Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

wyUpdate malware?

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
Pbarton
Junior Member


Joined: 12 Aug 2005
Last Visit: 19 Jul 2012
Posts: 25
Location: Hawaii
PostPosted: Thu Mar 22, 2012 12:59 pm    Post subject: wyUpdate malware? Reply with quote
I’m getting wyUpate prompts. I don’t remember installing this program unless it came bundled with something else. User Account Control is blocking it and I am checking “no” for its access request. I found wyUpdate files at C:/users/paul/AppData/Local/temp/w2296/wyt-supdf and deleted the entire folder but it recreated itself under a new name. The log files are posted below. I appreciate any help you can give. Thank you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Paul at 10:52:19 on 2012-03-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2108 [GMT -10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={0E91A13F-ACF8-4D31-8E72-FE554B513EA1}&mid=d1728ae75e8d47d19488a9cd7a0409aa-97a3e4fe4c81d37b518835f3f93bf15d9571b684&lang=en&ds=ts023&pr=sa&d=2012-03-07 06:56:45&v=10.0.0.7&sap=hp
uDefault_Page_URL = hxxp://sony.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [VRLPHelper] C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe /Stay
uRun: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{12E1852A-6906-4573-9264-7690FB4C2352} : DhcpNameServer = 10.11.0.1 10.11.0.2
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B} : DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\2456163686022457D60234166656 : DhcpNameServer = 192.168.200.1
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\662756378636166656 : DhcpNameServer = 24.25.227.15 66.75.160.15 10.0.2.1
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\840555 : DhcpNameServer = 10.4.30.253 10.4.30.254
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\C494C494D27455543545 : DhcpNameServer = 165.248.1.219 165.248.1.209
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\0yd1rt4h.default\
FF - prefs.js: browser.startup.homepage - www.my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B567c3161-b875-449a-ad71-7d38d0512f4f%7D&mid=d1728ae75e8d47d19488a9cd7a0409aa-97a3e4fe4c81d37b518835f3f93bf15d9571b684&ds=ts023&v=10.2.0.3&lang=en&pr=sa&d=2012-03-07%2006%3A56%3A45&sap=ku&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npsharedview.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPXPEE.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-3 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-5-3 2361344]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-1-23 259192]
R2 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-3 2656280]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-18 652016]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-5-3 852160]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-23 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-22 08:06:52 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA331F5F-3C54-496E-BCCE-630A9A4AE4DC}\offreg.dll
2012-03-21 17:40:36 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-21 17:40:36 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-20 13:19:05 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA331F5F-3C54-496E-BCCE-630A9A4AE4DC}\mpengine.dll
2012-03-14 02:53:15 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 02:53:14 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 02:53:14 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 19:26:19 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 19:26:18 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 19:26:17 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 19:25:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 19:25:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 19:25:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 19:25:31 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 19:25:30 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 19:25:30 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 19:25:30 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-12 00:12:05 -------- d-----w- C:\Users\Paul\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-11 23:54:23 -------- d-----w- C:\ProgramData\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}
2012-03-11 23:53:56 -------- d-----w- C:\Users\Paul\AppData\Local\PackageAware
2012-03-11 22:35:50 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-03-11 22:24:18 -------- d-----w- C:\Users\Paul\Adobe Dreamweaver CS5.5
2012-03-11 22:24:04 -------- d-----w- C:\Users\Paul\New folder
2012-03-11 22:22:15 -------- d-----w- C:\Users\Paul\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-11 21:50:02 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2012-03-11 08:01:39 -------- d-----w- C:\Program Files\iPod
2012-03-11 08:01:38 -------- d-----w- C:\Program Files\iTunes
2012-03-11 08:01:38 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-10 01:32:32 4431872 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-07 18:54:01 -------- d-----w- C:\Users\Paul\AppData\Local\twitter
2012-03-07 18:53:48 576536 ----a-r- C:\Users\Paul\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe
2012-03-07 18:48:32 -------- d-----w- C:\Program Files (x86)\Twitter
2012-03-07 16:56:41 -------- d--h--w- C:\ProgramData\Common Files
2012-03-07 09:58:05 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
.
==================== Find3M ====================
.
2012-03-02 00:11:11 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 19:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 21:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 21:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-01-26 21:15:14 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
2012-01-26 21:15:14 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2010-01-26 21:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
.
============= FINISH: 10:52:49.91 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/24/2011 10:36:44 PM
System Uptime: 3/22/2012 5:13:14 AM (5 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | N/A | 1092/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 586 GiB total, 527.669 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP120: 3/7/2012 8:48:04 AM - Installed TweetDeck
RP121: 3/7/2012 8:52:05 AM - Removed TweetDeck
RP122: 3/10/2012 9:59:29 PM - Installed iTunes
RP123: 3/11/2012 12:54:33 PM - VAIO Care Automatic Restore Point
RP124: 3/13/2012 8:45:37 AM - Windows Update
RP125: 3/13/2012 4:50:46 PM - Windows Update
RP126: 3/17/2012 8:24:10 PM - Windows Update
RP127: 3/20/2012 9:31:40 PM - VAIO Care Automatic Restore Point
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Dreamweaver CS5.5
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.2) MUI
Adobe Widget Browser
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft WebCam Companion 4
Best Buy pc app
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Talk Plugin
HP Update
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Oasis2Service
Office Timeline 2010
OOBE
PASW Statistics Student Version 18.0
Picasa 3
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
QuickTime
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
SlimComputer
SSLx86
TweetDeck
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
VDownloader 3.6.943
VESx86
VIx86
VLC media player 1.1.11
VWSTx86
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.1
.
==== Event Viewer Messages From Past Week ========
.
3/20/2012 4:57:30 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-1Cool from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/20/2012 3:08:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.
3/19/2012 2:45:54 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
3/19/2012 2:45:30 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VcmINSMgr service.
3/15/2012 11:26:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/15/2012 11:26:40 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/15/2012 11:26:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/15/2012 11:26:13 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/15/2012 11:26:13 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
_________________
If we are to achieve results never before accomplished, we must expect to employ methods never before attempted.
Back to top
View user's profile Send private message Yahoo Messenger
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283
PostPosted: Sun Mar 25, 2012 8:07 am    Post subject: Reply with quote
Checking your logs, will reply soon.

torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283
PostPosted: Sun Mar 25, 2012 2:37 pm    Post subject: Reply with quote
Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Spyware Removal forum and wait for help.

