22.0875 4316 hpn - ok
22:23:22.0953 4316 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
22:23:22.0953 4316 HSFHWAZL - ok
22:23:23.0062 4316 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
22:23:23.0109 4316 HSF_DPV - ok
22:23:23.0234 4316 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
22:23:23.0234 4316 HTTP - ok
22:23:23.0265 4316 i2omgmt - ok
22:23:23.0437 4316 i2omp - ok
22:23:23.0500 4316 i8042prt (2b9a86969617cc33aca98da27b9038de) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
22:23:23.0515 4316 i8042prt ( Rootkit.Win32.ZAccess.k ) - infected
22:23:23.0515 4316 i8042prt - detected Rootkit.Win32.ZAccess.k (0)
22:23:23.0531 4316 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
22:23:23.0531 4316 Imapi - ok
22:23:23.0593 4316 ini910u - ok
22:23:23.0640 4316 IntelIde - ok
22:23:23.0687 4316 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
22:23:23.0687 4316 intelppm - ok
22:23:23.0718 4316 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
22:23:23.0718 4316 Ip6Fw - ok
22:23:23.0750 4316 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
22:23:23.0750 4316 IpFilterDriver - ok
22:23:23.0828 4316 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
22:23:23.0828 4316 IpInIp - ok
22:23:23.0890 4316 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
22:23:23.0890 4316 IpNat - ok
22:23:24.0015 4316 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
22:23:24.0015 4316 IPSec - ok
22:23:24.0046 4316 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
22:23:24.0046 4316 IRENUM - ok
22:23:24.0078 4316 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
22:23:24.0078 4316 isapnp - ok
22:23:24.0140 4316 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
22:23:24.0140 4316 Kbdclass - ok
22:23:24.0171 4316 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
22:23:24.0171 4316 kmixer - ok
22:23:24.0218 4316 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
22:23:24.0218 4316 KSecDD - ok
22:23:24.0234 4316 lbrtfdc - ok
22:23:24.0328 4316 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
22:23:24.0343 4316 mdmxsdk - ok
22:23:24.0390 4316 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
22:23:24.0390 4316 MHNDRV - ok
22:23:24.0437 4316 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
22:23:24.0437 4316 mnmdd - ok
22:23:24.0453 4316 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
22:23:24.0453 4316 Modem - ok
22:23:24.0484 4316 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
22:23:24.0484 4316 Mouclass - ok
22:23:24.0562 4316 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
22:23:24.0562 4316 mouhid - ok
22:23:24.0640 4316 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
22:23:24.0640 4316 MountMgr - ok
22:23:24.0687 4316 mraid35x - ok
22:23:24.0796 4316 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
22:23:24.0796 4316 MREMP50 - ok
22:23:24.0812 4316 MREMPR5 - ok
22:23:24.0812 4316 MRENDIS5 - ok
22:23:24.0812 4316 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
22:23:24.0828 4316 MRESP50 - ok
22:23:24.0859 4316 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
22:23:24.0875 4316 MRxDAV - ok
22:23:24.0953 4316 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
22:23:24.0984 4316 MRxSmb - ok
22:23:25.0046 4316 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
22:23:25.0046 4316 Msfs - ok
22:23:25.0093 4316 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
22:23:25.0093 4316 MSKSSRV - ok
22:23:25.0156 4316 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
22:23:25.0156 4316 MSPCLOCK - ok
22:23:25.0187 4316 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
22:23:25.0203 4316 MSPQM - ok
22:23:25.0265 4316 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
22:23:25.0265 4316 mssmbios - ok
22:23:25.0296 4316 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
22:23:25.0296 4316 MSTEE - ok
22:23:25.0343 4316 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
22:23:25.0343 4316 Mup - ok
22:23:25.0500 4316 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
22:23:25.0500 4316 NABTSFEC - ok
22:23:25.0578 4316 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
22:23:25.0578 4316 NDIS - ok
22:23:25.0609 4316 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
22:23:25.0609 4316 NdisIP - ok
22:23:25.0687 4316 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
22:23:25.0687 4316 NdisTapi - ok
22:23:25.0734 4316 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
22:23:25.0734 4316 Ndisuio - ok
22:23:25.0765 4316 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
22:23:25.0765 4316 NdisWan - ok
22:23:25.0812 4316 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
22:23:25.0812 4316 NDProxy - ok
22:23:25.0843 4316 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
22:23:25.0843 4316 NetBIOS - ok
22:23:25.0859 4316 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
22:23:25.0875 4316 NetBT - ok
22:23:25.0937 4316 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
22:23:25.0937 4316 NIC1394 - ok
22:23:25.0984 4316 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
22:23:25.0984 4316 Npfs - ok
22:23:26.0031 4316 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
22:23:26.0062 4316 Ntfs - ok
22:23:26.0109 4316 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
22:23:26.0109 4316 Null - ok
22:23:26.0343 4316 nv (4f56e52f7ce6ac737adb1bb2a1854592) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
22:23:26.0500 4316 nv - ok
22:23:26.0625 4316 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
22:23:26.0625 4316 NwlnkFlt - ok
22:23:26.0687 4316 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
22:23:26.0687 4316 NwlnkFwd - ok
22:23:26.0765 4316 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
22:23:26.0765 4316 ohci1394 - ok
22:23:26.0859 4316 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
22:23:26.0859 4316 Parport - ok
22:23:27.0000 4316 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
22:23:27.0000 4316 PartMgr - ok
22:23:27.0062 4316 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
22:23:27.0062 4316 ParVdm - ok
22:23:27.0093 4316 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
22:23:27.0093 4316 PCI - ok
22:23:27.0109 4316 PCIDump - ok
22:23:27.0156 4316 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
22:23:27.0156 4316 PCIIde - ok
22:23:27.0171 4316 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
22:23:27.0187 4316 Pcmcia - ok
22:23:27.0187 4316 PDCOMP - ok
22:23:27.0203 4316 PDFRAME - ok
22:23:27.0218 4316 PDRELI - ok
22:23:27.0234 4316 PDRFRAME - ok
22:23:27.0250 4316 perc2 - ok
22:23:27.0265 4316 perc2hib - ok
22:23:27.0312 4316 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
22:23:27.0312 4316 PptpMiniport - ok
22:23:27.0375 4316 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
22:23:27.0375 4316 PSched - ok
22:23:27.0421 4316 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
22:23:27.0437 4316 Ptilink - ok
22:23:27.0500 4316 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
22:23:27.0500 4316 PxHelp20 - ok
22:23:27.0578 4316 ql1080 - ok
22:23:27.0593 4316 Ql10wnt - ok
22:23:27.0609 4316 ql12160 - ok
22:23:27.0609 4316 ql1240 - ok
22:23:27.0625 4316 ql1280 - ok
22:23:27.0765 4316 RapportCerberus_32301 (2fccc769cdba34c6ab6183aa4d2f7519) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys
22:23:27.0765 4316 RapportCerberus_32301 - ok
22:23:27.0875 4316 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
22:23:27.0875 4316 RapportEI - ok
22:23:27.0953 4316 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
22:23:27.0953 4316 RapportIaso - ok
22:23:28.0140 4316 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
22:23:28.0140 4316 RapportKELL - ok
22:23:28.0156 4316 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
22:23:28.0171 4316 RapportPG - ok
22:23:28.0234 4316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
22:23:28.0234 4316 RasAcd - ok
22:23:28.0296 4316 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
22:23:28.0312 4316 Rasl2tp - ok
22:23:28.0328 4316 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
22:23:28.0328 4316 RasPppoe - ok
22:23:28.0390 4316 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
22:23:28.0390 4316 Raspti - ok
22:23:28.0437 4316 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
22:23:28.0437 4316 Rdbss - ok
22:23:28.0484 4316 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
22:23:28.0484 4316 RDPCDD - ok
22:23:28.0500 4316 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
22:23:28.0515 4316 rdpdr - ok
22:23:28.0562 4316 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
22:23:28.0562 4316 RDPWD - ok
22:23:28.0640 4316 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
22:23:28.0640 4316 redbook - ok
22:23:28.0781 4316 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
22:23:28.0781 4316 s24trans - ok
22:23:28.0859 4316 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
22:23:28.0859 4316 SAVOnAccessControl - ok
22:23:28.0921 4316 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
22:23:28.0921 4316 SAVOnAccessFilter - ok
22:23:28.0984 4316 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
22:23:28.0984 4316 Secdrv - ok
22:23:29.0031 4316 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
22:23:29.0031 4316 Serial - ok
22:23:29.0203 4316 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
22:23:29.0203 4316 Sfloppy - ok
22:23:29.0234 4316 SI3132 (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys
22:23:29.0234 4316 SI3132 - ok
22:23:29.0281 4316 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
22:23:29.0281 4316 SiFilter - ok
22:23:29.0296 4316 Simbad - ok
22:23:29.0312 4316 SiRemFil (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
22:23:29.0312 4316 SiRemFil - ok
22:23:29.0343 4316 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
22:23:29.0343 4316 SLIP - ok
22:23:29.0390 4316 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
22:23:29.0390 4316 SNC - ok
22:23:29.0484 4316 SonyImgF (c483fc0add8b074286600b9620ef2c16) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
22:23:29.0484 4316 SonyImgF - ok
22:23:29.0531 4316 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
22:23:29.0531 4316 SophosBootDriver - ok
22:23:29.0531 4316 Sparrow - ok
22:23:29.0578 4316 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
22:23:29.0578 4316 splitter - ok
22:23:29.0640 4316 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
22:23:29.0640 4316 sr - ok
22:23:29.0718 4316 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
22:23:29.0718 4316 Srv - ok
22:23:29.0875 4316 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINDOWS\system32\drivers\sthda.sys
22:23:29.0921 4316 STHDA - ok
22:23:29.0968 4316 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
22:23:29.0968 4316 streamip - ok
22:23:30.0000 4316 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
22:23:30.0000 4316 swenum - ok
22:23:30.0046 4316 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
22:23:30.0046 4316 swmidi - ok
22:23:30.0093 4316 symc810 - ok
22:23:30.0125 4316 symc8xx - ok
22:23:30.0234 4316 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
22:23:30.0234 4316 symlcbrd - ok
22:23:30.0312 4316 sym_hi - ok
22:23:30.0312 4316 sym_u3 - ok
22:23:30.0390 4316 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
22:23:30.0406 4316 sysaudio - ok
22:23:30.0468 4316 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
22:23:30.0484 4316 Tcpip - ok
22:23:30.0500 4316 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
22:23:30.0515 4316 TDPIPE - ok
22:23:30.0578 4316 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
22:23:30.0578 4316 TDTCP - ok
22:23:30.0640 4316 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
22:23:30.0640 4316 TermDD - ok
22:23:30.0718 4316 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
22:23:30.0718 4316 ti21sony - ok
22:23:30.0781 4316 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
22:23:30.0781 4316 toshidpt - ok
22:23:30.0875 4316 TosIde - ok
22:23:31.0000 4316 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
22:23:31.0000 4316 tosporte - ok
22:23:31.0046 4316 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys
22:23:31.0062 4316 Tosrfbd - ok
22:23:31.0109 4316 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
22:23:31.0109 4316 Tosrfbnp - ok
22:23:31.0140 4316 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
22:23:31.0140 4316 Tosrfcom - ok
22:23:31.0234 4316 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
22:23:31.0234 4316 Tosrfhid - ok
22:23:31.0328 4316 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
22:23:31.0328 4316 tosrfnds - ok
22:23:31.0375 4316 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
22:23:31.0375 4316 TosRfSnd - ok
22:23:31.0453 4316 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys
22:23:31.0453 4316 Tosrfusb - ok
22:23:31.0531 4316 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
22:23:31.0531 4316 Udfs - ok
22:23:31.0546 4316 ultra - ok
22:23:31.0609 4316 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
22:23:31.0609 4316 Update - ok
22:23:31.0640 4316 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
22:23:31.0640 4316 usbehci - ok
22:23:31.0656 4316 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
22:23:31.0656 4316 usbhub - ok
22:23:31.0687 4316 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
22:23:31.0687 4316 USBSTOR - ok
22:23:31.0718 4316 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
22:23:31.0718 4316 usbuhci - ok
22:23:31.0765 4316 usbvm321 (c7f4158ea3915f4194aee233ff8d4728) C:\WINDOWS\system32\Drivers\usbvm321.sys
22:23:31.0781 4316 usbvm321 - ok
22:23:31.0875 4316 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
22:23:31.0890 4316 VgaSave - ok
22:23:31.0921 4316 ViaIde - ok
22:23:32.0031 4316 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
22:23:32.0031 4316 VolSnap - ok
22:23:32.0156 4316 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
22:23:32.0218 4316 w39n51 - ok
22:23:32.0265 4316 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
22:23:32.0265 4316 Wanarp - ok
22:23:32.0296 4316 WDICA - ok
22:23:32.0406 4316 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
22:23:32.0406 4316 wdmaud - ok
22:23:32.0562 4316 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
22:23:32.0593 4316 winachsf - ok
22:23:32.0750 4316 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
22:23:32.0750 4316 WS2IFSL - ok
22:23:32.0812 4316 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
22:23:32.0812 4316 WSTCODEC - ok
22:23:32.0875 4316 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
22:23:32.0875 4316 WudfPf - ok
22:23:32.0906 4316 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
22:23:32.0906 4316 WudfRd - ok
22:23:32.0953 4316 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:23:33.0140 4316 \Device\Harddisk0\DR0 - ok
22:23:33.0140 4316 Boot (0x1200) (5c7f798f781e31584e1c317758491c10) \Device\Harddisk0\DR0\Partition0
22:23:33.0140 4316 \Device\Harddisk0\DR0\Partition0 - ok
22:23:33.0171 4316 Boot (0x1200) (35b6cffd91943478fdd4ffaabdd5b4e2) \Device\Harddisk0\DR0\Partition1
22:23:33.0171 4316 \Device\Harddisk0\DR0\Partition1 - ok
22:23:33.0171 4316 ============================================================
22:23:33.0171 4316 Scan finished
22:23:33.0171 4316 ============================================================
22:23:33.0171 4284 Detected object count: 1
22:23:33.0171 4284 Actual detected object count: 1
22:23:49.0765 4284 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\WINDOWS\system32\drivers\i8042prt.sys) error 1813
22:23:52.0765 4284 Backup copy found, using it..
22:23:52.0859 4284 C:\WINDOWS\system32\DRIVERS\i8042prt.sys - will be cured on reboot
22:23:56.0187 4284 i8042prt ( Rootkit.Win32.ZAccess.k ) - User select action: Cure
22:24:09.0812 1268 Deinitialize success



aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-12-09 22:30:32
-----------------------------
22:30:32.921 OS Version: Windows 5.1.2600 Service Pack 3
22:30:32.921 Number of processors: 2 586 0xF06
22:30:32.921 ComputerName: COLLINS UserName: James
22:30:40.328 Initialize success
22:31:20.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
22:31:20.187 Disk 0 Vendor: FUJITSU_MHV2120BH_PL 00000029 Size: 114473MB BusType: 3
22:31:20.187 Disk 1 \Device\Harddisk1\DR4 -> \Device\0000008e
22:31:20.187 Disk 1 Vendor: ( Size: 114473MB BusType: 0
22:31:22.218 Disk 0 MBR read successfully
22:31:22.218 Disk 0 MBR scan
22:31:22.218 Disk 0 Windows XP default MBR code
22:31:22.218 Disk 0 scanning sectors +234436545
22:31:22.328 Disk 0 scanning C:\WINDOWS\system32\drivers
22:31:30.656 Service scanning
22:31:32.312 Modules scanning
22:31:41.468 Scan finished successfully
22:31:56.328 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\James\Desktop\MBR.dat"
22:31:56.359 The log file has been saved successfully to "C:\Documents and Settings\James\Desktop\aswMBR.txt"



Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8346

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/12/2011 22:49:03
mbam-log-2011-12-09 (22-49-03).txt

Scan type: Quick scan
Objects scanned: 215814
Time elapsed: 6 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



OTL logfile created on: 09/12/2011 22:51:16 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\James\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.11 Mb Total Physical Memory | 167.19 Mb Available Physical Memory | 16.36% Memory free
3.90 Gb Paging File | 3.12 Gb Available in Paging File | 79.93% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 8.91 Gb Free Space | 15.95% Space Free | Partition Type: NTFS
Drive D: | 47.98 Gb Total Space | 18.27 Gb Free Space | 38.08% Space Free | Partition Type: NTFS