Failure to post replies within 3 days will result in this thread being closed.



Hi Pbarton and welcome to Spyware Warrior Forum :

My name is torreattack, and I will be helping you with your malware problems.

I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Read:
How to back up or transfer your data on a Windows-based computer
Backup your data - Vista
Backup your data - windows 7


I'd also recommend that you create a System Restore Point that we can restore to if necessary.


  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...

    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


If you haven't done so already, please read this topic Things to know before you post where the conditions for receiving help here are explained.


I will return, as soon as possible, with additional instructions.

Thank you for your patience.
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283
PostPosted: Mon Mar 26, 2012 2:09 pm    Post subject: Reply with quote
Hi Pbarton :


1. No Anti-virus Software Installed!
Looking over your log ... there is NO evidence of anti-virus software installed.. This puts you at serious risk.
Anti-virus software will help detect, cleanse, and erase harmful virus files on a computer, Web server, or network.
Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories.

To protect your computer from infection...download a (free for personal use) anti-virus program from one these reliable vendors.


  • Microsoft Security Essentials ** - New, from Microsoft, with email scanning, easy to install, easy to use.
    ** Your PC must run genuine Windows to install Microsoft Security Essentials.
  • avast! Free Antivirus - Excellent detection, the freeware version includes email scanning.
  • Note: remember to Uncheck any extra software downloads you may be offered (optional)



Installing a new AV product.
  1. Download the new Anti-virus product to your computer.
  2. Save any work. Close all applications, especially your Internet connection.
  3. Install the new AV product... following installation instructions.
  4. Check for updates to the new AV product, if not done during install setup.
  5. Run a FULL SCAN of your computer.

It is strongly recommended that you run only one antivirus program at a time.
Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts..


2. Please re-run DDS and post a new log.

Thanks,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Pbarton
Junior Member


Joined: 12 Aug 2005
Last Visit: 19 Jul 2012
Posts: 25
Location: Hawaii
PostPosted: Mon Mar 26, 2012 5:20 pm    Post subject: Reply with quote
Actually, I have the free version of Malwarebytes installed. It's listed on my logs under installed programs as: Malwarebytes Anti-Malware version 1.60.1.1000. It has been updated to the latest version and it did not detect any malware.

Are you asking me to uninstall Malwarebytes and instead run Avast? Please advise. Thank you.
_________________
If we are to achieve results never before accomplished, we must expect to employ methods never before attempted.
Back to top
View user's profile Send private message Yahoo Messenger
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283
PostPosted: Tue Mar 27, 2012 1:39 pm    Post subject: Reply with quote
Hi Pbarton ,

Quote:
Are you asking me to uninstall Malwarebytes and instead run Avast?

No.

Quote:
Actually, I have the free version of Malwarebytes installed. It's listed on my logs under installed programs as: Malwarebytes Anti-Malware version 1.60.1.1000.

Do you enable the real time scan trial mode?
Malwarebytes with FREE real time scanning mode will only last for 30 days.

I recommend you to install an antivirus now.

Please post a new DDS log.

Thanks,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Pbarton
Junior Member