Computer Name: COLLINS | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/09 22:30:15 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\James\Desktop\aswMBR.exe
PRC - [2011/12/04 13:31:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/05/25 12:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/10/08 06:15:18 | 001,541,360 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2010/10/08 06:15:13 | 000,163,056 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2010/09/30 03:08:31 | 000,439,536 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2010/09/30 03:08:30 | 000,230,640 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2010/06/04 02:23:16 | 000,097,520 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/20 03:37:09 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/11/07 06:30:08 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/04/13 04:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/04 05:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/11/28 04:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 04:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/08 18:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/07 08:56:08 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2008/03/24 20:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005/11/28 02:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 02:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 02:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/09/08 18:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
MOD - [2005/05/20 08:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/10/08 06:15:18 | 001,541,360 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2010/10/08 06:15:13 | 000,163,056 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2010/09/30 03:08:30 | 000,230,640 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2010/06/04 02:23:16 | 000,097,520 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2007/01/20 03:37:09 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/11/07 06:30:08 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/08/25 03:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/06/12 23:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 00:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 01:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 01:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/05/07 19:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 08:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 08:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 08:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 04:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/04/04 05:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 04:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 04:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 04:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/08 18:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/07/14 10:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/01/04 02:09:36 | 000,398,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -- (VCI)


========== Driver Services (SafeList) ==========

DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/07 08:56:08 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2010/11/08 13:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 13:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/10/08 06:14:59 | 000,153,344 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2010/10/08 06:14:59 | 000,024,064 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2009/08/05 14:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/05/22 23:38:25 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2006/09/01 07:45:07 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/05/25 14:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/06 01:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/21 01:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/08 08:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/02 14:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/31 09:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/12/29 01:42:00 | 000,234,496 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/12/14 08:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/12/04 15:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 03:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/24 04:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/11 06:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/17 23:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/17 23:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/17 23:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/20 16:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005/09/19 22:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2005/08/01 07:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 09:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 04:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/21 20:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/31 19:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2000/12/05 07:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 02:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....=PCAFSI1190&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=11.0: C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=11.0: C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/25 13:28:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/15 15:47:43 | 000,000,000 | ---D | M]

[2011/02/03 02:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2011/12/04 14:56:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\2ngdthb1.default\extensions
[2011/02/03 05:30:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\2ngdthb1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/04 14:56:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/07 20:52:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 20:52:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/23 20:38:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/15 15:47:35 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/07 11:04:08 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011/10/15 15:47:35 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/15 15:47:35 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/15 15:47:35 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2011/12/09 22:09:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKCU..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\James\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} http://as.photoprint...PSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55AFEFDB-F7E2-4390-888D-2F1CD3F55B08}: DhcpNameServer = 192.168.7.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/25 08:47:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/09/19 18:58:06 | 000,000,000 | ---D | M] - C:\Autostitch -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/09 22:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\logs
[2011/12/09 22:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\staples
[2011/12/09 22:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/09 22:39:17 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/09 22:38:21 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\James\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/09 22:30:15 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\James\Desktop\aswMBR.exe
[2011/12/09 22:22:49 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/09 20:45:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/09 20:40:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/09 20:40:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/09 20:40:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/09 20:40:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/09 20:40:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/09 20:40:16 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/12/09 20:40:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/09 20:38:45 | 004,334,372 | R--- | C] (Swearware) -- C:\Documents and Settings\James\Desktop\ComboFix.exe
[2011/12/07 19:56:16 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\James\Desktop\TDSSKiller.exe
[2011/12/04 13:31:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/12/03 08:59:30 | 000,000,000 | ---D | C] -- C:\camera back up from 3rd Dec
[2011/11/28 21:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/11/28 21:35:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/11/28 21:35:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/11/25 15:08:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\James\Recent
[2011/11/25 09:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\vlc
[2011/11/25 09:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/11/25 09:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/09 22:45:07 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-294901063-826198544-1246034819-1006UA.job
[2011/12/09 22:39:21 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/09 22:39:21 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/09 22:38:21 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\James\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/09 22:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/09 22:31:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\James\Desktop\MBR.dat
[2011/12/09 22:30:15 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\James\Desktop\aswMBR.exe
[2011/12/09 22:27:16 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/09 22:26:31 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/09 22:26:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/09 22:26:12 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/09 22:22:31 | 001,557,928 | ---- | M] () -- C:\Documents and Settings\James\Desktop\tdsskiller.zip
[2011/12/09 22:09:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/09 20:45:46 | 000,000,397 | RHS- | M] () -- C:\boot.ini
[2011/12/09 20:38:45 | 004,334,372 | R--- | M] (Swearware) -- C:\Documents and Settings\James\Desktop\ComboFix.exe
[2011/12/08 21:55:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/08 21:45:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-294901063-826198544-1246034819-1006Core.job
[2011/12/08 20:01:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/07 13:22:02 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\James\Desktop\TDSSKiller.exe
[2011/12/06 19:55:20 | 003,891,557 | ---- | M] () -- C:\Documents and Settings\James\Desktop\IMG_0093.MOV
[2011/12/04 19:30:06 | 000,000,594 | ---- | M] () -- C:\WINDOWS\tasks\New scan.job
[2011/12/04 13:31:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/12/03 13:27:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\8AS8c07.dat
[2011/12/03 13:26:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\k3IHi57.com
[2011/12/03 13:26:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\k3IHi57.com
[2011/12/03 12:29:28 | 000,010,606 | -HS- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/12/03 12:29:28 | 000,010,606 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/12/03 10:35:44 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/30 22:19:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/29 03:20:52 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/11/29 03:20:51 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/11/28 21:40:44 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Windows Media Player.lnk
[2011/11/28 21:38:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/11/28 21:35:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/11/28 08:05:17 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\_rgpl
[2011/11/25 09:20:24 | 004,393,569 | ---- | M] () -- C:\Documents and Settings\James\Desktop\IMG_0085.MOV
[2011/11/24 14:36:56 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Imperial College.lnk
[2011/11/19 12:45:42 | 002,620,690 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Baby Jools 051.psd
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/09 22:39:21 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/09 22:39:21 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/09 22:31:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\James\Desktop\MBR.dat
[2011/12/09 21:22:43 | 1071,828,992 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/09 20:45:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/09 20:40:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/09 20:40:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/09 20:40:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/09 20:40:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/09 20:40:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/06 19:55:18 | 003,891,557 | ---- | C] () -- C:\Documents and Settings\James\Desktop\IMG_0093.MOV
[2011/12/03 17:36:03 | 001,557,928 | ---- | C] () -- C:\Documents and Settings\James\Desktop\tdsskiller.zip
[2011/12/03 13:27:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8AS8c07.dat
[2011/12/03 13:26:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\k3IHi57.com
[2011/12/03 13:26:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\k3IHi57.com
[2011/12/03 12:25:18 | 000,010,606 | -HS- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/12/03 12:25:18 | 000,010,606 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/11/28 21:40:44 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Windows Media Player.lnk
[2011/11/28 21:35:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/11/28 21:34:20 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/28 08:05:17 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\_rgpl
[2011/11/25 09:20:24 | 004,393,569 | ---- | C] () -- C:\Documents and Settings\James\Desktop\IMG_0085.MOV
[2011/11/24 14:36:56 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Imperial College.lnk
[2011/11/19 12:45:41 | 002,620,690 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Baby Jools 051.psd
[2011/05/06 07:11:01 | 000,002,376 | ---- | C] () -- C:\WINDOWS\COLLINS0826.ini
[2011/05/02 19:14:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/12 04:45:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/02/03 02:31:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/24 07:31:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/08/28 10:37:54 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/23 01:28:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/11/12 07:13:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2006/10/31 09:01:33 | 000,000,952 | ---- | C] () -- C:\Documents and Settings\James\Application Data\wklnhst.dat
[2006/09/01 07:41:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/01 07:33:41 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/09/01 07:31:56 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/09/01 07:30:08 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/26 04:04:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/26 03:26:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/26 03:26:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/26 03:26:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/26 03:26:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/26 03:26:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/26 03:26:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/26 03:17:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2006/07/26 03:16:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/07/25 09:36:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/25 09:36:07 | 000,321,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/25 08:50:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/25 08:44:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/25 00:30:07 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/25 00:30:02 | 000,003,822 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/25 00:29:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/25 00:29:05 | 000,512,974 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/25 00:29:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/25 00:29:05 | 000,100,310 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/25 00:29:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/25 00:29:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/25 00:29:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/25 00:29:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/25 00:28:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/25 00:28:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/25 00:28:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/25 00:28:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/04 17:07:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 05:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2011/03/20 17:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2008/11/01 02:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CambridgeSoft
[2008/09/30 11:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2011/03/06 22:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ENotebook 11.0
[2007/03/25 10:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/12/18 15:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2010/12/04 05:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mestrelab Research S.L
[2011/05/06 22:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2006/11/07 06:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Pack
[2011/05/14 17:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/05/14 17:50:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
[2011/05/30 12:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/03/20 16:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/15 07:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/04/23 20:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\ChemAxon
[2006/11/12 07:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\DIMAGE
[2011/12/09 22:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Dropbox
[2011/07/29 15:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\EndNote
[2006/11/18 14:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\InterVideo
[2010/12/04 05:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mestrelab Research S.L
[2011/03/27 19:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Neverball
[2011/06/05 18:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Opera
[2006/11/07 06:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Prism Pack
[2006/10/22 07:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\sony
[2006/10/31 09:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Template
[2011/05/30 12:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Trusteer
[2011/12/04 19:30:06 | 000,000,594 | ---- | M] () -- C:\WINDOWS\Tasks\New scan.job

========== Purity Check ==========



< End of report >
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I'll talk to the combofix designer about the keyboard driver. I expect he can have CF check it and fix it if he knows about it.

You have a really can of worms here. Besides Zero Access, I see several other infections.

We are going to have to run Combofix at least one more time so try and get sophos under control. Uninstall it if you have to. Just keep the license info so you can get it again - I assume you paid for it?



Copy the text in the code box by highlighting and Ctrl + c.

Killall::

SecCenter::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\documents and settings\James\Local Settings\Application Data\k3IHi57.com
c:\windows\system32\k3IHi57.com
C:\Documents and Settings\All Users\Application Data\8AS8c07.dat
C:\Documents and Settings\James\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu

Firefox::
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

RenV::
c:\program files\Apoint\Apoint .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Common Files\Symantec Shared\ccApp .exe
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain .exe
c:\program files\Sony\ISB Utility\ISBMgr .exe
c:\program files\Sony\SonicStage\SsAAD .exe
c:\program files\Sony\VAIO Camera Utility\VCUServe .exe
c:\program files\Sony\VAIO Power Management\SPMgr .exe
c:\program files\Sony\VAIO Update 2\VAIOUpdt .exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher .exe
c:\program files\Symantec AntiVirus\VPTray .exe
c:\windows\ehome\ehtray .exe

Folder::
c:\windows\$NtUninstallKB58345$


Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them. (Look for the Extras log. I really need that one.)

Ron
  • 0

#5
jcollins

jcollins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron,

Things went much better this time - I uninstalled Sophos and had no issues with the keyboard - but I'm not sure about one detail. After I dragged the CFScript.txt file onto Combofix, I accepted a Combofix update, followed by a reboot. I don't therefore know whether the code in the text file was used by Combofix after it had updated and restarted the PC. Below are all the logs.

Thanks again,
James


ComboFix 11-12-10.01 - James 10/12/2011 20:25:31.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.620 [GMT -8:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\James\Desktop\CFScript.txt
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"c:\documents and settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu"
"c:\documents and settings\All Users\Application Data\8AS8c07.dat"
"c:\documents and settings\James\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu"
"c:\documents and settings\James\Local Settings\Application Data\k3IHi57.com"
"c:\windows\system32\k3IHi57.com"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\staples\Application Data\64dlls.exe
c:\documents and settings\staples\Application Data\intel64.exe
c:\documents and settings\staples\Application Data\Kernel32.exe
c:\documents and settings\staples\Application Data\localsys64.exe
c:\documents and settings\staples\Application Data\ntos.exe
c:\documents and settings\staples\Application Data\oembios.exe
c:\documents and settings\staples\Application Data\sdra64.exe
c:\documents and settings\staples\Application Data\sdra73.exe
c:\documents and settings\staples\Application Data\swin32.exe
c:\documents and settings\staples\Application Data\twex.exe
c:\documents and settings\staples\Application Data\twext.exe
c:\documents and settings\staples\Application Data\wsnpoema.exe
c:\windows\$NtUninstallKB58345$
.
.
((((((((((((((((((((((((( Files Created from 2011-11-11 to 2011-12-11 )))))))))))))))))))))))))))))))
.
.
2011-12-10 06:39 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-10 05:37 . 2011-12-10 05:37 -------- d-sh--w- c:\documents and settings\Guest\PrivacIE
2011-12-10 05:23 . 2011-12-10 05:23 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2011-12-03 23:07 . 2011-12-03 23:07 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-12-03 21:26 . 2011-12-03 21:26 0 ----a-w- c:\documents and settings\James\Local Settings\Application Data\k3IHi57.com
2011-12-03 21:26 . 2011-12-03 21:26 0 ----a-w- c:\windows\system32\k3IHi57.com
2011-12-03 16:59 . 2011-12-03 18:35 -------- d-----w- C:\camera back up from 3rd Dec
2011-11-29 05:40 . 2011-11-29 05:40 -------- d-----w- c:\program files\Windows Media Connect 2
2011-11-29 05:35 . 2011-11-29 05:37 -------- d-----w- c:\windows\system32\drivers\UMDF
2011-11-29 05:35 . 2011-11-29 05:35 -------- d-----w- c:\windows\system32\LogFiles
2011-11-25 17:34 . 2011-11-25 17:37 -------- d-----w- c:\documents and settings\James\Application Data\vlc
2011-11-25 17:32 . 2011-11-25 17:32 -------- d-----w- c:\program files\VideoLAN
2011-11-24 15:52 . 2011-11-24 15:52 -------- d-----w- c:\documents and settings\staples\Local Settings\Application Data\Trusteer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 06:25 . 2004-08-03 23:14 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-12-01 03:31 . 2011-06-21 02:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-08 05:28 . 2011-11-08 05:28 56208 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2011-10-10 14:22 . 2006-07-25 16:45 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2006-07-25 08:28 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2008-07-29 18:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2006-07-25 08:29 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2006-07-25 08:29 20480 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( [email protected]_06.09.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-11 04:36 . 2011-12-11 04:36 16384 c:\windows\Temp\Perflib_Perfdata_770.dat
+ 2011-12-11 04:36 . 2011-12-11 04:36 16384 c:\windows\Temp\Perflib_Perfdata_2e8.dat
+ 2011-12-11 04:24 . 2011-12-11 04:24 16384 c:\windows\Temp\Perflib_Perfdata_11c.dat
+ 2006-07-25 16:42 . 2005-08-05 12:56 64512 c:\windows\system32\dllcache\ehtray.exe
+ 2006-07-25 16:42 . 2005-08-05 12:56 64512 c:\windows\ehome\ehtray.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-23 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-08 7561216]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\James\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\James\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 13:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
c:\program files\QuickTime\qttask .exe -atboottime [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-08-04 04:03 136176 ----atw- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ChemDraw\\ChemDraw.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\Chem3D\\Chem3D.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2008\\ENotebook\\ENClientRemote.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\James\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\James\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [07/11/2011 21:28 56208]
R1 RapportCerberus_32301;RapportCerberus_32301;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys [07/11/2011 21:30 227312]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [07/11/2011 21:28 71440]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [07/11/2011 21:28 164112]
R2 MSSQL$CSSQL05;SQL Server (CSSQL05);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [10/12/2010 17:29 29293408]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [07/11/2011 21:28 931640]
R3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys [07/08/2011 08:56 21520]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [25/07/2006 00:30 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [25/07/2006 00:30 226304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/02/2010 04:49 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/02/2010 04:49 135664]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB --> c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 12:48]
.
2011-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-26 12:48]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-294901063-826198544-1246034819-1006Core.job
- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 04:03]
.
2011-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-294901063-826198544-1246034819-1006UA.job
- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 04:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add RSS Support Site to VAIO Information FLOW - c:\program files\Sony\VAIO Information FLOW\aiesc.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: $talisma_url$
Trusted Zone: sony-europe.com
Trusted Zone: sonystyle-europe.com
Trusted Zone: vaio-link.com
TCP: DhcpNameServer = 192.168.7.254
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\2ngdthb1.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo.co.uk
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=panda&type=PCAFSI1190&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-38524762.sys
MSConfigStartUp-Mouse Suite 98 Daemon - ICO.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-10 20:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(2164)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-12-10 20:44:09 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-11 04:44
ComboFix2.txt 2011-12-10 06:14
.
Pre-Run: 9,900,130,304 bytes free
Post-Run: 9,896,681,472 bytes free
.
- - End Of File - - 693C1F99E4623CB78FB6F6B93C2FF475