Joined: 12 Aug 2005
Last Visit: 19 Jul 2012
Posts: 25
Location: Hawaii
PostPosted: Wed Mar 28, 2012 12:37 am    Post subject: Reply with quote
The new logs are posted below. Thank you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Paul at 22:31:42 on 2012-03-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2016 [GMT -10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={0E91A13F-ACF8-4D31-8E72-FE554B513EA1}&mid=d1728ae75e8d47d19488a9cd7a0409aa-97a3e4fe4c81d37b518835f3f93bf15d9571b684&lang=en&ds=ts023&pr=sa&d=2012-03-07 06:56:45&v=10.0.0.7&sap=hp
uDefault_Page_URL = hxxp://sony.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [VRLPHelper] C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe /Stay
uRun: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{12E1852A-6906-4573-9264-7690FB4C2352} : DhcpNameServer = 10.11.0.1 10.11.0.2
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B} : DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\2456163686022457D60234166656 : DhcpNameServer = 192.168.200.1
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\662756378636166656 : DhcpNameServer = 24.25.227.15 66.75.160.15 10.0.2.1
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\840555 : DhcpNameServer = 10.4.30.253 10.4.30.254
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\C494C494D27455543545 : DhcpNameServer = 165.248.1.219 165.248.1.209
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\0yd1rt4h.default\
FF - prefs.js: browser.startup.homepage - www.my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B567c3161-b875-449a-ad71-7d38d0512f4f%7D&mid=d1728ae75e8d47d19488a9cd7a0409aa-97a3e4fe4c81d37b518835f3f93bf15d9571b684&ds=ts023&v=10.2.0.3&lang=en&pr=sa&d=2012-03-07%2006%3A56%3A45&sap=ku&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npsharedview.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPXPEE.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-3 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-5-3 2361344]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-23 652360]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-1-23 259192]
R2 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-3 2656280]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-18 652016]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-5-3 852160]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-23 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-28 02:56:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9811968-D222-491B-917C-9263203DBA34}\offreg.dll
2012-03-27 19:23:22 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9811968-D222-491B-917C-9263203DBA34}\mpengine.dll
2012-03-21 17:40:36 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-21 17:40:36 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 02:53:15 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 02:53:14 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 02:53:14 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 19:26:19 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 19:26:18 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 19:26:17 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 19:25:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 19:25:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 19:25:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 19:25:31 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 19:25:30 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 19:25:30 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 19:25:30 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-12 00:12:05 -------- d-----w- C:\Users\Paul\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-11 23:54:23 -------- d-----w- C:\ProgramData\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}
2012-03-11 23:53:56 -------- d-----w- C:\Users\Paul\AppData\Local\PackageAware
2012-03-11 22:35:50 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-03-11 22:24:18 -------- d-----w- C:\Users\Paul\Adobe Dreamweaver CS5.5
2012-03-11 22:24:04 -------- d-----w- C:\Users\Paul\New folder
2012-03-11 22:22:15 -------- d-----w- C:\Users\Paul\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-11 21:50:02 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2012-03-11 08:01:39 -------- d-----w- C:\Program Files\iPod
2012-03-11 08:01:38 -------- d-----w- C:\Program Files\iTunes
2012-03-11 08:01:38 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-10 01:32:32 4431872 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-07 18:54:01 -------- d-----w- C:\Users\Paul\AppData\Local\twitter
2012-03-07 18:53:48 576536 ----a-r- C:\Users\Paul\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe
2012-03-07 18:48:32 -------- d-----w- C:\Program Files (x86)\Twitter
2012-03-07 16:56:41 -------- d--h--w- C:\ProgramData\Common Files
2012-03-07 09:58:05 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
.
==================== Find3M ====================
.
2012-03-02 00:11:11 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 19:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 21:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 21:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-01-26 21:15:14 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
2012-01-26 21:15:14 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2010-01-26 21:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
.
============= FINISH: 22:32:11.59 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/24/2011 10:36:44 PM
System Uptime: 3/27/2012 5:02:12 PM (5 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | N/A | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 586 GiB total, 522.636 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP120: 3/7/2012 8:48:04 AM - Installed TweetDeck
RP121: 3/7/2012 8:52:05 AM - Removed TweetDeck
RP122: 3/10/2012 9:59:29 PM - Installed iTunes
RP123: 3/11/2012 12:54:33 PM - VAIO Care Automatic Restore Point
RP124: 3/13/2012 8:45:37 AM - Windows Update
RP125: 3/13/2012 4:50:46 PM - Windows Update
RP126: 3/17/2012 8:24:10 PM - Windows Update
RP127: 3/20/2012 9:31:40 PM - VAIO Care Automatic Restore Point
RP128: 3/22/2012 10:38:21 PM - Windows Update
RP129: 3/26/2012 11:56:30 AM - Pre Malware Cleanup
RP130: 3/27/2012 9:22:49 AM - Windows Update
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Dreamweaver CS5.5
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.2) MUI
Adobe Widget Browser
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft WebCam Companion 4
Best Buy pc app
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Talk Plugin
HP Update
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Oasis2Service
Office Timeline 2010
OOBE
PASW Statistics Student Version 18.0
Picasa 3
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
QuickTime
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
SlimComputer
SSLx86
TweetDeck
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
VDownloader 3.6.943
VESx86
VIx86
VLC media player 1.1.11
VWSTx86
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.1
.
==== Event Viewer Messages From Past Week ========
.
3/27/2012 6:22:12 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-1Cool from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/25/2012 6:21:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/25/2012 6:21:03 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/25/2012 6:21:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/25/2012 6:20:52 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/25/2012 6:20:52 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
3/20/2012 3:08:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.
.
==== End Of File ===========================
_________________
If we are to achieve results never before accomplished, we must expect to employ methods never before attempted.
Back to top
View user's profile Send private message Yahoo Messenger
Pbarton
Junior Member