20:45:33.0109 2732 TDSS rootkit removing tool 2.6.22.0 Dec 7 2011 13:21:06
20:45:33.0593 2732 ============================================================
20:45:33.0593 2732 Current date / time: 2011/12/10 20:45:33.0593
20:45:33.0593 2732 SystemInfo:
20:45:33.0593 2732
20:45:33.0593 2732 OS Version: 5.1.2600 ServicePack: 3.0
20:45:33.0593 2732 Product type: Workstation
20:45:33.0593 2732 ComputerName: COLLINS
20:45:33.0593 2732 UserName: James
20:45:33.0593 2732 Windows directory: C:\WINDOWS
20:45:33.0593 2732 System windows directory: C:\WINDOWS
20:45:33.0593 2732 Processor architecture: Intel x86
20:45:33.0593 2732 Number of processors: 2
20:45:33.0593 2732 Page size: 0x1000
20:45:33.0593 2732 Boot type: Normal boot
20:45:33.0593 2732 ============================================================
20:45:34.0781 2732 Initialize success
20:45:49.0750 2832 ============================================================
20:45:49.0750 2832 Scan started
20:45:49.0750 2832 Mode: Manual; SigCheck; TDLFS;
20:45:49.0750 2832 ============================================================
20:45:50.0265 2832 Abiosdsk - ok
20:45:50.0296 2832 abp480n5 - ok
20:45:50.0375 2832 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:45:53.0234 2832 ACPI - ok
20:45:53.0375 2832 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
20:45:53.0562 2832 ACPIEC - ok
20:45:53.0609 2832 adpu160m - ok
20:45:53.0687 2832 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:45:53.0828 2832 aec - ok
20:45:53.0984 2832 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
20:45:54.0000 2832 AegisP ( UnsignedFile.Multi.Generic ) - warning
20:45:54.0000 2832 AegisP - detected UnsignedFile.Multi.Generic (1)
20:45:54.0078 2832 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:45:54.0125 2832 AFD - ok
20:45:54.0140 2832 Aha154x - ok
20:45:54.0171 2832 aic78u2 - ok
20:45:54.0203 2832 aic78xx - ok
20:45:54.0265 2832 AliIde - ok
20:45:54.0312 2832 amsint - ok
20:45:54.0359 2832 ApfiltrService (b21fcbc58cb13bac70f74b5ac5da7409) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
20:45:54.0421 2832 ApfiltrService - ok
20:45:54.0515 2832 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
20:45:54.0640 2832 Arp1394 - ok
20:45:54.0671 2832 asc - ok
20:45:54.0703 2832 asc3350p - ok
20:45:54.0734 2832 asc3550 - ok
20:45:54.0812 2832 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:45:54.0937 2832 AsyncMac - ok
20:45:55.0015 2832 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:45:55.0140 2832 atapi - ok
20:45:55.0156 2832 Atdisk - ok
20:45:55.0187 2832 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:45:55.0312 2832 Atmarpc - ok
20:45:55.0343 2832 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:45:55.0468 2832 audstub - ok
20:45:55.0531 2832 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:45:55.0656 2832 Beep - ok
20:45:55.0656 2832 catchme - ok
20:45:55.0718 2832 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:45:55.0859 2832 cbidf2k - ok
20:45:55.0968 2832 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:45:56.0093 2832 CCDECODE - ok
20:45:56.0171 2832 cd20xrnt - ok
20:45:56.0218 2832 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:45:56.0343 2832 Cdaudio - ok
20:45:56.0406 2832 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:45:56.0562 2832 Cdfs - ok
20:45:56.0640 2832 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:45:56.0937 2832 Cdrom - ok
20:45:56.0953 2832 Changer - ok
20:45:56.0968 2832 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
20:45:57.0109 2832 CmBatt - ok
20:45:57.0156 2832 CmdIde - ok
20:45:57.0171 2832 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
20:45:57.0296 2832 Compbatt - ok
20:45:57.0312 2832 Cpqarray - ok
20:45:57.0328 2832 dac2w2k - ok
20:45:57.0343 2832 dac960nt - ok
20:45:57.0359 2832 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:45:57.0468 2832 Disk - ok
20:45:57.0531 2832 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:45:57.0750 2832 dmboot - ok
20:45:57.0812 2832 DMICall (526192bf7696f72e29777bf4a180513a) C:\WINDOWS\system32\DRIVERS\DMICall.sys
20:45:57.0937 2832 DMICall - ok
20:45:58.0015 2832 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:45:58.0140 2832 dmio - ok
20:45:58.0203 2832 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:45:58.0343 2832 dmload - ok
20:45:58.0437 2832 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:45:58.0562 2832 DMusic - ok
20:45:58.0578 2832 dpti2o - ok
20:45:58.0625 2832 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:45:58.0750 2832 drmkaud - ok
20:45:58.0796 2832 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys
20:45:58.0859 2832 E100B - ok
20:45:58.0953 2832 e1express (389cf2cded384be477c3b3f15747d495) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
20:45:58.0968 2832 e1express - ok
20:45:59.0015 2832 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:45:59.0156 2832 Fastfat - ok
20:45:59.0218 2832 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:45:59.0343 2832 Fdc - ok
20:45:59.0406 2832 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:45:59.0578 2832 Fips - ok
20:45:59.0625 2832 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:45:59.0750 2832 Flpydisk - ok
20:45:59.0828 2832 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:45:59.0953 2832 FltMgr - ok
20:46:00.0062 2832 fssfltr (c6ee3a87fe609d3e1db9dbd072a248de) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
20:46:00.0078 2832 fssfltr - ok
20:46:00.0171 2832 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:46:00.0296 2832 Fs_Rec - ok
20:46:00.0359 2832 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:46:00.0468 2832 Ftdisk - ok
20:46:00.0593 2832 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:46:00.0734 2832 Gpc - ok
20:46:00.0812 2832 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:46:00.0968 2832 HDAudBus - ok
20:46:01.0000 2832 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:46:01.0140 2832 HidUsb - ok
20:46:01.0218 2832 hpn - ok
20:46:01.0265 2832 HSFHWAZL (acc46dda7fece95a253ae88cea172e12) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
20:46:01.0328 2832 HSFHWAZL - ok
20:46:01.0421 2832 HSF_DPV (c9f4e7da78a02623abf78a4a34ce79b1) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
20:46:01.0515 2832 HSF_DPV - ok
20:46:01.0625 2832 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:46:01.0718 2832 HTTP - ok
20:46:01.0781 2832 i2omgmt - ok
20:46:01.0796 2832 i2omp - ok
20:46:01.0843 2832 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:46:02.0031 2832 i8042prt - ok
20:46:02.0078 2832 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:46:02.0218 2832 Imapi - ok
20:46:02.0234 2832 ini910u - ok
20:46:02.0250 2832 IntelIde - ok
20:46:02.0281 2832 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:46:02.0421 2832 intelppm - ok
20:46:02.0453 2832 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:46:03.0000 2832 Ip6Fw - ok
20:46:03.0031 2832 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:46:03.0187 2832 IpFilterDriver - ok
20:46:03.0281 2832 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:46:03.0406 2832 IpInIp - ok
20:46:03.0453 2832 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:46:03.0593 2832 IpNat - ok
20:46:03.0718 2832 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:46:03.0843 2832 IPSec - ok
20:46:03.0890 2832 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:46:04.0031 2832 IRENUM - ok
20:46:04.0125 2832 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:46:04.0250 2832 isapnp - ok
20:46:04.0296 2832 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:46:04.0421 2832 Kbdclass - ok
20:46:04.0500 2832 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:46:04.0625 2832 kmixer - ok
20:46:04.0671 2832 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:46:04.0718 2832 KSecDD - ok
20:46:04.0734 2832 lbrtfdc - ok
20:46:04.0796 2832 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
20:46:04.0859 2832 mdmxsdk - ok
20:46:04.0953 2832 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
20:46:04.0968 2832 MHNDRV ( UnsignedFile.Multi.Generic ) - warning
20:46:04.0968 2832 MHNDRV - detected UnsignedFile.Multi.Generic (1)
20:46:05.0046 2832 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:46:05.0171 2832 mnmdd - ok
20:46:05.0265 2832 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:46:05.0406 2832 Modem - ok
20:46:05.0500 2832 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:46:05.0625 2832 Mouclass - ok
20:46:05.0703 2832 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:46:05.0828 2832 mouhid - ok
20:46:05.0906 2832 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:46:06.0015 2832 MountMgr - ok
20:46:06.0031 2832 mraid35x - ok
20:46:06.0140 2832 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
20:46:06.0171 2832 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
20:46:06.0171 2832 MREMP50 - detected UnsignedFile.Multi.Generic (1)
20:46:06.0171 2832 MREMPR5 - ok
20:46:06.0171 2832 MRENDIS5 - ok
20:46:06.0187 2832 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
20:46:06.0187 2832 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
20:46:06.0187 2832 MRESP50 - detected UnsignedFile.Multi.Generic (1)
20:46:06.0265 2832 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:46:06.0406 2832 MRxDAV - ok
20:46:06.0500 2832 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:46:06.0578 2832 MRxSmb - ok
20:46:06.0671 2832 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:46:06.0796 2832 Msfs - ok
20:46:06.0875 2832 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:46:06.0984 2832 MSKSSRV - ok
20:46:07.0031 2832 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:46:07.0171 2832 MSPCLOCK - ok
20:46:07.0203 2832 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:46:07.0328 2832 MSPQM - ok
20:46:07.0390 2832 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:46:07.0500 2832 mssmbios - ok
20:46:07.0546 2832 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:46:07.0671 2832 MSTEE - ok
20:46:07.0734 2832 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:46:07.0750 2832 Mup - ok
20:46:07.0828 2832 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:46:07.0953 2832 NABTSFEC - ok
20:46:08.0062 2832 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:46:08.0687 2832 NDIS - ok
20:46:08.0750 2832 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:46:08.0875 2832 NdisIP - ok
20:46:08.0937 2832 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:46:08.0953 2832 NdisTapi - ok
20:46:08.0984 2832 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:46:09.0109 2832 Ndisuio - ok
20:46:09.0140 2832 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:46:09.0265 2832 NdisWan - ok
20:46:09.0328 2832 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:46:09.0359 2832 NDProxy - ok
20:46:09.0437 2832 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:46:09.0562 2832 NetBIOS - ok
20:46:09.0640 2832 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:46:09.0781 2832 NetBT - ok
20:46:09.0828 2832 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
20:46:09.0968 2832 NIC1394 - ok
20:46:10.0000 2832 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:46:10.0125 2832 Npfs - ok
20:46:10.0171 2832 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:46:10.0359 2832 Ntfs - ok
20:46:10.0453 2832 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:46:10.0578 2832 Null - ok
20:46:10.0796 2832 nv (4f56e52f7ce6ac737adb1bb2a1854592) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:46:11.0109 2832 nv - ok
20:46:11.0203 2832 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:46:11.0328 2832 NwlnkFlt - ok
20:46:11.0343 2832 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:46:11.0484 2832 NwlnkFwd - ok
20:46:11.0546 2832 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
20:46:11.0671 2832 ohci1394 - ok
20:46:11.0750 2832 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:46:11.0890 2832 Parport - ok
20:46:11.0921 2832 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:46:12.0046 2832 PartMgr - ok
20:46:12.0078 2832 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:46:12.0218 2832 ParVdm - ok
20:46:12.0234 2832 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:46:12.0359 2832 PCI - ok
20:46:12.0390 2832 PCIDump - ok
20:46:12.0468 2832 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:46:12.0609 2832 PCIIde - ok
20:46:12.0625 2832 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
20:46:12.0734 2832 Pcmcia - ok
20:46:12.0750 2832 PDCOMP - ok
20:46:12.0765 2832 PDFRAME - ok
20:46:12.0781 2832 PDRELI - ok
20:46:12.0796 2832 PDRFRAME - ok
20:46:12.0812 2832 perc2 - ok
20:46:12.0812 2832 perc2hib - ok
20:46:12.0859 2832 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:46:12.0984 2832 PptpMiniport - ok
20:46:13.0031 2832 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:46:13.0156 2832 PSched - ok
20:46:13.0203 2832 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:46:13.0328 2832 Ptilink - ok
20:46:13.0437 2832 PxHelp20 (0c8da0a8b0d227319c285e0eae65defd) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:46:13.0468 2832 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
20:46:13.0468 2832 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
20:46:13.0500 2832 ql1080 - ok
20:46:13.0515 2832 Ql10wnt - ok
20:46:13.0546 2832 ql12160 - ok
20:46:13.0578 2832 ql1240 - ok
20:46:13.0625 2832 ql1280 - ok
20:46:13.0765 2832 RapportCerberus_32301 (2fccc769cdba34c6ab6183aa4d2f7519) C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys
20:46:14.0859 2832 RapportCerberus_32301 - ok
20:46:14.0968 2832 RapportEI (5074fe56c70b31909c6b3129280c4cf2) C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
20:46:14.0984 2832 RapportEI - ok
20:46:15.0046 2832 RapportIaso (dd3e4610de9252a957c5bd19bdf47ac4) c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
20:46:15.0062 2832 RapportIaso - ok
20:46:15.0171 2832 RapportKELL (d6c7c196ad59375e9dde68d70db6e7a1) C:\WINDOWS\system32\Drivers\RapportKELL.sys
20:46:15.0171 2832 RapportKELL - ok
20:46:15.0234 2832 RapportPG (1205f9ccc78d152a5cc509f5ee32800d) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
20:46:15.0250 2832 RapportPG - ok
20:46:15.0328 2832 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:46:15.0453 2832 RasAcd - ok
20:46:15.0515 2832 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:46:15.0625 2832 Rasl2tp - ok
20:46:15.0656 2832 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:46:15.0765 2832 RasPppoe - ok
20:46:15.0828 2832 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:46:15.0953 2832 Raspti - ok
20:46:15.0984 2832 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:46:16.0109 2832 Rdbss - ok
20:46:16.0234 2832 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:46:16.0375 2832 RDPCDD - ok
20:46:16.0390 2832 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:46:16.0531 2832 rdpdr - ok
20:46:16.0640 2832 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:46:16.0687 2832 RDPWD - ok
20:46:16.0734 2832 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:46:16.0875 2832 redbook - ok
20:46:16.0937 2832 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
20:46:16.0968 2832 s24trans ( UnsignedFile.Multi.Generic ) - warning
20:46:16.0968 2832 s24trans - detected UnsignedFile.Multi.Generic (1)
20:46:17.0078 2832 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:46:17.0218 2832 Secdrv - ok
20:46:17.0250 2832 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:46:17.0375 2832 Serial - ok
20:46:17.0562 2832 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:46:17.0687 2832 Sfloppy - ok
20:46:17.0765 2832 SI3132 (716a724a447c559f122ea140d636fa48) C:\WINDOWS\system32\DRIVERS\SI3132.sys
20:46:17.0812 2832 SI3132 - ok
20:46:17.0937 2832 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
20:46:17.0953 2832 SiFilter - ok
20:46:17.0984 2832 Simbad - ok
20:46:18.0062 2832 SiRemFil (62fd549acf2943f89612a8777295fa57) C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
20:46:18.0078 2832 SiRemFil - ok
20:46:18.0125 2832 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:46:18.0265 2832 SLIP - ok
20:46:18.0312 2832 SNC (be6038e0a7d2e2fe69107e41a0265831) C:\WINDOWS\system32\Drivers\SonyNC.sys
20:46:18.0343 2832 SNC - ok
20:46:18.0390 2832 SonyImgF (c483fc0add8b074286600b9620ef2c16) C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
20:46:18.0406 2832 SonyImgF ( UnsignedFile.Multi.Generic ) - warning
20:46:18.0406 2832 SonyImgF - detected UnsignedFile.Multi.Generic (1)
20:46:18.0421 2832 Sparrow - ok
20:46:18.0468 2832 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:46:18.0593 2832 splitter - ok
20:46:18.0703 2832 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:46:18.0828 2832 sr - ok
20:46:18.0906 2832 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:46:18.0984 2832 Srv - ok
20:46:19.0125 2832 STHDA (784b73bd9d1c0fba6ca96e8976f4b0e6) C:\WINDOWS\system32\drivers\sthda.sys
20:46:19.0281 2832 STHDA - ok
20:46:19.0375 2832 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:46:19.0500 2832 streamip - ok
20:46:19.0578 2832 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:46:19.0703 2832 swenum - ok
20:46:19.0750 2832 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:46:19.0890 2832 swmidi - ok
20:46:19.0953 2832 symc810 - ok
20:46:19.0984 2832 symc8xx - ok
20:46:20.0062 2832 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys
20:46:20.0062 2832 symlcbrd - ok
20:46:20.0078 2832 sym_hi - ok
20:46:20.0093 2832 sym_u3 - ok
20:46:20.0125 2832 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:46:20.0250 2832 sysaudio - ok
20:46:20.0343 2832 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:46:20.0421 2832 Tcpip - ok
20:46:20.0546 2832 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:46:20.0671 2832 TDPIPE - ok
20:46:20.0750 2832 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:46:20.0890 2832 TDTCP - ok
20:46:20.0937 2832 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:46:21.0046 2832 TermDD - ok
20:46:21.0125 2832 ti21sony (26587ce8e6c6f16b8b4e7e2c16fa00bf) C:\WINDOWS\system32\drivers\ti21sony.sys
20:46:21.0171 2832 ti21sony - ok
20:46:21.0265 2832 toshidpt (e362d54fd394999c4178936396664e57) C:\WINDOWS\system32\drivers\Toshidpt.sys
20:46:21.0281 2832 toshidpt ( UnsignedFile.Multi.Generic ) - warning
20:46:21.0281 2832 toshidpt - detected UnsignedFile.Multi.Generic (1)
20:46:21.0390 2832 TosIde - ok
20:46:21.0437 2832 tosporte (d626e0af9232d8799d3a449530f3c220) C:\WINDOWS\system32\DRIVERS\tosporte.sys
20:46:21.0453 2832 tosporte ( UnsignedFile.Multi.Generic ) - warning
20:46:21.0453 2832 tosporte - detected UnsignedFile.Multi.Generic (1)
20:46:21.0500 2832 Tosrfbd (0ec5206059d97a8dc785be73fb457ec7) C:\WINDOWS\system32\Drivers\tosrfbd.sys
20:46:21.0531 2832 Tosrfbd ( UnsignedFile.Multi.Generic ) - warning
20:46:21.0531 2832 Tosrfbd - detected UnsignedFile.Multi.Generic (1)
20:46:21.0578 2832 Tosrfbnp (33498b8f0b2ca549c2b7ffc1b3c0f1bc) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
20:46:21.0593 2832 Tosrfbnp ( UnsignedFile.Multi.Generic ) - warning
20:46:21.0593 2832 Tosrfbnp - detected UnsignedFile.Multi.Generic (1)
20:46:21.0656 2832 Tosrfcom (5ba1ca3b3cddb1ddc67df473f05d1ec2) C:\WINDOWS\system32\Drivers\tosrfcom.sys
20:46:21.0671 2832 Tosrfcom ( UnsignedFile.Multi.Generic ) - warning
20:46:21.0671 2832 Tosrfcom - detected UnsignedFile.Multi.Generic (1)
20:46:21.0796 2832 Tosrfhid (5dbf390aab62dd0d4d43a9278614e001) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
20:46:21.0796 2832 Tosrfhid ( UnsignedFile.Multi.Generic ) - warning
20:46:21.0796 2832 Tosrfhid - detected UnsignedFile.Multi.Generic (1)
20:46:21.0953 2832 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
20:46:21.0968 2832 tosrfnds ( UnsignedFile.Multi.Generic ) - warning
20:46:21.0968 2832 tosrfnds - detected UnsignedFile.Multi.Generic (1)
20:46:21.0984 2832 TosRfSnd (0d86d15caff2b3203c785d604ec7c942) C:\WINDOWS\system32\drivers\TosRfSnd.sys
20:46:22.0000 2832 TosRfSnd ( UnsignedFile.Multi.Generic ) - warning
20:46:22.0000 2832 TosRfSnd - detected UnsignedFile.Multi.Generic (1)
20:46:22.0015 2832 Tosrfusb (c582b7716f0be7e65505365f4f941587) C:\WINDOWS\system32\Drivers\tosrfusb.sys
20:46:22.0031 2832 Tosrfusb ( UnsignedFile.Multi.Generic ) - warning
20:46:22.0031 2832 Tosrfusb - detected UnsignedFile.Multi.Generic (1)
20:46:22.0093 2832 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:46:22.0218 2832 Udfs - ok
20:46:22.0234 2832 ultra - ok
20:46:22.0296 2832 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:46:22.0421 2832 Update - ok
20:46:22.0515 2832 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:46:22.0625 2832 usbehci - ok
20:46:22.0640 2832 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:46:22.0765 2832 usbhub - ok
20:46:22.0796 2832 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:46:22.0906 2832 USBSTOR - ok
20:46:23.0000 2832 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:46:23.0125 2832 usbuhci - ok
20:46:23.0171 2832 usbvm321 (c7f4158ea3915f4194aee233ff8d4728) C:\WINDOWS\system32\Drivers\usbvm321.sys
20:46:23.0203 2832 usbvm321 - ok
20:46:23.0281 2832 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:46:23.0406 2832 VgaSave - ok
20:46:23.0421 2832 ViaIde - ok
20:46:23.0468 2832 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:46:23.0593 2832 VolSnap - ok
20:46:23.0750 2832 w39n51 (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
20:46:23.0906 2832 w39n51 - ok
20:46:24.0015 2832 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:46:24.0140 2832 Wanarp - ok
20:46:24.0156 2832 WDICA - ok
20:46:24.0171 2832 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:46:24.0296 2832 wdmaud - ok
20:46:24.0375 2832 winachsf (c1d5cbd8aa0d674da1ba1bb189696396) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
20:46:24.0453 2832 winachsf - ok
20:46:24.0578 2832 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:46:24.0703 2832 WS2IFSL - ok
20:46:24.0796 2832 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:46:24.0921 2832 WSTCODEC - ok
20:46:25.0031 2832 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:46:25.0093 2832 WudfPf - ok
20:46:25.0125 2832 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:46:25.0171 2832 WudfRd - ok
20:46:25.0203 2832 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:46:25.0453 2832 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:46:25.0453 2832 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:46:25.0531 2832 Boot (0x1200) (5c7f798f781e31584e1c317758491c10) \Device\Harddisk0\DR0\Partition0
20:46:25.0531 2832 \Device\Harddisk0\DR0\Partition0 - ok
20:46:25.0718 2832 Boot (0x1200) (35b6cffd91943478fdd4ffaabdd5b4e2) \Device\Harddisk0\DR0\Partition1
20:46:25.0718 2832 \Device\Harddisk0\DR0\Partition1 - ok
20:46:25.0718 2832 ============================================================
20:46:25.0718 2832 Scan finished
20:46:25.0718 2832 ============================================================
20:46:25.0828 1104 Detected object count: 17
20:46:25.0828 1104 Actual detected object count: 17
20:47:48.0250 1104 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0250 1104 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0250 1104 MHNDRV ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0250 1104 MHNDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0250 1104 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0250 1104 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0250 1104 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0250 1104 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0250 1104 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0250 1104 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0250 1104 s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0250 1104 s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0250 1104 SonyImgF ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0250 1104 SonyImgF ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0250 1104 toshidpt ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0250 1104 toshidpt ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0250 1104 tosporte ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0250 1104 tosporte ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0265 1104 Tosrfbd ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0265 1104 Tosrfbd ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0265 1104 Tosrfbnp ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0265 1104 Tosrfbnp ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0265 1104 Tosrfcom ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0265 1104 Tosrfcom ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0265 1104 Tosrfhid ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0265 1104 Tosrfhid ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0265 1104 tosrfnds ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0265 1104 tosrfnds ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0265 1104 TosRfSnd ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0265 1104 TosRfSnd ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0265 1104 Tosrfusb ( UnsignedFile.Multi.Generic ) - skipped by user
20:47:48.0265 1104 Tosrfusb ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:47:48.0265 1104 \Device\Harddisk0\DR0\TDLFS - deleted
20:47:48.0265 1104 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete





OTL logfile created on: 10/12/2011 20:48:50 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\James\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.11 Mb Total Physical Memory | 535.88 Mb Available Physical Memory | 52.43% Memory free
3.90 Gb Paging File | 3.52 Gb Available in Paging File | 90.31% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.25 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive D: | 47.98 Gb Total Space | 18.27 Gb Free Space | 38.08% Space Free | Partition Type: NTFS

Computer Name: COLLINS | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/07 13:22:02 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\James\Desktop\TDSSKiller.exe
PRC - [2011/12/04 13:31:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/05/25 12:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/20 03:37:09 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/11/07 06:30:08 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/04/13 04:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/04 05:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/11/28 04:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 04:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/08 18:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/07 08:56:08 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2008/03/24 20:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005/11/28 02:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 02:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 02:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/09/08 18:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
MOD - [2005/05/20 08:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2007/01/20 03:37:09 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/11/07 06:30:08 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/08/25 03:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/06/12 23:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 00:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 01:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 01:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/05/07 19:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 08:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 08:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 08:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 04:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/04/04 05:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 04:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 04:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 04:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/08 18:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/07/14 10:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/01/04 02:09:36 | 000,398,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -- (VCI)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/08/07 08:56:08 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2010/11/08 13:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 13:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/05 14:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/09/01 07:45:07 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/05/25 14:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/06 01:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/21 01:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/08 08:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/02 14:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/31 09:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/12/29 01:42:00 | 000,234,496 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/12/14 08:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/12/04 15:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 03:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/24 04:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/11 06:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/17 23:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/17 23:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/17 23:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/20 16:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005/09/19 22:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2005/08/01 07:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 09:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 04:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/21 20:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/31 19:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2000/12/05 07:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 02:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....=PCAFSI1190&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=11.0: C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=11.0: C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/25 13:28:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/15 15:47:43 | 000,000,000 | ---D | M]

[2011/02/03 02:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2011/12/04 14:56:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\2ngdthb1.default\extensions
[2011/02/03 05:30:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\2ngdthb1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/04 14:56:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/07 20:52:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 20:52:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/23 20:38:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/15 15:47:35 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/07 11:04:08 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011/10/15 15:47:35 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/15 15:47:35 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/15 15:47:35 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...1I7SNYK_enGB322
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Chem3D Plugin (Enabled) = C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll
CHR - plugin: ChemDraw (Enabled) = C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/10 20:36:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\James\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_24.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} http://as.photoprint...PSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55AFEFDB-F7E2-4390-888D-2F1CD3F55B08}: DhcpNameServer = 192.168.7.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/25 08:47:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/09/19 18:58:06 | 000,000,000 | ---D | M] - C:\Autostitch -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 20:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\logs 10th Dec
[2011/12/09 23:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Start Menu\Programs\Google Chrome
[2011/12/09 22:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\logs
[2011/12/09 22:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\staples
[2011/12/09 22:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/09 22:39:17 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/09 22:38:21 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\James\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/09 22:30:15 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\James\Desktop\aswMBR.exe
[2011/12/09 20:45:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/09 20:40:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/09 20:40:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/09 20:40:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/09 20:40:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/09 20:40:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/09 20:40:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/09 20:38:45 | 004,334,705 | R--- | C] (Swearware) -- C:\Documents and Settings\James\Desktop\ComboFix.exe
[2011/12/07 19:56:16 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\James\Desktop\TDSSKiller.exe
[2011/12/04 13:31:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/12/03 08:59:30 | 000,000,000 | ---D | C] -- C:\camera back up from 3rd Dec
[2011/11/28 21:41:16 | 000,016,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/11/28 21:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/11/28 21:35:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/11/28 21:35:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/11/25 15:08:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\James\Recent
[2011/11/25 09:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\vlc
[2011/11/25 09:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/11/25 09:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/10 20:45:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-294901063-826198544-1246034819-1006UA.job
[2011/12/10 20:36:47 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/10 20:36:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/10 20:36:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/10 20:35:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/10 20:35:54 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/10 20:18:46 | 004,334,705 | R--- | M] (Swearware) -- C:\Documents and Settings\James\Desktop\ComboFix.exe
[2011/12/09 23:32:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/09 23:26:57 | 000,002,288 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Google Chrome.lnk
[2011/12/09 23:26:57 | 000,002,266 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/09 22:39:21 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/09 22:39:21 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/09 22:38:21 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\James\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/09 22:31:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\James\Desktop\MBR.dat
[2011/12/09 22:30:15 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\James\Desktop\aswMBR.exe
[2011/12/09 22:22:31 | 001,557,928 | ---- | M] () -- C:\Documents and Settings\James\Desktop\tdsskiller.zip
[2011/12/09 20:45:46 | 000,000,397 | RHS- | M] () -- C:\boot.ini
[2011/12/08 21:55:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/08 21:45:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-294901063-826198544-1246034819-1006Core.job
[2011/12/08 20:01:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/07 13:22:02 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\James\Desktop\TDSSKiller.exe
[2011/12/06 19:55:20 | 003,891,557 | ---- | M] () -- C:\Documents and Settings\James\Desktop\IMG_0093.MOV
[2011/12/04 13:31:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/12/03 13:27:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\8AS8c07.dat
[2011/12/03 13:26:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\k3IHi57.com
[2011/12/03 13:26:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\k3IHi57.com
[2011/12/03 12:29:28 | 000,010,606 | -HS- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/12/03 12:29:28 | 000,010,606 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/12/03 10:35:44 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/30 22:19:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/30 19:31:02 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/29 03:20:52 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/11/29 03:20:51 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/11/28 21:40:44 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Windows Media Player.lnk
[2011/11/28 21:38:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/11/28 21:35:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/11/28 08:05:17 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\_rgpl
[2011/11/25 09:20:24 | 004,393,569 | ---- | M] () -- C:\Documents and Settings\James\Desktop\IMG_0085.MOV
[2011/11/24 14:36:56 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Imperial College.lnk
[2011/11/19 12:45:42 | 002,620,690 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Baby Jools 051.psd
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/09 23:26:57 | 000,002,288 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Google Chrome.lnk
[2011/12/09 23:26:57 | 000,002,266 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/09 22:39:21 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/09 22:39:21 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/09 22:31:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\James\Desktop\MBR.dat
[2011/12/09 21:22:43 | 1071,828,992 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/09 20:45:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/09 20:40:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/09 20:40:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/09 20:40:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/09 20:40:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/09 20:40:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/06 19:55:18 | 003,891,557 | ---- | C] () -- C:\Documents and Settings\James\Desktop\IMG_0093.MOV
[2011/12/03 17:36:03 | 001,557,928 | ---- | C] () -- C:\Documents and Settings\James\Desktop\tdsskiller.zip
[2011/12/03 13:27:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8AS8c07.dat
[2011/12/03 13:26:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\k3IHi57.com
[2011/12/03 13:26:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\k3IHi57.com
[2011/12/03 12:25:18 | 000,010,606 | -HS- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/12/03 12:25:18 | 000,010,606 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/11/28 21:40:44 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Windows Media Player.lnk
[2011/11/28 21:35:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/11/28 21:34:20 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/28 08:05:17 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\_rgpl
[2011/11/25 09:20:24 | 004,393,569 | ---- | C] () -- C:\Documents and Settings\James\Desktop\IMG_0085.MOV
[2011/11/24 14:36:56 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Imperial College.lnk
[2011/11/19 12:45:41 | 002,620,690 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Baby Jools 051.psd
[2011/05/06 07:11:01 | 000,002,376 | ---- | C] () -- C:\WINDOWS\COLLINS0826.ini
[2011/05/02 19:14:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/12 04:45:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/02/03 02:31:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/24 07:31:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/08/28 10:37:54 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/23 01:28:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/11/12 07:13:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2006/10/31 09:01:33 | 000,000,952 | ---- | C] () -- C:\Documents and Settings\James\Application Data\wklnhst.dat
[2006/09/01 07:41:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/01 07:33:41 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/09/01 07:31:56 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/09/01 07:30:08 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/26 04:04:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/26 03:26:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/26 03:26:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/26 03:26:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/26 03:26:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/26 03:26:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/26 03:26:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/26 03:17:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2006/07/26 03:16:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/07/25 09:36:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/25 09:36:07 | 000,321,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/25 08:50:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/25 08:44:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/25 00:30:07 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/25 00:30:02 | 000,003,822 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/25 00:29:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/25 00:29:05 | 000,512,974 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/25 00:29:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/25 00:29:05 | 000,100,310 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/25 00:29:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/25 00:29:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/25 00:29:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/25 00:29:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/25 00:28:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/25 00:28:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/25 00:28:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/25 00:28:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/04 17:07:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 05:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

< End of report >




OTL Extras logfile created on: 10/12/2011 20:48:50 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\James\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.11 Mb Total Physical Memory | 535.88 Mb Available Physical Memory | 52.43% Memory free
3.90 Gb Paging File | 3.52 Gb Available in Paging File | 90.31% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.25 Gb Free Space | 16.55% Space Free | Partition Type: NTFS
Drive D: | 47.98 Gb Total Space | 18.27 Gb Free Space | 38.08% Space Free | Partition Type: NTFS

Computer Name: COLLINS | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\ChemDraw.exe" = C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\ChemDraw.exe:*:Enabled:ChemDraw Pro 11.0.1 -- (CambridgeSoft Corp.)
"C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\Chem3D.exe" = C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\Chem3D.exe:*:Enabled:ChemBio3D Ultra 11.0.1 -- (CambridgeSoft Corp.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\CambridgeSoft\ChemOffice2008\ENotebook\ENClientRemote.exe" = C:\Program Files\CambridgeSoft\ChemOffice2008\ENotebook\ENClientRemote.exe:*:Enabled:ENClientRemote -- (CambridgeSoft Corporation)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\James\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\James\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09AE4FE6-9610-449C-A5DE-C78FCFEB8A41}" = CambridgeSoft ENotebook 11.0
"{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19D196C4-8D02-4CBF-AF49-7D40C73C2602}" = CambridgeSoft ChemScript 11.0
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zookeeper Collection
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}" = VAIO Information FLOW
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (CSSQL05)
"{2BE2D319-BC36-4168-B803-2CDB43D2F861}" = MGLTools
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5CF6EEE9-86B1-3DB6-A07C-8F6C079C39BA}" = Google Talk Plugin
"{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83C00BEF-27A1-44B3-8BCC-EB1F7D6935D0}" = CambridgeSoft ChemBio3D Ultra 11.0
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{863F58EF-467F-4BCC-A40B-D2304630DEA1}" = CambridgeSoft Activation Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{ACC2C5F6-FDFA-4739-885C-87457D256C3E}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct
"{C4AB18B3-CA6C-1A25-4766-E2CE3F706B3C}" = BBC iPlayer Desktop
"{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-in 1.0
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C0}" = WinZip 15.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB)
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E5E6E687-1033-0000-0000-000000000002}" = Adobe Acrobat 7.0 Elements
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.30
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE4BD9BD-4A26-4F39-B12C-19336204B102}" = EndNote X Volume License Edition
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 7.0 Elements" = Adobe Acrobat 7.0 Elements
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{09AE4FE6-9610-449C-A5DE-C78FCFEB8A41}" = CambridgeSoft ENotebook 11.0
"InstallShield_{238DCFCD-70B3-46B2-B90B-2CDCC69A3D03}" = Zoo Tycoon 2 - Zookeeper Collection
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO Online Registration (English)
"InstallShield_{83C00BEF-27A1-44B3-8BCC-EB1F7D6935D0}" = CambridgeSoft ChemBio3D Ultra 11.0
"InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Mendeley Desktop" = Mendeley Desktop 0.9.8.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"My Club VAIO Media Center Edition_is1" = My Club VAIO MCE 1.0.0
"Neverball" = Neverball 1.5.4
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"Picasa 3" = Picasa 3
"PremElem20" = Adobe Premiere Elements 2.0
"ProInst" = Intel® PROSet/Wireless Software
"PROSet" = Intel® PRO Network Connections Drivers
"Rapport_msi" = Rapport
"VLC media player" = VLC media player 1.1.11
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Mail" = att.net Internet Mail
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/12/2011 00:02:19 | Computer Name = COLLINS | Source = MSSQL$CSSQL05 | ID = 17207
Description = FCB::Open: Operating system error 32(error not found) occurred while
creating or opening file 'C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\tempdb.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 09/12/2011 00:02:19 | Computer Name = COLLINS | Source = MSSQL$CSSQL05 | ID = 17204
Description = FCB::Open failed: Could not open file C:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\tempdb.mdf for file number 1. OS error: 32(error not
found).

Error - 09/12/2011 00:05:38 | Computer Name = COLLINS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 09/12/2011 00:05:40 | Computer Name = COLLINS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/12/2011 00:53:01 | Computer Name = COLLINS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

Error - 10/12/2011 01:36:01 | Computer Name = COLLINS | Source = MsiInstaller | ID = 11706
Description = Product: Adobe Acrobat 7.0 Elements -- Error 1706.No valid source
could be found for product Adobe Acrobat 7.0 Elements. The Windows Installer
cannot continue.

Error - 10/12/2011 01:37:14 | Computer Name = COLLINS | Source = MsiInstaller | ID = 11706
Description = Product: Adobe Acrobat 7.0 Elements -- Error 1706.No valid source
could be found for product Adobe Acrobat 7.0 Elements. The Windows Installer
cannot continue.

Error - 10/12/2011 23:38:03 | Computer Name = COLLINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 11/12/2011 00:16:04 | Computer Name = COLLINS | Source = Media Center Scheduler | ID = 0
Description =

Error - 11/12/2011 00:37:27 | Computer Name = COLLINS | Source = Media Center Scheduler | ID = 0
Description =

[ OSession Events ]
Error - 07/03/2011 02:05:02 | Computer Name = COLLINS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/12/2011 00:25:23 | Computer Name = COLLINS | Source = Service Control Manager | ID = 7031
Description = The SQL Server Browser service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 11/12/2011 00:25:23 | Computer Name = COLLINS | Source = Service Control Manager | ID = 7034
Description = The VAIO Event Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/12/2011 00:25:25 | Computer Name = COLLINS | Source = Service Control Manager | ID = 7031
Description = The Media Center Extender Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
5000 milliseconds: Restart the service.

Error - 11/12/2011 00:25:25 | Computer Name = COLLINS | Source = Service Control Manager | ID = 7034
Description = The VAIO Entertainment UPnP Client Adapter service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/12/2011 00:25:25 | Computer Name = COLLINS | Source = Service Control Manager | ID = 7031
Description = The COM+ System Application service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 11/12/2011 00:25:25 | Computer Name = COLLINS | Source = Service Control Manager | ID = 7034
Description = The VAIO Entertainment Database Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/12/2011 00:25:26 | Computer Name = COLLINS | Source = Service Control Manager | ID = 7034
Description = The Intel® PROSet/Wireless Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/12/2011 00:25:26 | Computer Name = COLLINS | Source = Service Control Manager | ID = 7034
Description = The VAIO Entertainment File Import Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 11/12/2011 00:25:26 | Computer Name = COLLINS | Source = Service Control Manager | ID = 7034
Description = The SQL Server (CSSQL05) service terminated unexpectedly. It has
done this 1 time(s).

Error - 11/12/2011 00:25:27 | Computer Name = COLLINS | Source = Service Control Manager | ID = 7034
Description = The MSSQL$VAIO_VEDB service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Combofix worked like we wanted it to.


Uninstall:
Java™ 6 Update 24 - get latest from java.com


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
[2011/05/07 20:52:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/05/07 20:52:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/23 20:38:45 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2011/12/03 12:29:28 | 000,010,606 | -HS- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/12/03 12:29:28 | 000,010,606 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
[2011/12/03 13:26:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\k3IHi57.com
[2011/12/03 13:26:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\k3IHi57.com

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
C:\Documents and Settings\James\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu
C:\Documents and Settings\James\Local Settings\Application Data\k3IHi57.com
C:\WINDOWS\System32\k3IHi57.com 
    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL, Quickscan and copy and paste the log.

Before you reuinstall Sophos let's install the free Avast and let it run a boot-time scan:

http://www.avast.com...ivirus-download
Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?

I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\boot.txt If you can find it please copy and paste it into a reply.
  • 0

#7
jcollins

jcollins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron,

Log files below. I left Avast running overnight so I didn't see how many files it had found, but it says 14 in the log report. So do you guys have a recommended antivirus (avast?). I get Sophos free from work but clearly it hasn't been all that effective...

Thanks,
James

========== PROCESSES ==========
All processes killed
========== OTL ==========
Folder C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Documents and Settings\James\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu moved successfully.
C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu moved successfully.
C:\Documents and Settings\James\Local Settings\Application Data\k3IHi57.com moved successfully.
C:\WINDOWS\system32\k3IHi57.com moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\James\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\James\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\James\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\James\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\James\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\James\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\James\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\James\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\James\Local Settings\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu not found.
File\Folder C:\Documents and Settings\All Users\Application Data\3g33i64u6x4t446137pj431d57w8x08u65hsu not found.
File\Folder C:\Documents and Settings\James\Local Settings\Application Data\k3IHi57.com not found.
File\Folder C:\WINDOWS\System32\k3IHi57.com not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
->Flash cache emptied: 56475 bytes

User: Guest
->Flash cache emptied: 916 bytes

User: James
->Flash cache emptied: 1603280 bytes

User: LocalService
->Flash cache emptied: 2255 bytes

User: NetworkService
->Flash cache emptied: 15598 bytes

User: staples

Total Flash Files Cleaned = 2.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Guest

User: James
->Java cache emptied: 58267191 bytes

User: LocalService

User: NetworkService
->Java cache emptied: 16007 bytes

User: staples

Total Java Files Cleaned = 56.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12102011_223903

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



OTL logfile created on: 10/12/2011 22:46:20 - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\James\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1022.11 Mb Total Physical Memory | 381.30 Mb Available Physical Memory | 37.31% Memory free
3.90 Gb Paging File | 3.34 Gb Available in Paging File | 85.62% Paging File free
Paging file location(s): C:\pagefile.sys 0 0D:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.33 Gb Free Space | 16.70% Space Free | Partition Type: NTFS
Drive D: | 47.98 Gb Total Space | 18.27 Gb Free Space | 38.08% Space Free | Partition Type: NTFS

Computer Name: COLLINS | User Name: James | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/04 13:31:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
PRC - [2011/11/14 21:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/11/07 21:28:26 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2011/10/13 09:11:52 | 001,543,704 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
PRC - [2011/10/13 09:11:50 | 000,099,864 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2011/10/13 09:11:49 | 000,167,960 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2011/05/25 12:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2011/03/14 05:31:36 | 000,494,616 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2011/03/14 05:31:35 | 000,232,472 | ---- | M] (Sophos Limited) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/20 03:37:09 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/11/07 06:30:08 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/04/13 04:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/04/04 05:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/11/28 04:38:44 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 04:38:42 | 000,167,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/08 18:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/14 21:39:54 | 000,420,920 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011/11/14 21:39:53 | 003,702,840 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011/11/14 21:38:16 | 000,122,952 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011/11/14 21:38:15 | 000,222,280 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011/11/14 21:38:14 | 001,746,504 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011/10/30 20:57:06 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/07 08:56:08 | 000,516,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2008/03/24 20:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005/11/28 02:59:16 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005/11/28 02:59:16 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005/11/28 02:59:16 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/09/08 18:24:30 | 000,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
MOD - [2005/05/20 08:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/11/07 21:28:26 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2011/10/13 09:11:52 | 001,543,704 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe -- (swi_service)
SRV - [2011/10/13 09:11:50 | 000,099,864 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2011/10/13 09:11:49 | 000,167,960 | ---- | M] (Sophos Limited) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2011/03/14 05:31:35 | 000,232,472 | ---- | M] (Sophos Limited) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2007/01/20 03:37:09 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/11/07 06:30:08 | 000,196,608 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2006/08/25 03:00:38 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/06/12 23:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 00:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 01:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 01:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/05/07 19:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 08:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 08:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 08:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 04:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/04/04 05:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/11/28 04:38:44 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 04:38:42 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 04:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/08 18:24:30 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0)
SRV - [2005/07/14 10:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/01/04 02:09:36 | 000,398,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_svc.exe -- (VCI)


========== Driver Services (SafeList) ==========

DRV - [2011/11/07 21:30:20 | 000,227,312 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys -- (RapportCerberus_32301)
DRV - [2011/11/07 21:28:40 | 000,071,440 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2011/11/07 21:28:38 | 000,164,112 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2011/11/07 21:28:38 | 000,056,208 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2011/10/13 09:11:43 | 000,153,728 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2011/10/13 09:11:43 | 000,024,192 | ---- | M] (Sophos Limited) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2011/10/13 09:11:43 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2011/10/13 09:11:38 | 000,031,736 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\skmscan.sys -- (SKMScan)
DRV - [2011/08/07 08:56:08 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\28896\RapportIaso.sys -- (RapportIaso)
DRV - [2010/11/08 13:29:52 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/11/08 13:29:40 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/08/05 14:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2006/09/01 07:45:07 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/05/25 14:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/06 01:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/21 01:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/08 08:33:34 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2006/02/02 14:16:08 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/31 09:35:28 | 000,039,808 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2005/12/29 01:42:00 | 000,234,496 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/12/14 08:07:24 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2005/12/04 15:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/11/28 03:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/24 04:37:36 | 000,047,104 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/11/11 06:09:52 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2005/10/17 23:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/17 23:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/17 23:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/09/20 16:04:56 | 000,067,456 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132)
DRV - [2005/09/19 22:18:20 | 000,005,248 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2005/08/01 07:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 09:58:56 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/01/06 04:42:42 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/21 20:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/10/31 19:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2000/12/05 07:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 02:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo....=PCAFSI1190&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/Chem3D,version=11.0: C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@cambridgesoft.com/ChemDraw,version=11.0: C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/25 13:28:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/15 15:47:43 | 000,000,000 | ---D | M]

[2011/02/03 02:31:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Extensions
[2011/12/04 14:56:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\2ngdthb1.default\extensions
[2011/02/03 05:30:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\2ngdthb1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/10 22:36:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/10 22:36:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/10/15 15:47:35 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/05/07 11:04:08 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011/10/15 15:47:35 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/10/15 15:47:35 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/10/15 15:47:35 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...1I7SNYK_enGB322
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Chem3D Plugin (Enabled) = C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll
CHR - plugin: ChemDraw (Enabled) = C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/10 20:36:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - Startup: C:\Documents and Settings\James\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add RSS Support Site to VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} http://as.photoprint...PSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55AFEFDB-F7E2-4390-888D-2F1CD3F55B08}: DhcpNameServer = 192.168.7.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/25 08:47:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/09/19 18:58:06 | 000,000,000 | ---D | M] - C:\Autostitch -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/10 22:49:09 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/10 22:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\logs 10th Dec 2
[2011/12/10 22:39:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/10 22:36:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/10 21:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
[2011/12/10 21:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/12/10 21:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2011/12/10 21:33:52 | 000,030,744 | ---- | C] (Sophos Limited) -- C:\WINDOWS\System32\SophosBootTasks.exe
[2011/12/10 21:31:34 | 000,031,736 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\skmscan.sys
[2011/12/10 21:22:47 | 000,153,728 | ---- | C] (Sophos Limited) -- C:\WINDOWS\System32\drivers\savonaccesscontrol.sys
[2011/12/10 21:22:46 | 000,024,192 | ---- | C] (Sophos Limited) -- C:\WINDOWS\System32\drivers\savonaccessfilter.sys
[2011/12/10 21:22:45 | 000,014,976 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\drivers\SophosBootDriver.sys
[2011/12/10 20:44:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\logs 10th Dec
[2011/12/09 23:26:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Start Menu\Programs\Google Chrome
[2011/12/09 22:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Desktop\logs 9th Dec
[2011/12/09 22:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/09 22:39:17 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/09 22:38:21 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\James\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/09 22:30:15 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\James\Desktop\aswMBR.exe
[2011/12/09 20:45:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/09 20:40:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/09 20:40:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/09 20:40:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/09 20:40:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/09 20:40:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/09 20:40:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/09 20:38:45 | 004,334,705 | R--- | C] (Swearware) -- C:\Documents and Settings\James\Desktop\ComboFix.exe
[2011/12/07 19:56:16 | 001,577,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\James\Desktop\TDSSKiller.exe
[2011/12/04 13:31:57 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/12/03 08:59:30 | 000,000,000 | ---D | C] -- C:\camera back up from 3rd Dec
[2011/11/28 21:40:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2011/11/28 21:35:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011/11/28 21:35:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011/11/25 15:08:07 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\James\Recent
[2011/11/25 09:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\James\Application Data\vlc
[2011/11/25 09:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/11/25 09:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/10 22:45:06 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-294901063-826198544-1246034819-1006UA.job
[2011/12/10 22:42:35 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/10 22:41:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/10 22:41:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/10 22:41:29 | 1071,828,992 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/10 22:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/10 21:45:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-294901063-826198544-1246034819-1006Core.job
[2011/12/10 20:58:06 | 009,455,688 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Sophos_UnManaged_2000up.exe
[2011/12/10 20:36:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/10 20:18:46 | 004,334,705 | R--- | M] (Swearware) -- C:\Documents and Settings\James\Desktop\ComboFix.exe
[2011/12/09 23:26:57 | 000,002,288 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Google Chrome.lnk
[2011/12/09 23:26:57 | 000,002,266 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/09 22:39:21 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/09 22:39:21 | 000,000,788 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/09 22:38:21 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\James\Desktop\mbam-setup-1.51.2.1300.exe
[2011/12/09 22:31:56 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\James\Desktop\MBR.dat
[2011/12/09 22:30:15 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\James\Desktop\aswMBR.exe
[2011/12/09 22:22:31 | 001,557,928 | ---- | M] () -- C:\Documents and Settings\James\Desktop\tdsskiller.zip
[2011/12/09 20:45:46 | 000,000,397 | RHS- | M] () -- C:\boot.ini
[2011/12/08 21:55:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/08 20:01:13 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/07 13:22:02 | 001,577,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\James\Desktop\TDSSKiller.exe
[2011/12/06 19:55:20 | 003,891,557 | ---- | M] () -- C:\Documents and Settings\James\Desktop\IMG_0093.MOV
[2011/12/04 13:31:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\James\Desktop\OTL.exe
[2011/12/03 13:27:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\8AS8c07.dat
[2011/12/03 10:35:44 | 000,085,504 | ---- | M] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/30 22:19:36 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/29 03:20:52 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/11/29 03:20:51 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/11/28 21:40:44 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Windows Media Player.lnk
[2011/11/28 21:38:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/11/28 21:35:27 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/11/28 08:05:17 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\_rgpl
[2011/11/25 09:20:24 | 004,393,569 | ---- | M] () -- C:\Documents and Settings\James\Desktop\IMG_0085.MOV
[2011/11/24 14:36:56 | 000,000,568 | ---- | M] () -- C:\Documents and Settings\James\Desktop\Imperial College.lnk
[2011/11/19 12:45:42 | 002,620,690 | ---- | M] () -- C:\Documents and Settings\James\My Documents\Baby Jools 051.psd
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/10 20:55:12 | 009,455,688 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Sophos_UnManaged_2000up.exe
[2011/12/09 23:26:57 | 000,002,288 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Google Chrome.lnk
[2011/12/09 23:26:57 | 000,002,266 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/12/09 22:39:21 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\James\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/12/09 22:39:21 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/12/09 22:31:56 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\James\Desktop\MBR.dat
[2011/12/09 21:22:43 | 1071,828,992 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/09 20:45:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/09 20:40:57 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/09 20:40:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/09 20:40:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/09 20:40:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/09 20:40:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/06 19:55:18 | 003,891,557 | ---- | C] () -- C:\Documents and Settings\James\Desktop\IMG_0093.MOV
[2011/12/03 17:36:03 | 001,557,928 | ---- | C] () -- C:\Documents and Settings\James\Desktop\tdsskiller.zip
[2011/12/03 13:27:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\8AS8c07.dat
[2011/11/28 21:40:44 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Windows Media Player.lnk
[2011/11/28 21:35:27 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011/11/28 21:34:20 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/11/28 08:05:17 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\_rgpl
[2011/11/25 09:20:24 | 004,393,569 | ---- | C] () -- C:\Documents and Settings\James\Desktop\IMG_0085.MOV
[2011/11/24 14:36:56 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\James\Desktop\Imperial College.lnk
[2011/11/19 12:45:41 | 002,620,690 | ---- | C] () -- C:\Documents and Settings\James\My Documents\Baby Jools 051.psd
[2011/05/06 07:11:01 | 000,002,376 | ---- | C] () -- C:\WINDOWS\COLLINS0826.ini
[2011/05/02 19:14:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/12 04:45:25 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/02/03 02:31:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/24 07:31:57 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/08/28 10:37:54 | 000,085,504 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/23 01:28:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/11/12 07:13:27 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\James\Local Settings\Application Data\fusioncache.dat
[2006/10/31 09:01:33 | 000,000,952 | ---- | C] () -- C:\Documents and Settings\James\Application Data\wklnhst.dat
[2006/09/01 07:41:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/01 07:33:41 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/09/01 07:31:56 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/09/01 07:30:08 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/26 04:04:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/26 03:26:25 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/07/26 03:26:25 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/07/26 03:26:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/07/26 03:26:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/07/26 03:26:25 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/07/26 03:26:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/07/26 03:17:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2006/07/26 03:16:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/07/25 09:36:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/25 09:36:07 | 000,321,184 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/07/25 08:50:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/25 08:44:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/25 00:30:07 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/25 00:30:02 | 000,003,822 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/25 00:29:07 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/25 00:29:05 | 000,512,974 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/25 00:29:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/25 00:29:05 | 000,100,310 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/25 00:29:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/25 00:29:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/25 00:29:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/25 00:29:01 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/25 00:28:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/25 00:28:54 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/25 00:28:45 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/25 00:28:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/04 17:07:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 05:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