Joined: 12 Aug 2005
Last Visit: 19 Jul 2012
Posts: 25
Location: Hawaii
PostPosted: Wed Mar 28, 2012 12:38 am    Post subject: Reply with quote
The new logs are posted below. Thank you.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Paul at 22:31:42 on 2012-03-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2016 [GMT -10:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={0E91A13F-ACF8-4D31-8E72-FE554B513EA1}&mid=d1728ae75e8d47d19488a9cd7a0409aa-97a3e4fe4c81d37b518835f3f93bf15d9571b684&lang=en&ds=ts023&pr=sa&d=2012-03-07 06:56:45&v=10.0.0.7&sap=hp
uDefault_Page_URL = hxxp://sony.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [VRLPHelper] C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe /Stay
uRun: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{12E1852A-6906-4573-9264-7690FB4C2352} : DhcpNameServer = 10.11.0.1 10.11.0.2
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B} : DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\2456163686022457D60234166656 : DhcpNameServer = 192.168.200.1
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\662756378636166656 : DhcpNameServer = 24.25.227.15 66.75.160.15 10.0.2.1
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\840555 : DhcpNameServer = 10.4.30.253 10.4.30.254
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\C494C494D27455543545 : DhcpNameServer = 165.248.1.219 165.248.1.209
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\0yd1rt4h.default\
FF - prefs.js: browser.startup.homepage - www.my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B567c3161-b875-449a-ad71-7d38d0512f4f%7D&mid=d1728ae75e8d47d19488a9cd7a0409aa-97a3e4fe4c81d37b518835f3f93bf15d9571b684&ds=ts023&v=10.2.0.3&lang=en&pr=sa&d=2012-03-07%2006%3A56%3A45&sap=ku&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npsharedview.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPXPEE.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-3 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-5-3 2361344]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-23 652360]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-1-23 259192]
R2 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-3 2656280]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-18 652016]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-5-3 852160]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-23 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-28 02:56:17 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9811968-D222-491B-917C-9263203DBA34}\offreg.dll
2012-03-27 19:23:22 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9811968-D222-491B-917C-9263203DBA34}\mpengine.dll
2012-03-21 17:40:36 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-21 17:40:36 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 02:53:15 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 02:53:14 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 02:53:14 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 19:26:19 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 19:26:18 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 19:26:17 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 19:25:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 19:25:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 19:25:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 19:25:31 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 19:25:30 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 19:25:30 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 19:25:30 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-12 00:12:05 -------- d-----w- C:\Users\Paul\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-11 23:54:23 -------- d-----w- C:\ProgramData\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}
2012-03-11 23:53:56 -------- d-----w- C:\Users\Paul\AppData\Local\PackageAware
2012-03-11 22:35:50 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-03-11 22:24:18 -------- d-----w- C:\Users\Paul\Adobe Dreamweaver CS5.5
2012-03-11 22:24:04 -------- d-----w- C:\Users\Paul\New folder
2012-03-11 22:22:15 -------- d-----w- C:\Users\Paul\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-11 21:50:02 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2012-03-11 08:01:39 -------- d-----w- C:\Program Files\iPod
2012-03-11 08:01:38 -------- d-----w- C:\Program Files\iTunes
2012-03-11 08:01:38 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-10 01:32:32 4431872 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-07 18:54:01 -------- d-----w- C:\Users\Paul\AppData\Local\twitter
2012-03-07 18:53:48 576536 ----a-r- C:\Users\Paul\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe
2012-03-07 18:48:32 -------- d-----w- C:\Program Files (x86)\Twitter
2012-03-07 16:56:41 -------- d--h--w- C:\ProgramData\Common Files
2012-03-07 09:58:05 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
.
==================== Find3M ====================
.
2012-03-02 00:11:11 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 19:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 21:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 21:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-01-26 21:15:14 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
2012-01-26 21:15:14 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2010-01-26 21:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
.
============= FINISH: 22:32:11.59 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/24/2011 10:36:44 PM
System Uptime: 3/27/2012 5:02:12 PM (5 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | N/A | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 586 GiB total, 522.636 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP120: 3/7/2012 8:48:04 AM - Installed TweetDeck
RP121: 3/7/2012 8:52:05 AM - Removed TweetDeck
RP122: 3/10/2012 9:59:29 PM - Installed iTunes
RP123: 3/11/2012 12:54:33 PM - VAIO Care Automatic Restore Point
RP124: 3/13/2012 8:45:37 AM - Windows Update
RP125: 3/13/2012 4:50:46 PM - Windows Update
RP126: 3/17/2012 8:24:10 PM - Windows Update
RP127: 3/20/2012 9:31:40 PM - VAIO Care Automatic Restore Point
RP128: 3/22/2012 10:38:21 PM - Windows Update
RP129: 3/26/2012 11:56:30 AM - Pre Malware Cleanup
RP130: 3/27/2012 9:22:49 AM - Windows Update
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Dreamweaver CS5.5
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.2) MUI
Adobe Widget Browser
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft WebCam Companion 4
Best Buy pc app
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Talk Plugin
HP Update
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Oasis2Service
Office Timeline 2010
OOBE
PASW Statistics Student Version 18.0
Picasa 3
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
QuickTime
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
SlimComputer
SSLx86
TweetDeck
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
VDownloader 3.6.943
VESx86
VIx86
VLC media player 1.1.11
VWSTx86
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.1
.
==== Event Viewer Messages From Past Week ========
.
3/27/2012 6:22:12 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-1Cool from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/25/2012 6:21:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/25/2012 6:21:03 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/25/2012 6:21:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/25/2012 6:20:52 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/25/2012 6:20:52 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
3/20/2012 3:08:04 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.
.
==== End Of File ===========================
_________________
If we are to achieve results never before accomplished, we must expect to employ methods never before attempted.
Back to top
View user's profile Send private message Yahoo Messenger
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283
PostPosted: Thu Mar 29, 2012 12:31 am    Post subject: Reply with quote
Hi Pbarton :

Having a "layered" protection scheme is beneficial, MBAM will not detect all forms of malware, and without an Antivirus, you system is likely to be infected again.

Please install an antivirus now.

Torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Pbarton
Junior Member


Joined: 12 Aug 2005
Last Visit: 19 Jul 2012
Posts: 25
Location: Hawaii
PostPosted: Thu Mar 29, 2012 9:24 am    Post subject: Reply with quote
Installed and ran Microsoft Essentials. It found and removed three threats but the problem still persists. The new logs are posted below. (Hopefully, I won't double post this time.) Thanks for working with me.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Paul at 7:15:40 on 2012-03-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2453 [GMT -10:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\conhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [VRLPHelper] C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe /Stay
uRun: [Google Update] "C:\Users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{12E1852A-6906-4573-9264-7690FB4C2352} : DhcpNameServer = 10.11.0.1 10.11.0.2
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B} : DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\2456163686022457D60234166656 : DhcpNameServer = 192.168.200.1
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\662756378636166656 : DhcpNameServer = 24.25.227.15 66.75.160.15 10.0.2.1
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\840555 : DhcpNameServer = 10.4.30.253 10.4.30.254
TCP: Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}\C494C494D27455543545 : DhcpNameServer = 165.248.1.219 165.248.1.209
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\0yd1rt4h.default\
FF - prefs.js: browser.startup.homepage - www.my.yahoo.com
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B567c3161-b875-449a-ad71-7d38d0512f4f%7D&mid=d1728ae75e8d47d19488a9cd7a0409aa-97a3e4fe4c81d37b518835f3f93bf15d9571b684&ds=ts023&v=10.2.0.3&lang=en&pr=sa&d=2012-03-07%2006%3A56%3A45&sap=ku&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npsharedview.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPXPEE.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-2-27 499200]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-3 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-5-3 2361344]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-1-23 652360]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2012-2-9 53248]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-26 398176]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-1-23 259192]
R2 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-3 2656280]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-18 652016]
R2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-18 385336]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-5-3 852160]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-2-27 885248]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-23 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2011-9-23 1429608]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-1-5 340240]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-18 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-03-29 17:09:48 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B6A7F754-2EF4-4FC8-A3ED-B57557F145EB}\offreg.dll
2012-03-29 09:08:24 -------- d--h--w- C:\Windows\msdownld.tmp
2012-03-29 08:43:25 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{28DE9683-BA56-4011-A2B5-99808B11C123}\gapaengine.dll
2012-03-29 08:43:18 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B6A7F754-2EF4-4FC8-A3ED-B57557F145EB}\mpengine.dll
2012-03-29 08:41:45 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-03-29 08:41:36 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-03-27 19:23:22 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B9811968-D222-491B-917C-9263203DBA34}\mpengine.dll
2012-03-21 17:40:36 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-21 17:40:36 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 02:53:15 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 02:53:14 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 02:53:14 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-13 19:26:19 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-13 19:26:18 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-13 19:26:17 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-13 19:25:31 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-13 19:25:31 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-13 19:25:31 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-13 19:25:31 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-13 19:25:30 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-13 19:25:30 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-13 19:25:30 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-12 00:12:05 -------- d-----w- C:\Users\Paul\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-11 23:54:23 -------- d-----w- C:\ProgramData\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}
2012-03-11 23:53:56 -------- d-----w- C:\Users\Paul\AppData\Local\PackageAware
2012-03-11 22:35:50 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2012-03-11 22:24:18 -------- d-----w- C:\Users\Paul\Adobe Dreamweaver CS5.5
2012-03-11 22:24:04 -------- d-----w- C:\Users\Paul\New folder
2012-03-11 22:22:15 -------- d-----w- C:\Users\Paul\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-11 21:50:02 -------- d-----w- C:\Program Files (x86)\Adobe Download Assistant
2012-03-11 08:01:39 -------- d-----w- C:\Program Files\iPod
2012-03-11 08:01:38 -------- d-----w- C:\Program Files\iTunes
2012-03-11 08:01:38 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-10 01:32:32 4431872 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-07 18:54:01 -------- d-----w- C:\Users\Paul\AppData\Local\twitter
2012-03-07 18:53:48 576536 ----a-r- C:\Users\Paul\AppData\Roaming\Microsoft\Installer\{C5AC39F1-001D-4338-84C6-35109525588A}\TweetDeck.exe
2012-03-07 18:48:32 -------- d-----w- C:\Program Files (x86)\Twitter
2012-03-07 16:56:41 -------- d--h--w- C:\ProgramData\Common Files
2012-03-07 09:58:05 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
.
==================== Find3M ====================
.
2012-03-02 00:11:11 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-15 21:01:50 52736 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2012-02-15 21:01:50 4547944 ----a-w- C:\Windows\System32\usbaaplrc.dll
2012-01-31 12:44:20 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-26 21:15:14 205 ----a-w- C:\Windows\SysWow64\lsprst7.dll
2012-01-26 21:15:14 1025 ----a-w- C:\Windows\SysWow64\sysprs7.dll
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2010-01-26 21:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
.
============= FINISH: 7:16:46.17 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/24/2011 10:36:44 PM
System Uptime: 3/29/2012 6:33:16 AM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | N/A | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 586 GiB total, 522.131 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP120: 3/7/2012 8:48:04 AM - Installed TweetDeck
RP121: 3/7/2012 8:52:05 AM - Removed TweetDeck
RP122: 3/10/2012 9:59:29 PM - Installed iTunes
RP123: 3/11/2012 12:54:33 PM - VAIO Care Automatic Restore Point
RP124: 3/13/2012 8:45:37 AM - Windows Update
RP125: 3/13/2012 4:50:46 PM - Windows Update
RP126: 3/17/2012 8:24:10 PM - Windows Update
RP127: 3/20/2012 9:31:40 PM - VAIO Care Automatic Restore Point
RP128: 3/22/2012 10:38:21 PM - Windows Update
RP129: 3/26/2012 11:56:30 AM - Pre Malware Cleanup
RP130: 3/27/2012 9:22:49 AM - Windows Update
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Dreamweaver CS5.5
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.2) MUI
Adobe Widget Browser
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft WebCam Companion 4
Best Buy pc app
Coupon Printer for Windows
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Talk Plugin
HP Update
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Malwarebytes Anti-Malware version 1.60.1.1000
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Oasis2Service
Office Timeline 2010
OOBE
PASW Statistics Student Version 18.0
Picasa 3
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
QuickTime
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
SlimComputer
SSLx86
TweetDeck
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
VDownloader 3.6.943
VESx86
VIx86
VLC media player 1.1.11
VWSTx86
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.1
.
==== Event Viewer Messages From Past Week ========
.
3/27/2012 6:22:12 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-1Cool from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
3/25/2012 6:21:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
3/25/2012 6:21:03 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/25/2012 6:21:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/25/2012 6:20:52 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/25/2012 6:20:52 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
_________________
If we are to achieve results never before accomplished, we must expect to employ methods never before attempted.
Back to top
View user's profile Send private message Yahoo Messenger
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283
PostPosted: Fri Mar 30, 2012 2:34 pm    Post subject: Reply with quote
Hi Pbarton :


Quote:
Installed and ran Microsoft Essentials. It found and removed three threats but the problem still persists.

1. Can you kindly post the logs of Microsoft Essentials?
  • Use notepad to open the MPLog-<Date>.log located at C:\ProgramData\Microsoft\Microsoft Security Essentials\Support,
  • Copy and paste that log as a reply to this topic.
  • Repeat the same procedures for: MPDetection-<Date>.log too.




2. remove program
Some of the following programs are outdated, useless or not recommended to keep. Please uninstall them.
  • Click start>> Control Panel >> Under Programs, click on Uninstall a program.
  • Locate the following program(s):
    Quote:

    Java Auto Updater
    Java(TM) 6 Update 22
    Coupon Printer for Windows

  • Select the program above and click on Uninstall to uninstall it.
NOTE: Take extra care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

RESTART your computer now.