========== LOP Check ==========

[2011/03/20 17:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2008/11/01 02:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CambridgeSoft
[2008/09/30 11:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2011/03/06 22:06:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ENotebook 11.0
[2007/03/25 10:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/12/18 15:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2010/12/04 05:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mestrelab Research S.L
[2011/05/06 22:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2006/11/07 06:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism Pack
[2011/12/10 21:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/12/10 21:34:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
[2011/05/30 12:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/03/20 16:59:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/02/15 07:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/04/23 20:43:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\ChemAxon
[2006/11/12 07:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\DIMAGE
[2011/12/10 22:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Dropbox
[2011/07/29 15:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\EndNote
[2006/11/18 14:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\InterVideo
[2010/12/04 05:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Mestrelab Research S.L
[2011/03/27 19:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Neverball
[2011/06/05 18:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Opera
[2006/11/07 06:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Prism Pack
[2006/10/22 07:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\sony
[2006/10/31 09:01:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Template
[2011/05/30 12:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\James\Application Data\Trusteer

========== Purity Check ==========



< End of report >



12/10/2011 23:36
Scan of all local drives

File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP80\A0189964.exe is infected by Win32:FakeAlert-BNS [Trj], Moved to chest
File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP80\A0190358.sys is infected by Win32:Aluroot [Rtk], Moved to chest
File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP81\A0193707.sys is infected by Win32:Aluroot [Rtk], Moved to chest
File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP81\A0195706.sys is infected by Win32:Aluroot [Rtk], Moved to chest
File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP81\A0197022.sys is infected by Win32:Aluroot [Rtk], Moved to chest
File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP81\A0199022.sys is infected by Win32:Aluroot [Rtk], Moved to chest
File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP81\A0200065.sys is infected by Win32:Aluroot [Rtk], Moved to chest
File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP81\A0201703.sys is infected by Win32:Aluroot [Rtk], Moved to chest
File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP81\A0203039.sys is infected by Win32:Aluroot [Rtk], Moved to chest
File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP81\A0204384.sys is infected by Win32:Aluroot [Rtk], Moved to chest
File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP82\A0205130.exe is infected by Win32:Sirefef-FW [Trj], Moved to chest
File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP82\A0205131.exe is infected by Win32:Sirefef-FW [Trj], Moved to chest
File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP82\A0205132.exe is infected by Win32:Delf-RGJ [Trj], Moved to chest
File C:\System Volume Information\_restore{8B5316C8-2225-4F3A-A9B8-80F50BDF71D0}\RP82\A0205133.exe is infected by Win32:Zbot-NUQ [Trj], Moved to chest
Number of searched folders: 19521
Number of tested files: 1069097
Number of infected files: 14
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I use the free Avast on my systems. It is very good about preventing you from going to a bad site and the boot-time scan is one of the best in the business.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#9
jcollins

jcollins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron,

The drivers found were:
ad2kgelp.ini (2001)
ad2kregp.dll (2005)
ad2kuigp.dll (2005)
ad2pdf7.ppd (2004)
all at c:\windows\system32\spool\drivers\w32x86\3

The logs from VEW are below. Thanks again,
James



Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/12/2011 11:30:49

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/12/2011 10:40:57
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 11/12/2011 10:08:53
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 11/12/2011 09:42:26
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.





Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/12/2011 11:32:35

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/12/2011 09:49:51
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

Log: 'Application' Date/Time: 11/12/2011 09:48:51
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

Log: 'Application' Date/Time: 11/12/2011 09:47:51
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

Log: 'Application' Date/Time: 11/12/2011 09:46:51
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

Log: 'Application' Date/Time: 11/12/2011 09:45:51
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

Log: 'Application' Date/Time: 11/12/2011 09:44:51
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

Log: 'Application' Date/Time: 11/12/2011 09:43:41
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/12/2011 09:42:55
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance CSSQL05 is not valid.

Log: 'Application' Date/Time: 11/12/2011 09:42:55
Type: warning Category: 8
Event: 19011 Source: MSSQL$VAIO_VEDB
The event description cannot be found.
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Microsoft SQL Server Desktop Engine (VAIO_VEDB) is not working correctly. Uninstall it (Appears it came from Sony so if you use it you can download it again from them)

Media Center Scheduler is showing a problem but it doesn't say what it is. Is that something you use?

Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.


usually see this when you have a P2P program running but I don't see one.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan. (Much Much faster than ESET)

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).
  • 0

Advertisements


#11
jcollins

jcollins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron,

I uninstalled the SQL server engine, and don't care about media center. I never use P2P programs so can't really explain that issue. In what I guess is either very good or very bad news, ESET found no threats after 5 hours scanning. Bitdefender also found nothing, log below.

Thanks again,
James




QuickScan 32-bit v0.9.9.100
---------------------------
Scan date: Sun Dec 11 17:23:17 2011
Machine ID: 54A58EF0



No infection found.
-------------------



Processes
---------
avast! Antivirus 408 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
avast! Antivirus 1732 C:\Program Files\AVAST Software\Avast\AvastUI.exe
Google Chrome 712 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 2616 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 2572 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 1648 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 1512 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 3468 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 3716 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Google Chrome 3828 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
Intel® PROSet/Wireless Event Log 1524 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Intel® PROSet/Wireless Registry Servi 2028 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
Intel® PROSet/Wireless Service 1596 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Java™ Platform SE 6 U29 2400 C:\Program Files\Java\jre6\bin\jqs.exe
Java™ Platform SE Auto Updater 2 0 1720 C:\Program Files\Common Files\Java\Java Update\jusched.exe
mcci+McciCMService 2628 C:\Program Files\Common Files\Motive\McciCMService.exe
Microsoft SQL Server 544 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
Microsoft SQL Server 2236 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
Microsoft SQL Server 3096 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
Microsoft® Windows® Operating System 2800 C:\WINDOWS\ehome\ehmsas.exe
Microsoft® Windows® Operating System 2168 C:\WINDOWS\ehome\ehSched.exe
Microsoft® Windows® Operating System 1572 C:\WINDOWS\ehome\ehtray.exe
Microsoft® Windows® Operating System 3368 C:\WINDOWS\ehome\mcrdsvc.exe
Microsoft® Windows® Operating System 1984 C:\WINDOWS\system32\spoolsv.exe
NVIDIA Driver Helper Service, Version 8 3604 C:\WINDOWS\system32\nvsvc32.exe
PhotoshopElementsFileAgent.exe 2100 C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PrismXL Software Family 1712 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
Rapport 1380 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
Rapport 2468 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
Skype 4404 C:\Program Files\Skype\Phone\Skype.exe
Skype Extras Manager 6132 C:\Program Files\Skype\Plugin Manager\skypePM.exe
Symantec Core Component 2856 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
VAIO Event Service 3084 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
(verified) GoogleToolbarNotifier 492 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Visual Studio .NET 2984 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(verified) Microsoft® Windows® Operating System 2016 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2364 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 904 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 332 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 2000 C:\WINDOWS\system32\dllhost.exe
(verified) Microsoft® Windows® Operating System 988 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 976 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 840 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 1880 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1628 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1472 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1660 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2328 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2344 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1236 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1172 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 932 C:\WINDOWS\system32\winlogon.exe


Network activity
----------------
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.224.191
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.224.244
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.239.31
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.224.244
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.239.31
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.224.250
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.224.187
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.224.251
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.224.178
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.224.219
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.224.187
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.224.217
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 69.171.229.15
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.239.6
Process AvastSvc.exe (408) connected on port 80 (HTTP) --> 74.125.224.244
Process chrome.exe (1648) connected on port 443 (HTTP over SSL) --> 74.125.239.30
Process chrome.exe (1648) connected on port 443 (HTTP over SSL) --> 173.194.64.95
Process chrome.exe (1648) connected on port 443 (HTTP over SSL) --> 74.125.224.244
Process chrome.exe (1648) connected on port 443 (HTTP over SSL) --> 173.194.64.84
Process chrome.exe (1648) connected on port 443 (HTTP over SSL) --> 74.125.224.230
Process chrome.exe (1648) connected on port 443 (HTTP over SSL) --> 74.125.224.249
Process chrome.exe (1648) connected on port 443 (HTTP over SSL) --> 74.125.224.198
Process chrome.exe (1648) connected on port 443 (HTTP over SSL) --> 74.125.224.189
Process chrome.exe (1648) connected on port 443 (HTTP over SSL) --> 173.194.64.132
Process chrome.exe (1648) connected on port 443 (HTTP over SSL) --> 173.194.64.132
Process chrome.exe (1648) connected on port 443 (HTTP over SSL) --> 74.125.239.22
Process Skype.exe (4404) connected on port 52212 --> 70.76.79.109

Process svchost.exe (1236) listens on ports: 135 (RPC)
Process sqlservr.exe (3096) listens on ports: 1245
Process Skype.exe (4404) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 32072


Autoruns and critical files
---------------------------
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
Dropbox C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe
Google Talk C:\Program Files\Google\Google Talk\googletalk.exe
GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
VAIO Event Service C:\WINDOWS\system32\VESWinlogon.dll
(verified) Google Update C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
avast! WebRep c:\program files\avast software\avast\aswwebrepie.dll
BitDefender QuickScan C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.100_0\npqscan.dll
Chem3D Plugin C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll
ChemDraw C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll
Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
Google Talk Plugin C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgoogletalk.dll
Google Talk Plugin Video Accelerator C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
Google Update C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
Google Update C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
IPSUploader4 C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx
Java™ Platform SE 6 U29 c:\program files\java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U29 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Motive Plugin C:\Program Files\Common Files\Motive\npMotive.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
Picasa C:\Program Files\Picasa2\npPicasa3.dll
Silverlight Plug-In C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) Microsoft Office Live Plug-in for Firef C:\Program Files\Microsoft\Office Live\npOLW.dll
(verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Windows Live® Photo Gallery C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll


Scan
----
MD5: 2fccc769cdba34c6ab6183aa4d2f7519 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_32301.sys
MD5: dd3e4610de9252a957c5bd19bdf47ac4 c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\28896\rapportiaso.sys
MD5: fe36976864a30ea91e14d024f8bf7dd8 C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe
MD5: 6d74290856347cf8682277a54b433d4b C:\Documents and Settings\James\Application Data\Dropbox\bin\DropboxExt.14.dll
MD5: ad2c471e10d9af88b80571afbedc2028 C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgoogletalk.dll
MD5: 113fe2ed884604b4f32f746a4d7296a3 C:\Documents and Settings\James\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
MD5: f94e03ab18d089b2545f9a01c348afa4 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MD5: fc61b78c3eb5d9da981946dba1e0f43b C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MD5: 44b41701012a102a3a929f47bf878f25 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MD5: 891735892cda9aa81ba3a1f4abf046af C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\chrome.dll
MD5: be0ff1633a2b280fb455ccd07c111050 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MD5: 97bb4e265dee073326e46f9b14463db7 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\icudt.dll
MD5: aee3e6bfcd9e53c4f7a916befcf95eee C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\pdf.dll
MD5: aad4d633eec058b392b66644f50cd909 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
MD5: 5e101bf6336d3def4a588bf56bb2aa38 C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
MD5: deb0136cea7fbbbf96171e22bd74053d C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.100_0\npqscan.dll
MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
MD5: 95151d7903fef5f221a3b5be603e69bf C:\Program Files\7-Zip\7-zip.dll
MD5: a84a3664925d9fbe090b331cb3c38aaf C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll
MD5: 254815271d166e12dde07371d3a947d5 C:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.dll
MD5: 2486c8e3f14496341e90cf2ab8bc82ed C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
MD5: 5077d7aeb25a6c0f912c78482061a22e C:\Program Files\Adobe\Photoshop Elements 4.0\platform.dll
MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
MD5: ffaa62e671f4604f729063640befd039 C:\Program Files\AVAST Software\Avast\1033\Base.dll
MD5: cd76996b881fb8e96b4ec2210e6934b8 C:\Program Files\AVAST Software\Avast\1033\UILangRes.dll
MD5: 9e9898d12608f8fbbd3ab3b9cde010c6 C:\Program Files\AVAST Software\Avast\Aavm4h.dll
MD5: b0e0b1b2f651e3c3917d4bec88be57f4 C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MD5: 082901e36e49bdd5ebe1aceaccfcabae C:\Program Files\AVAST Software\Avast\AhResBhv.dll
MD5: 7748d2c035541cc6119cbd0676065555 C:\Program Files\AVAST Software\Avast\AhResJs.dll
MD5: e656b9bb3650fdc261110b5791e15ac9 C:\Program Files\AVAST Software\Avast\AhResMai.dll
MD5: 9f91b0d0f39c087de9b0eadde33f49ec C:\Program Files\AVAST Software\Avast\AhResMes.dll
MD5: 5b63496b23e9d1eabc75947fe51aaa00 C:\Program Files\AVAST Software\Avast\AhResNS.dll
MD5: ea1cfd8098399e7ffebc5014c130729b C:\Program Files\AVAST Software\Avast\AhResP2P.dll
MD5: 3a5e076cbff22e52e5bc29222437e6f2 C:\Program Files\AVAST Software\Avast\AhResStd.dll
MD5: 852369f350aa2563938ab02f0eb8b431 C:\Program Files\AVAST Software\Avast\AhResWS.dll
MD5: ca4ddb5cb61b905a4407c5fb76527437 C:\Program Files\AVAST Software\Avast\ashBase.dll
MD5: 12ccfcb4bfb998647439adc8dd58a8c1 C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
MD5: 64a9cfa6d98ee34c75e984acc16ce96e C:\Program Files\AVAST Software\Avast\ashServ.dll
MD5: 7a4a6056b53f36db50bcb8a334bad2b6 C:\Program Files\AVAST Software\Avast\ashShell.dll
MD5: b821ced9f11f12f5dff8e983fc32aea2 C:\Program Files\AVAST Software\Avast\ashTask.dll
MD5: bef4f20a11c0fe612d2d521a502cca52 C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MD5: cd8e2ba308973659b224631349a2f039 C:\Program Files\AVAST Software\Avast\ashWebSv.dll
MD5: db542d64f17ce2a804581ad6ae207db6 C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
MD5: 1d352baff5a4b2e5e163bb6e652daf49 C:\Program Files\AVAST Software\Avast\aswAux.dll
MD5: 5a996ce86bda5ff1b628b21b9871287a C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MD5: 85e7f7d95de30a2008c75726cfc3ad61 C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MD5: 928f0fc896d10b099588a1d5aa46b1bf C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MD5: bdf5080dc5de21a5f662e45d57926233 C:\Program Files\AVAST Software\Avast\aswData.dll
MD5: 58bc0980941cb7ad218345adf24261d4 C:\Program Files\AVAST Software\Avast\aswDld.dll
MD5: 09cb9ae8bbc2512d9818987e721abe32 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MD5: c3f2f11d2db6436b638ffb3befe97009 C:\Program Files\AVAST Software\Avast\aswIdle.dll
MD5: 6e659799d1b14096c4da0717a9ab86a8 C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
MD5: 4f91c0b574919537defdb406ffd94430 C:\Program Files\AVAST Software\Avast\aswLog.dll
MD5: aee62a34b70cbea34ebe384d529312cb C:\Program Files\AVAST Software\Avast\aswProperty.dll
MD5: 388d8dd599c04577edff52e79c451bd7 C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MD5: 09f2f57c119fad90fc4bbd42e716b351 C:\Program Files\AVAST Software\Avast\aswStrm.dll
MD5: 99d5d540f154f29896c2f570938c6ceb C:\Program Files\AVAST Software\Avast\aswUtil.dll
MD5: 328bc79bc53ba7a284c818dde88945d7 c:\program files\avast software\avast\aswwebrepie.dll
MD5: 996e6d052438e8d8dfd501f31560b2e0 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
MD5: f7226aa410954185160067d5fa82f3f2 C:\Program Files\AVAST Software\Avast\AvastUI.exe
MD5: c4b742a1bac5f35d9223619f94acb45f C:\Program Files\AVAST Software\Avast\CommonRes.dll
MD5: 441d669552966be861e43b7da0f9d746 C:\Program Files\AVAST Software\Avast\defs\11121101\algo.dll
MD5: 2e05fc15a3660e073e3ae560042540fd C:\Program Files\AVAST Software\Avast\defs\11121101\arPot.dll
MD5: 298857f6cbabfd7913da9574bb95122e C:\Program Files\AVAST Software\Avast\defs\11121101\aswCmnBS.dll
MD5: ac00071afd110319094118df7f0734c6 C:\Program Files\AVAST Software\Avast\defs\11121101\aswCmnIS.dll
MD5: e65f35e6820cf0ff6107c3818f779e05 C:\Program Files\AVAST Software\Avast\defs\11121101\aswCmnOS.dll
MD5: 45e26cbd25aa3d5d936fd3f96c767191 C:\Program Files\AVAST Software\Avast\defs\11121101\aswEngin.dll
MD5: 47700103184884bcad6069500e768c21 C:\Program Files\AVAST Software\Avast\defs\11121101\aswFiDb.dll
MD5: 1c9f1f1039b64327fa18becbb443cf67 C:\Program Files\AVAST Software\Avast\defs\11121101\aswRep.dll
MD5: 4599081cfa6360d05eb8299fdf1cf2f3 C:\Program Files\AVAST Software\Avast\defs\11121101\aswScan.dll
MD5: d9b663cfd9679d1b14beceeeabfed7f9 C:\Program Files\AVAST Software\Avast\defs\11121102\algo.dll
MD5: 298857f6cbabfd7913da9574bb95122e C:\Program Files\AVAST Software\Avast\defs\11121102\aswCmnBS.dll
MD5: ac00071afd110319094118df7f0734c6 C:\Program Files\AVAST Software\Avast\defs\11121102\aswCmnIS.dll
MD5: e65f35e6820cf0ff6107c3818f779e05 C:\Program Files\AVAST Software\Avast\defs\11121102\aswCmnOS.dll
MD5: 45e26cbd25aa3d5d936fd3f96c767191 C:\Program Files\AVAST Software\Avast\defs\11121102\aswEngin.dll
MD5: 47700103184884bcad6069500e768c21 C:\Program Files\AVAST Software\Avast\defs\11121102\aswFiDb.dll
MD5: 1c9f1f1039b64327fa18becbb443cf67 C:\Program Files\AVAST Software\Avast\defs\11121102\aswRep.dll
MD5: 4599081cfa6360d05eb8299fdf1cf2f3 C:\Program Files\AVAST Software\Avast\defs\11121102\aswScan.dll
MD5: c9b044219292739c8c42ff55a97b0c9e C:\Program Files\AVAST Software\Avast\defs\11121102\uiExt.dll
MD5: ea5abee342925aa2c959e07fe6a95d5c C:\Program Files\AVAST Software\Avast\snxhk.dll
MD5: 3e9aea760e3146ec5ceac398f6ef014b C:\Program Files\CambridgeSoft\ChemOffice2008\Chem3D\npChem3DPlugin.dll
MD5: fcdf7cb6156cb01491747628348d3fa8 C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\npcdp32.dll
MD5: 8c4ac22616e77925135c221c46dc6307 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 0cf54607b862bf6cdc7eb21be189be84 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 6e3245df783e58375b3465f03274743e C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 647c11534c7af0c5ff599d930476511f C:\Program Files\Common Files\Microsoft Shared\VS7Debug\csm.dll
MD5: d3a4556c9d8206e8331e1bb8fc67b423 C:\Program Files\Common Files\Microsoft Shared\Web Folders\1033\nsextint.dll
MD5: 0f014081941e638d26cf049bc3481e13 C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
MD5: e6cb119ef2e148eaa1a247343550756e C:\Program Files\Common Files\Motive\McciCMService.exe
MD5: b73b5999d47cd9727264f557626bce3a C:\Program Files\Common Files\Motive\npMotive.dll
MD5: 75fea758f88914d607f8fb0750e7f4c9 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
MD5: f1534aca143ca86cd57672953754fab0 C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
MD5: 17bb6b38de8c2bda692ca1db0cea7325 C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
MD5: 3980b48dff300a7e4139f5c64da65f5c C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
MD5: 3dbade5b4aa47c245a69e99d72b8e73b C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
MD5: a45f9f3e6fdd9f6e00119f6a62582987 C:\Program Files\Common Files\Sony Shared\MP4Lib\savcdec.ax
MD5: 267d7409191d195103ae31764262b119 C:\Program Files\Common Files\Sony Shared\OpenMG\OmgMP4Decoder2.ax
MD5: 82a8e7e5091098ea02b04baa35a7aed6 C:\Program Files\Common Files\Sony Shared\Sony Utilities\SnyUtils.dll
MD5: 0e0c09d30b7391b3816230b9056bbb10 C:\Program Files\Common Files\Sony Shared\SXBIOS\sxbios.dll
MD5: 2172994116b8b56758ea3c26b313fb8a C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
MD5: 0bd64ccea7b4bf25ca2fb9bf1444dfd9 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
MD5: e81e8c7dc7ebc6cede156eaad5ef9c8e C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
MD5: fb1a8f8cbd361fc1f0d144d5018c97f3 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
MD5: 6ebb71e4b60d3f5af8296c3d352131c1 C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll
MD5: 3e5097d2f01bb823b0c256e64fd2ce78 C:\Program Files\Common Files\Sony Shared\VideoLib\sonydvvd.dll
MD5: 34460b2b4b840077f797dd551e05d4eb C:\Program Files\Common Files\Sony Shared\VideoLib\sonydvve.dll
MD5: 99f61912c73c2fe1818c3a9fc615fc89 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MD5: c1c706751f0499747da9442c2679a0b7 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MD5: 26687d8e9feed2ebab77670c72007b48 C:\Program Files\Common Files\System\ado\msado15.dll
MD5: 142cedecae89e372ee347681c3fbb257 C:\Program Files\Common Files\System\msadc\msadce.dll
MD5: 81e9041dac0983aace5c8920af73d64e C:\Program Files\Common Files\System\msadc\msadcer.dll
MD5: 1ed4c96ec76c3ddfcabd7644da23f4b6 C:\Program Files\Common Files\System\Ole DB\msdasql.dll
MD5: 8985fcece06a74017e23ddd093e34d4e C:\Program Files\Common Files\System\Ole DB\MSDASQLR.DLL
MD5: 73baffa0b02320690cdc606241078ce4 C:\Program Files\Common Files\System\Ole DB\MSDATL3.dll
MD5: 165a968caa9734216ff0eb192f5fbd7f C:\Program Files\Common Files\System\wab32.dll
MD5: 9179353100db37ae37b4d703e3ff3387 C:\Program Files\Common Files\System\wab32res.dll
MD5: 2437be68d5a37a75fad51c5f0e9a03ed C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
MD5: bcd9cbf0621f9a6767276a2e0bf1dd15 C:\Program Files\Google\Google Talk\googletalk.exe
MD5: 273c9862feed8630b218fddf99cb85c5 c:\program files\google\google toolbar\googletoolbar_32.dll
MD5: d580f8888b4a538753ddd16e06fc641b C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\gtn.dll
MD5: bbd2d60b8f0f0dc68d6211c81b755b6d C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
MD5: 56ded3ade453272e6a0ad582d945d1a4 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
MD5: 18697c1fdbe751ae52dd4edb3e9025f9 C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MD5: f5fcf2b4068dde641d16bf4b2e877c95 C:\Program Files\Intel\Wireless\Bin\IWMSPROV.DLL
MD5: 2ca3bda4edb557f8426ee46650d2c441 C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll
MD5: 1175911e055430e3119f06812e1fa8b8 C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll
MD5: 1b2857ef12d79a9f9adba14b0637cbf8 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
MD5: 6c5155cc0e805c7be6028bff7ac14524 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
MD5: f9f696ab4f62d0281ed6380b50c0bdb0 C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL
MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: dc365b6e595683f67bc21a203432e336 c:\program files\java\jre6\bin\jp2ssv.dll
MD5: 381b25dc8e958d905b33130d500bbf29 C:\Program Files\Java\jre6\bin\jqs.exe
MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: e3a7850421a4ab8b15fc174eb587bc6b c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: 844c363b47960cafcd81e5285269f280 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 451b004c4ace3b84a75cb982627b5e0c C:\Program Files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
MD5: fd67bab137c3a27d0418baf1bd78fe2e C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL
MD5: 269552e0e5bd5bfe0da7ad42fac34c37 C:\Program Files\Microsoft Office\Office12\msohevi.dll
MD5: ce6db25ffa35fd051c503f11db745862 C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
MD5: 1d89eb4e2a99cabd4e81225f4f4c4b25 C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
MD5: 86ebd8b1f23e743aad21f4d5b4d40985 C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
MD5: d89083c4eb02daca8f944b0e05e57f9d C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
MD5: d1e2786d29a34009a54868b6b0449296 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwvss_xp.dll
MD5: e111ced19d6a9ff9bba5c219d0c5a3ce C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\opends60.dll
MD5: 247fe8defbb95a4319c7b4b215f92891 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\Resources\1033\sqlevn70.RLL
MD5: d6d4130c0bbc0d18c2da703cc38260a9 C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlos.dll
MD5: 837608240884733792ddae81e50b802a C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
MD5: 724614b3363c3377ceac6dc8a1986c14 C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: 45d7f2fabdfd500e3c35dc068b552544 C:\Program Files\Picasa2\npPicasa3.dll
MD5: dcf0a8483976a9a81b30a128671f445c C:\Program Files\Sony\Image Converter 2\CtxMenu.dll
MD5: a16dedf58c40d8236578f0fbb520ea6d C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
MD5: 55a47a048e5fd13977ca47df39cba5ff C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
MD5: d04f7aaca2319a3bcdb2c5d5dd6f6026 C:\Program Files\Sony\VAIO Event Service\MSVCP70.dll
MD5: 2ea0b8689fc9765dda4bc4af7696ac09 C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MD5: b60a90e26ed798742a52ca182037e41c C:\Program Files\Sony\VAIO Event Service\VESHardwareMixer.dll
MD5: 0d5e02e7e3e8c5919690416f83dd0ff1 C:\Program Files\Sony\VAIO Event Service\VESHKWndCommon.dll
MD5: 1d5425783d92f34c63075fa0c4e2c3d5 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
MD5: 0b074d916d9025656fd13b94b66f96bd C:\Program Files\Sony\VAIO Event Service\VESPerform.dll
MD5: 5556f79436fb061e58cd76d19418f967 C:\Program Files\Sony\VAIO Event Service\VESSemiPnP.dll
MD5: 87ae8d8e52a560864b704f5ad7baeca5 C:\Program Files\Sony\VAIO Event Service\VESSuEvent.dll
MD5: 50816be873b9d931a1a17391dc957cc8 C:\Program Files\Sony\VAIO Event Service\VESSuPerform.dll
MD5: 67cd9d7b6693bbc5f58ac3c76569ee52 C:\Program Files\Sony\VAIO Event Service\VESTransform.dll
MD5: 98c3d83e0eaeb269ca62c1c712c83214 C:\Program Files\Sony\VAIO Event Service\VESVideo.dll
MD5: b7451b1d94df7b5d94a2109e75c17162 C:\Program Files\Sony\VAIO Event Service\VESWndMsg.dll
MD5: 63e0296ce0e7d39949153d90c000d36e C:\Program Files\Sony\VAIO Event Service\VESWndMsgHook.dll
MD5: ded309af31cb6ebe06d72cc1a10d5566 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
MD5: a530cd1825c86e4ef32518b5e192bf09 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
MD5: 6a2e7f4a28f410fdf975f21b6880fc65 C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
MD5: 3f8c67061b6c0795068bb2bb252fa374 C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
MD5: 711db5e84606c05aa4fb51f08f242a31 C:\Program Files\Sony\VAIO Power Management\VESPowerMgr.dll
MD5: 5074fe56c70b31909c6b3129280c4cf2 C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
MD5: c7d3492630472dc0546715dd4157b6c2 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
MD5: a7efcba3c7b4dd42b42d098526c5706d C:\Program Files\Trusteer\Rapport\bin\RapportNikko.dll
MD5: 1205f9ccc78d152a5cc509f5ee32800d C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
MD5: a2272146346be995e8956e139c5e6fa1 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
MD5: a5e638419da5f92f574bdf0cc9bcbc8b C:\Program Files\Trusteer\Rapport\bin\RapportUtil.dll
MD5: 42a30ad650abe3c20b498594ff2c4c17 c:\program files\trusteer\rapport\bin\rooksbas.dll
MD5: b4a20cb7ed000397e60e21c1ca393c09 c:\program files\trusteer\rapport\bin\rookscom.dll
MD5: 6301220104367486f45f82c199298f35 c:\program files\trusteer\rapport\bin\rooksdol.dll
MD5: 42d08a04bea63d24545c543583bc5d7a C:\Program Files\Yahoo!\Common\Ymmapi.dll
MD5: 9bd4dcb5412921864a7aacdedfbd1923 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
MD5: 07c02c892e8e1a72d6bf35004f0e9c5e C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
MD5: fc38b32bfc5f750ff3a5c527f946582b C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 7f5be3c8b9c50264703884156996f81b C:\WINDOWS\Downloaded Program Files\IPSUploader4.ocx
MD5: 03a905fba1d62317087db5c21c0f8f62 C:\WINDOWS\ehome\ehmsas.exe
MD5: 0f0f5b564c5a3c9b38a6220230252567 C:\WINDOWS\eHome\ehProxy.dll
MD5: a53243709439ac2a4c216b817f8d7411 C:\WINDOWS\ehome\ehSched.exe
MD5: 6d280bc969218ae4a72180f907c32913 C:\WINDOWS\eHome\ehTrace.dll
MD5: 7a21e06385e748e9cb0252f1bbc493f1 C:\WINDOWS\ehome\ehtray.exe
MD5: df0a511f38f16016bf658fca0090cb87 C:\WINDOWS\ehome\mcrdsvc.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 54da154ef4f8993476e0525f768bc5f2 C:\WINDOWS\system32\AdobePDF.dll
MD5: 873ba6958391dc205eaac5e7322f3dee C:\WINDOWS\system32\Audiodev.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: f5430b03e141e098c78d5db46b00f8fc C:\WINDOWS\system32\confmsp.dll
MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: 2a9e427681169f02274ad8c17d52fa2d C:\WINDOWS\system32\CSRSRV.dll
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 12dafd934641dcf61e446313bc261ec2 C:\WINDOWS\system32\DRIVERS\AegisP.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: b21fcbc58cb13bac70f74b5ac5da7409 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
MD5: 526192bf7696f72e29777bf4a180513a C:\WINDOWS\system32\DRIVERS\DMICall.sys
MD5: d57a8fc800b501ac05b10d00f66d127a C:\WINDOWS\system32\DRIVERS\e100b325.sys
MD5: 389cf2cded384be477c3b3f15747d495 C:\WINDOWS\system32\DRIVERS\e1e5132.sys
MD5: c1d5cbd8aa0d674da1ba1bb189696396 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
MD5: c9f4e7da78a02623abf78a4a34ce79b1 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
MD5: acc46dda7fece95a253ae88cea172e12 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
MD5: e246a32c445056996074a397da56e815 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: 4f56e52f7ce6ac737adb1bb2a1854592 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
MD5: 0c8da0a8b0d227319c285e0eae65defd C:\WINDOWS\System32\Drivers\PxHelp20.sys
MD5: d6c7c196ad59375e9dde68d70db6e7a1 C:\WINDOWS\System32\Drivers\RapportKELL.sys
MD5: 1cc074e0d48383d4e9bffc6a26c2a58a C:\WINDOWS\system32\DRIVERS\s24trans.sys
MD5: 716a724a447c559f122ea140d636fa48 C:\WINDOWS\system32\DRIVERS\SI3132.sys
MD5: 62fd549acf2943f89612a8777295fa57 C:\WINDOWS\system32\DRIVERS\SiRemFil.sys
MD5: 72cf151fb410e544904dbc7d7f29b796 C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys
MD5: c483fc0add8b074286600b9620ef2c16 C:\WINDOWS\system32\DRIVERS\SonyImgF.sys
MD5: be6038e0a7d2e2fe69107e41a0265831 C:\WINDOWS\System32\Drivers\SonyNC.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 784b73bd9d1c0fba6ca96e8976f4b0e6 C:\WINDOWS\system32\drivers\sthda.sys
MD5: b226f8a4d780acdf76145b58bb791d5b C:\WINDOWS\system32\drivers\symlcbrd.sys
MD5: 26587ce8e6c6f16b8b4e7e2c16fa00bf C:\WINDOWS\system32\drivers\ti21sony.sys
MD5: e362d54fd394999c4178936396664e57 C:\WINDOWS\system32\drivers\Toshidpt.sys
MD5: d626e0af9232d8799d3a449530f3c220 C:\WINDOWS\system32\DRIVERS\tosporte.sys
MD5: 0ec5206059d97a8dc785be73fb457ec7 C:\WINDOWS\System32\Drivers\tosrfbd.sys
MD5: 33498b8f0b2ca549c2b7ffc1b3c0f1bc C:\WINDOWS\System32\Drivers\tosrfbnp.sys
MD5: 5ba1ca3b3cddb1ddc67df473f05d1ec2 C:\WINDOWS\System32\Drivers\tosrfcom.sys
MD5: 5dbf390aab62dd0d4d43a9278614e001 C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
MD5: c52fd27b9adf3a1f22cb90e6bcf9b0cb C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
MD5: 0d86d15caff2b3203c785d604ec7c942 C:\WINDOWS\system32\drivers\TosRfSnd.sys
MD5: c582b7716f0be7e65505365f4f941587 C:\WINDOWS\System32\Drivers\tosrfusb.sys
MD5: c7f4158ea3915f4194aee233ff8d4728 C:\WINDOWS\System32\Drivers\usbvm321.sys
MD5: b1f126e7e28877106d60e6ff3998d033 C:\WINDOWS\system32\DRIVERS\w39n51.sys
MD5: 57e51c6347165622c69d456b96b1eb46 C:\WINDOWS\system32\dxdiagn.dll
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: ce8c3bc1377b83dbcd7304ab2d0a4735 C:\WINDOWS\system32\h323msp.dll
MD5: 0217cd51d55ca3e693a682664d3de2bf C:\WINDOWS\system32\ieframe.dll
MD5: 7cfdeb1560eacad6006d653ec55d12d0 C:\WINDOWS\system32\iertutil.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: de3745a51b7ac7fedc356a83f76c8023 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\system32\MFC71.DLL
MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll
MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime
MD5: 3d811bf538d6f359735d757c94f484b6 C:\WINDOWS\system32\msdbg2.dll
MD5: 855f6333e3a4dfc6f3c8b0520c261fcd C:\WINDOWS\system32\MSFTEDIT.DLL
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: 9e70016c950b1f8fdeaa6f067e2e25a8 C:\WINDOWS\system32\msjet40.dll
MD5: 7e2b58ce8c4013287371667880b1080d C:\WINDOWS\system32\MSJINT40.DLL
MD5: 98e53ca00d3c0a2e9faa4e59c101aeba C:\WINDOWS\system32\mslbui.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: afdc647d16b285b9ae6140335b3b3255 C:\WINDOWS\system32\mswstr10.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\System32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 9071c7641749e87942302decefc8091d C:\WINDOWS\system32\NvCpl.dll
MD5: caf1661b3a97bb8d47b60c7eb222c58a C:\WINDOWS\system32\nvsvc32.exe
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 2c288aa87e4723ac9ff4d76a192ec3f8 C:\WINDOWS\system32\odbccp32.dll
MD5: 5ce275cdc5ffb77b1ec29dbdfe4b6689 C:\WINDOWS\system32\odbcji32.dll
MD5: 1b05dcc75fbb903a17e3e0ddaea8d508 C:\WINDOWS\system32\odbcjt32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll
MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\shdocvw.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: e5edbd51476db5001abf5c82ae5c3dd1 C:\WINDOWS\system32\shgina.dll
MD5: 0e3605a5e7c23f1139c5c448e1eaf494 C:\WINDOWS\system32\shimgvw.dll
MD5: 29b6a85a733abe65b371023f790b2599 C:\WINDOWS\system32\shmedia.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 4424ae65f7af8181ac99fe46bc2700c9 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll
MD5: a60fc9ca376dba1235c63e960996f013 C:\WINDOWS\system32\syncui.dll
MD5: 3f8411328e808a8794a41da9acb22dd9 C:\WINDOWS\system32\tapi3.dll
MD5: 8edd9dcd5196b6c54a622e9549f667b8 C:\WINDOWS\system32\termmgr.dll
MD5: 4763ce0b8cf4ca355db2fe6c74675db8 C:\WINDOWS\system32\twext.dll
MD5: 17e0cf9c8cbb717d05948656bcd86efa C:\WINDOWS\system32\txflog.dll
MD5: 31b6e9e116a3d6f8eb13202c9b5db403 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 711f90584b64086bec5c53254a728bdc C:\WINDOWS\system32\VESWinlogon.dll
MD5: 0e876fc0327377f08657a1a0383dda59 C:\WINDOWS\System32\wiadefui.dll
MD5: bf67ac2c1f41be892b98e9b8e91c0cb8 C:\WINDOWS\system32\wiashext.dll
MD5: 1a377838b4b468e37c3eeb5baa24f925 C:\WINDOWS\system32\wininet.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 95cf3446911a6e25ee4086df8a45b2aa C:\WINDOWS\system32\winsrv.dll
MD5: 9eefe69139fdbb4a3c327630f8eb993a C:\WINDOWS\system32\wlanapi.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 81d2a27c916c7830743e4afa454099f7 C:\WINDOWS\system32\wpdshext.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll
MD5: b6752e2cf5d19ca57243e15e74b2751e D:\WinZip\WZCAB3.DLL
MD5: 6bd44cc9d41f88cc9084e920be814ad8 D:\WinZip\wzshlex1.dll
MD5: c897e5f411d87bf5029f3126058882c4 D:\WinZip\wzshlstb.dll