3. Java SE Runtime Environment (JRE).
Please download from HERE
  • Find Java SE 7u3, (JRE) Java SE 7.
  • Click the Download JRE button to the right.
  • check the box that says Accept License Agreement. Next, click the correct Product / File Description (in your case the jre-7u3-windows-x64.exe).
  • Save the file to your desktop.
  • Close all active windows.
  • Install the program.
  • Note: remember to Uncheck any extra software downloads you may be offered (optional)



4. ESET online scannner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Then click on Run ESET Online Scanner
    Quote:
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on Start.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.



5. Checklist
Please restart your computer and post:

  • Microsoft Essentials log
  • Eset online scanning result
  • New DDS log
  • An update on your problems



Thanks,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Pbarton
Junior Member


Joined: 12 Aug 2005
Last Visit: 19 Jul 2012
Posts: 25
Location: Hawaii
PostPosted: Fri Mar 30, 2012 11:42 pm    Post subject: Reply with quote
The file path is C:\ProgramData\Microsoft\Microsoft Antimalware\Support. The logs you requested are below. I’ll proceed to the other steps and post when completed.
--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎Wed ‎Mar ‎28 ‎2012 22:41:48
**********************************************************************Cache stats************
No. Of buckets -> 53
Each Bucket has max capacity of -> 128 entries
number of Entries is 0
Number of invalid entries is 0
Number of Inserts issued is 0
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 0
Number of misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 438272

2012-03-29T08:41:48.181Z Verifying RTP plugin...
2012-03-29T08:41:48.255Z verified!
2012-03-29T08:41:48.315Z Verifying Nis plugin...
2012-03-29T08:41:48.325Z verified!
2012-03-29T08:41:48.351Z Initializing Nis plugin state...
2012-03-29T08:41:48.352Z Nis initialized!
2012-03-29T08:41:48.358Z Loading engine...
2012-03-29T08:41:48.360Z loaded!
2012-03-29T08:41:48.377Z Verifying license file...
2012-03-29T08:41:48.380Z Resetting Cache
2012-03-29T08:41:48.381Z Disabling cache because the SetOrValidateChangeJournalId operation didnt succeed with 0x80501002
2012-03-29T08:41:48.382Z Cache Disabled
2012-03-29T08:41:48.388Z verified!
2012-03-29T08:41:48.389Z Product supports installmode: 1
2012-03-29T08:41:48.431Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-29T08:41:48.434Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2012-03-29T08:41:48.638Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:41:48.687Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:41:48.817Z WAT report: machine genuine, state(1) error(0x0)
2012-03-29T08:41:50.708Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:41:50.725Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:41:52.748Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:41:52.766Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:41:59.049Z Task(SignaturesUpdateService -UnmanagedUpdate) launched
2012-03-29T08:43:19.140Z Verifying engine module...
2012-03-29T08:43:19.267Z verified!
2012-03-29T08:43:25.578Z Cache Enabled
2012-03-29T08:43:25.619Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,1,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:0
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:366
TotalBitmap:63120
**************************END RTP Perf Log*************************



Initializing RTP plugin state...
2012-03-29T08:43:25.623Z initialized!
Signature updated on ‎Wed ‎Mar ‎28 ‎2012 22:43:25
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 1.1.8202.0
AS Signature Version: 1.123.636.0
AV Signature Version: 1.123.636.0
************************************************************
2012-03-29T08:43:25.719Z Process scan started.
2012-03-29T08:43:27.661Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0) and up-to-date state(1)
2012-03-29T08:43:27.679Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0) and up-to-date state(1)
2012-03-29T08:43:29.698Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0) and up-to-date state(1)
2012-03-29T08:43:29.716Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0) and up-to-date state(1)
2012-03-29T08:43:48.586Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:48.606Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:50.627Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:50.645Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:52.665Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:52.683Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:54.703Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:54.720Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Signature updated via MicrosoftUpdateServer on ‎Wed ‎Mar ‎28 ‎2012 22:43:58
************************************************************
2012-03-29T08:46:05.908Z Process scan completed.
2012-03-29T08:46:48.560Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-03-29T08:46:48.561Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 12474838(ms) from now with period 86400000(ms)
2012-03-29T08:51:48.435Z AutoPurgeWorker triggered with dwWork=0x3
2012-03-29T08:51:48.436Z Product supports installmode: 1
2012-03-29T08:51:48.758Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-29T08:51:48.777Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
2012-03-29T08:51:49.320Z WAT report: machine genuine, state(1) error(0x0)
2012-03-29T08:53:46.522Z Process scan started.
2012-03-29T08:54:32.203Z Process scan completed.
2012-03-29T08:59:02.599Z Cache Resizing**********Cache stats************
No. Of buckets -> 53
Each Bucket has max capacity of -> 128 entries
number of Entries is 5595
Number of invalid entries is 0
Number of Inserts issued is 5595
Number of replaces issued is 0
Number of Insert failures is 229
Number of lookups is 39352
Number of misses is 20743
Number of false fast lookups is 957
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 438272

2012-03-29T09:05:46.231Z First Scan Completed
2012-03-29T09:05:46.231Z MOAC capability telemetry: 0,0,CNTFS3E0x155
2012-03-29T09:05:46.262Z MOAC capability telemetry sent with hr = 0x0.
Begin Resource Scan
Scan ID:{839CCD09-400C-4A86-8C5B-A1D40B1A0D30}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:55
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:56
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Result Count:2
Unknown File
Identifier:15592067180370329598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:5865317542712
Threat Name:Exploit:Java/CVE-2011-3544
ID:2147652517
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Extended Info:18144074319851
Resource Schema:containerfile
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:0
End Scan
************************************************************

2012-03-29T09:53:56.887Z DETECTIONEVENT Exploit:Java/CVE-2011-3544 file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
2012-03-29T09:53:57.140Z DETECTION_ADD Exploit:Java/CVE-2011-3544 file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Begin Resource Scan
Scan ID:{DD8876F9-19C3-4C82-AB76-E0B4C3011687}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:57
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Result Count:2
Threat Name:Exploit:Java/CVE-2010-0840.OO
ID:2147653855
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Extended Info:18146082394177
Resource Schema:containerfile
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544
ID:2147652517
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/umbro.class
Extended Info:18145297784333
Resource Schema:containerfile
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032
Extended Info:0
End Scan
************************************************************

2012-03-29T09:53:58.420Z DETECTIONEVENT Exploit:Java/CVE-2010-0840.OO file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
2012-03-29T09:53:58.424Z DETECTION_ADD Exploit:Java/CVE-2010-0840.OO file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Begin Resource Scan
Scan ID:{8F0D3710-841C-403C-8B34-1570EC38958A}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Result Count:1
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Extended Info:18144679787965
End Scan
************************************************************

2012-03-29T09:53:58.563Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
2012-03-29T09:53:58.574Z DETECTION_ADD TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Begin Resource Scan
Scan ID:{94D452AD-28ED-4BED-A1D6-15530C7E2689}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Result Count:1
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Extended Info:18144679787965
End Scan
************************************************************

2012-03-29T09:53:58.594Z DETECTION_MERGE TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
2012-03-29T09:53:58.596Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Begin Resource Scan
Scan ID:{ACBE73D5-6EB3-4267-80FD-387A50211C6C}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Result Count:1
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Extended Info:18144679787965
End Scan
************************************************************

2012-03-29T09:53:58.613Z DETECTION_MERGE TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
2012-03-29T09:53:58.616Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Begin Resource Scan
Scan ID:{91D73229-1D16-4FCC-9EF6-C6FD7C371A17}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:59
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Result Count:1
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Extended Info:18144679787965
End Scan
************************************************************

2012-03-29T09:53:59.189Z DETECTION_MERGE TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
2012-03-29T09:53:59.191Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Begin Resource Scan
Scan ID:{274EC0E0-72C1-46B2-B130-2A1A40035F2B}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:59
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:59
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Result Count:1
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Extended Info:18144679787965
End Scan
************************************************************

2012-03-29T09:53:59.208Z DETECTION_MERGE TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
2012-03-29T09:53:59.210Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Begin Resource Scan
Scan ID:{CE2FF670-C9AF-4351-89B1-E0BE24FADE72}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:59
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:59
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
Result Count:1
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
Extended Info:18144679787965
End Scan
************************************************************

2012-03-29T09:53:59.232Z DETECTION_MERGE TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
2012-03-29T09:53:59.234Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
2012-03-29T09:55:39.390Z Task(SpyNetService -RestrictPrivileges -AccessKey 6005110A-1D0B-F788-23AD-F56059A569A7) launched
Begin Resource Scan
Scan ID:{0806410E-1D7D-49D4-A067-B0CCD68607B2}
Scan Source:7
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:55
End Time:‎Wed ‎Mar ‎28 ‎2012 23:56:08
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->m.class
Result Count:1
Unknown File
Identifier:15592067180370329598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:5865317542712
End Scan
************************************************************

2012-03-29T10:04:00.608Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T10:04:00.628Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T10:04:18.072Z Task(SpyNetService -RestrictPrivileges -AccessKey F988F388-FFD1-1241-E9E6-60F9C33DF2B6) launched
2012-03-29T10:04:47.720Z DETECTION_MERGE Exploit:Java/CVE-2011-3544 containerfile:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
2012-03-29T10:04:47.721Z DETECTION_MERGE Exploit:Java/CVE-2011-3544 containerfile:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032
2012-03-29T10:04:47.721Z DETECTION_MERGE Exploit:Java/CVE-2011-3544 file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/umbro.class
2012-03-29T10:04:47.727Z DETECTIONEVENT Exploit:Java/CVE-2011-3544 containerfile:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da;containerfile:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/umbro.class
2012-03-29T10:04:47.740Z DETECTION_MERGE Exploit:Java/CVE-2010-0840.OO containerfile:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032
2012-03-29T10:04:47.742Z DETECTIONEVENT Exploit:Java/CVE-2010-0840.OO containerfile:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Begin Resource Scan
Scan ID:{9999E642-1658-43A7-BBF6-972C92E417FB}
Scan Source:6
Start Time:‎Thu ‎Mar ‎29 ‎2012 00:03:58
End Time:‎Thu ‎Mar ‎29 ‎2012 00:04:47
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
Result Count:4
Unknown File
Identifier:15592067180370329598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:5865317542712
Threat Name:Exploit:Java/CVE-2011-3544
ID:2147652517
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/umbro.class
Extended Info:18145297784333
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Extended Info:18144074319851
Resource Schema:containerfile
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032
Extended Info:0
Resource Schema:containerfile
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:0
Threat Name:Exploit:Java/CVE-2010-0840.OO
ID:2147653855
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Extended Info:18146082394177
Resource Schema:containerfile
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
Extended Info:18144679787965
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Extended Info:18144679787965
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Extended Info:18144679787965
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Extended Info:18144679787965
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Extended Info:18144679787965
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Extended Info:18144679787965
End Scan
************************************************************

Beginning threat actions
Start time:‎Thu ‎Mar ‎29 ‎2012 00:04:47
Threat Name:Unknown
Threat ID:15592067180370329598
Action:unknown
Threat Name:Exploit:Java/CVE-2011-3544
Threat ID:2147652517
Action:remove
Threat Name:Exploit:Java/CVE-2010-0840.OO
Threat ID:2147653855
Action:remove
Threat Name:TrojanDownloader:Java/OpenConnection
Threat ID:2147640002
Action:remove
File to act on SHA1:197AE20983A557A50B1CB749C8028CC6FF6D7310
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
Threat ID:2147640002
Resource refcount:1
Result:0
File to act on SHA1:197AE20983A557A50B1CB749C8028CC6FF6D7310
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Threat ID:2147640002
Resource refcount:1
Result:0
File to act on SHA1:197AE20983A557A50B1CB749C8028CC6FF6D7310
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Threat ID:2147640002
Resource refcount:1
Result:0
File to act on SHA1:197AE20983A557A50B1CB749C8028CC6FF6D7310
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Threat ID:2147640002
Resource refcount:1
Result:0
File to act on SHA1:197AE20983A557A50B1CB749C8028CC6FF6D7310
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Threat ID:2147640002
Resource refcount:1
Result:0
File to act on SHA1:197AE20983A557A50B1CB749C8028CC6FF6D7310
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Threat ID:2147640002
Resource refcount:1
Result:0
File to act on SHA1:E03749957B7749C2E5A9263153F6058FE9C387E3
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/umbro.class
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/umbro.class
Threat ID:2147652517
Resource refcount:1
Result:0
File to act on SHA1:BF152BBA3722525F2057B641A5CEC10567C32482
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Threat ID:2147653855
Resource refcount:1
Result:0
File to act on SHA1:5FB9DAAD45CA1187BDAAF8EEF0DA0A3C5D2848D2
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Threat ID:2147652517
Resource refcount:1
Result:0
Finished threat ID:2147640002
Threat result:0
Threat status flags:0
Finished threat ID:2147653855
Threat result:0
Threat status flags:0
Finished threat ID:2147652517
Threat result:0
Threat status flags:0
Finished threat ID:15592067180370329598
Threat result:0
Threat status flags:0
Finished threat actions
End time:‎Thu ‎Mar ‎29 ‎2012 00:04:49
Result:0
2012-03-29T10:04:51.504Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T10:04:51.522Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Begin Resource Scan
Scan ID:{79B51684-5A64-4192-8310-1356028AF0B3}
Scan Source:7
Start Time:‎Thu ‎Mar ‎29 ‎2012 00:04:47
End Time:‎Thu ‎Mar ‎29 ‎2012 00:04:50
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->META-INF/
Extended Info:35872925223583
End Scan
************************************************************

2012-03-29T10:45:32.545Z Task(SpyNetService -RestrictPrivileges -AccessKey 8AB35499-391D-D411-25F7-91B1F7CCFB16) launched
Begin Resource Scan
Scan ID:{472B465A-B3BF-4205-BFB2-E37DE751C4CD}
Scan Source:7
Start Time:‎Thu ‎Mar ‎29 ‎2012 00:45:21
End Time:‎Thu ‎Mar ‎29 ‎2012 00:46:02
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->m.class
Result Count:1
Unknown File
Identifier:2767383697387683838
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:5865317542712
End Scan
************************************************************

2012-03-29T10:47:40.278Z Cache Resizing**********Cache stats************
No. Of buckets -> 97
Each Bucket has max capacity of -> 128 entries
number of Entries is 10063
Number of invalid entries is 0
Number of Inserts issued is 10063
Number of replaces issued is 0
Number of Insert failures is 237
Number of lookups is 347499
Number of misses is 317414
Number of false fast lookups is 22324
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 798720

2012-03-29T11:41:04.641Z Cache Resizing**********Cache stats************
No. Of buckets -> 193
Each Bucket has max capacity of -> 128 entries
number of Entries is 19174
Number of invalid entries is 0
Number of Inserts issued is 19174
Number of replaces issued is 0
Number of Insert failures is 1493
Number of lookups is 504738
Number of misses is 444419
Number of false fast lookups is 30343
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 1585152

Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log, (c) 2006
Stopped On ‎Thu ‎Mar ‎29 ‎2012 06:32:57 (Exit Code = 0x0)
**********************************************************************Cache stats************
No. Of buckets -> 251
Each Bucket has max capacity of -> 128 entries
number of Entries is 21150
Number of invalid entries is 0
Number of Inserts issued is 21150
Number of replaces issued is 0
Number of Insert failures is 1512
Number of lookups is 516639
Number of misses is 450410
Number of false fast lookups is 30900
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 2060288

****************************RTP Perf Log***************************
RTP Start:‎Wed ‎Mar ‎28 ‎2012 22:43:25
Last Perf:‎Wed ‎Mar ‎28 ‎2012 22:43:25
First RTP Scan:‎Wed ‎Mar ‎28 ‎2012 22:43:25
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:5670
Misses:144577
BM Queue:36,248,0
Proc:25,224,0
File:11,165,0
Plugin Queue:0,2,0
Threat:0,2,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,1,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:152046
Pending:0
RegSize:13812
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2820434
AsyncQCurrent:0
BMFlags:3
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:5
TotalStreamCon:22494
TotalBitmap:63120
**************************END RTP Perf Log*************************




****************************RTP Perf Log***************************
RTP Start:‎Thu ‎Mar ‎29 ‎2012 06:32:58
Last Perf:‎Thu ‎Mar ‎29 ‎2012 06:32:58
First RTP Scan:N/A
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:0
Misses:0
BM Queue:26,0,0
Proc:18,0,0
File:8,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,2,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:152046
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2820434
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:5
TotalStreamCon:22496
TotalBitmap:63120
**************************END RTP Perf Log*************************




--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎Thu ‎Mar ‎29 ‎2012 06:33:48
**********************************************************************Cache stats************
No. Of buckets -> 251
Each Bucket has max capacity of -> 128 entries
number of Entries is 21150
Number of invalid entries is 0
Number of Inserts issued is 21150
Number of replaces issued is 0
Number of Insert failures is 1512
Number of lookups is 516639
Number of misses is 450410
Number of false fast lookups is 30900
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 2060288

2012-03-29T16:33:48.979Z Verifying RTP plugin...
2012-03-29T16:33:49.072Z verified!
2012-03-29T16:33:49.214Z Verifying Nis plugin...
2012-03-29T16:33:49.254Z verified!
2012-03-29T16:33:49.254Z Initializing Nis plugin state...
2012-03-29T16:33:49.254Z Nis initialized!
2012-03-29T16:33:49.254Z Loading engine...
2012-03-29T16:33:49.684Z Verifying engine module...
2012-03-29T16:33:50.274Z verified!
2012-03-29T16:33:57.081Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