No file uploaded.

Scan finished - communication took 4 sec
Total traffic - 0.02 MB sent, 1.09 KB recvd
Scanned 758 files and modules - 129 seconds

==============================================================================
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Symantec Core Component 2856 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

a leftover from Symantec/Norton. I'd download, save and run their uninstaller:

ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe


I would turn off the Media Center Scheduler service:

Start, Run, services.msc, OK to bring up the services center:

Find the Media Center Scheduler and right click and select Properties then change the Startup type: to Disabled. Apply.

If you don't use the SQL service for anything you can also do the same for
Microsoft SQL Server (or any variation on the name)

Then clear the alarms and reboot and run Vino's again and let's see how it looks now.

Ron
  • 0

#13
jcollins

jcollins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron,

I uninstalled Symantec and disabled Media Center Scheduler as well as 3 SQL Server services. I didn't know what you meant by 'clear the alarms', but the subsequent VEW logs after the reboot are below.

Thanks,
James




Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/12/2011 21:06:16

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/12/2011 21:05:55
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}

Log: 'System' Date/Time: 11/12/2011 21:04:55
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}

Log: 'System' Date/Time: 11/12/2011 21:03:55
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}

Log: 'System' Date/Time: 11/12/2011 21:02:55
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}

Log: 'System' Date/Time: 11/12/2011 21:02:52
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

Log: 'System' Date/Time: 11/12/2011 21:02:52
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The VAIO Entertainment Database Service service depends on the following nonexistent service: MSSQL$VAIO_VEDB

Log: 'System' Date/Time: 11/12/2011 20:55:05
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 11/12/2011 20:54:57
Type: error Category: 0
Event: 7001 Source: Service Control Manager
The VAIO Entertainment File Import Service service depends on the VAIO Entertainment Database Service service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.

Log: 'System' Date/Time: 11/12/2011 20:54:57
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The VAIO Entertainment Database Service service depends on the following nonexistent service: MSSQL$VAIO_VEDB

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/12/2011 10:40:57
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 11/12/2011 10:08:53
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Log: 'System' Date/Time: 11/12/2011 09:42:26
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.





Vino's Event Viewer v01c run on Windows XP in English
Report run at 11/12/2011 21:07:48

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/12/2011 16:04:11
Type: error Category: 101
Event: 1002 Source: Application Hang
Hanging application POWERPNT.EXE, version 12.0.6545.5000, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Log: 'Application' Date/Time: 11/12/2011 09:49:51
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

Log: 'Application' Date/Time: 11/12/2011 09:48:51
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

Log: 'Application' Date/Time: 11/12/2011 09:47:51
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

Log: 'Application' Date/Time: 11/12/2011 09:46:51
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

Log: 'Application' Date/Time: 11/12/2011 09:45:51
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

Log: 'Application' Date/Time: 11/12/2011 09:44:51
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

Log: 'Application' Date/Time: 11/12/2011 09:43:41
Type: error Category: 0
Event: 0 Source: Media Center Scheduler
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 11/12/2011 20:54:40
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance CSSQL05 is not valid.

Log: 'Application' Date/Time: 11/12/2011 20:51:58
Type: warning Category: 0
Event: 1517 Source: Userenv
Windows saved user COLLINS\James registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Log: 'Application' Date/Time: 11/12/2011 15:59:27
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{E5E6E687-1033-0000-0000-000000000002}', feature 'PDFMaker' failed during request for component '{E832CD38-EBEB-4A6A-945F-216C18DA0927}'

Log: 'Application' Date/Time: 11/12/2011 15:59:27
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{E5E6E687-1033-0000-0000-000000000002}', feature 'Distiller', component '{5577765F-8E92-49D7-B5FF-647FD1A22B59}' failed. The resource 'C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe' does not exist.

Log: 'Application' Date/Time: 11/12/2011 15:59:19
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{E5E6E687-1033-0000-0000-000000000002}', feature 'PDFMaker' failed during request for component '{E832CD38-EBEB-4A6A-945F-216C18DA0927}'

Log: 'Application' Date/Time: 11/12/2011 15:59:19
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{E5E6E687-1033-0000-0000-000000000002}', feature 'Distiller', component '{5577765F-8E92-49D7-B5FF-647FD1A22B59}' failed. The resource 'C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe' does not exist.

Log: 'Application' Date/Time: 11/12/2011 12:45:33
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{E5E6E687-1033-0000-0000-000000000002}', feature 'PDFMaker' failed during request for component '{E832CD38-EBEB-4A6A-945F-216C18DA0927}'

Log: 'Application' Date/Time: 11/12/2011 12:45:33
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{E5E6E687-1033-0000-0000-000000000002}', feature 'Distiller', component '{5577765F-8E92-49D7-B5FF-647FD1A22B59}' failed. The resource 'C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe' does not exist.

Log: 'Application' Date/Time: 11/12/2011 12:45:26
Type: warning Category: 0
Event: 1001 Source: MsiInstaller
Detection of product '{E5E6E687-1033-0000-0000-000000000002}', feature 'PDFMaker' failed during request for component '{E832CD38-EBEB-4A6A-945F-216C18DA0927}'

Log: 'Application' Date/Time: 11/12/2011 12:45:26
Type: warning Category: 0
Event: 1004 Source: MsiInstaller
Detection of product '{E5E6E687-1033-0000-0000-000000000002}', feature 'Distiller', component '{5577765F-8E92-49D7-B5FF-647FD1A22B59}' failed. The resource 'C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe' does not exist.

Log: 'Application' Date/Time: 11/12/2011 12:17:08
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance CSSQL05 is not valid.

Log: 'Application' Date/Time: 11/12/2011 12:17:06
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance CSSQL05 is not valid.

Log: 'Application' Date/Time: 11/12/2011 12:17:06
Type: warning Category: 0
Event: 2 Source: SQLBrowser
The configuration of the SQL instance VAIO_VEDB is not valid.

Log: 'Application' Date/Time: 11/12/2011 09:42:55
Type: warning Category: 0
Event: 3 Source: SQLBrowser
The configuration of the AdminConnection\TCP protocol in the SQL instance CSSQL05 is not valid.

Log: 'Application' Date/Time: 11/12/2011 09:42:55
Type: warning Category: 8
Event: 19011 Source: MSSQL$VAIO_VEDB
The event description cannot be found.
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
To clear the alarms you do:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.


Then you run Vino's. This way I only see the new alarms so if we have fixed something it won't show up.

Uninstall

Adobe Acrobat 7.0 Elements

*************************************
These services
ehSched

VAIO Entertainment File Import Service

need to be turned off:

Start, Run, cmd, OK to bring up a command window.

sc config ehSched start= disabled /c

sc config "VAIO Entertainment File Import Service" start= disabled /c


The second one may not work. If so then Start, Run, services.msc, OK and try and find the VAIO Entertainment File Import Service and right click on it and select Properties then change the Startup Type: to Disabled. If the ehsched command did not work also try and turn off Media Center Scheduler Service the same way.

Now clear the alarms, reboot and run vino's and let's see what is left.
  • 0

#15
jcollins

jcollins

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hi Ron,

Adobe Acrobat Elements is uninstalled, and the other 2 services are both disabled according to the services.msc window. Don't know if this is relevant, but on reboot after clearing the alarms, the desktop took ages to load. VEW logs are below. So are we done with the virus threat and are now clearing up broken/annoying programs?

Thanks,
James




Vino's Event Viewer v01c run on Windows XP in English
Report run at 12/12/2011 19:36:52

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/12/2011 19:36:19
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}

Log: 'System' Date/Time: 12/12/2011 19:35:19
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}

Log: 'System' Date/Time: 12/12/2011 19:34:19
Type: error Category: 0
Event: 10005 Source: DCOM
DCOM got error "%1058" attempting to start the service ehSched with arguments "-Service" in order to run the server: {4B635ECB-0887-4015-8CA6-D621362F98D1}

Log: 'System' Date/Time: 12/12/2011 19:31:00
Type: error Category: 0
Event: 7034 Source: Service Control Manager
The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 12/12/2011 19:30:59
Type: error Category: 0
Event: 7003 Source: Service Control Manager
The VAIO Entertainment Database Service service depends on the following nonexistent service: MSSQL$VAIO_VEDB

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 12/12/2011 19:33:52
Type: warning Category: 0
Event: 1073 Source: USER32
The attempt to unknown COLLINS failed






Vino's Event Viewer v01c run on Windows XP in English
Report run at 12/12/2011 19:37:58

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 12/12/2011 19:33:23
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:23
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:23
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:23
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:22
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:22
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:22
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:22
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:21
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:21
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:21
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:14
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:14
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:14
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:13
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:03
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:03
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:33:03
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:32:58
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0

Log: 'Application' Date/Time: 12/12/2011 19:32:58
Type: warning Category: 0
Event: 1015 Source: MsiInstaller
Failed to connect to server. Error: 0x800401F0
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP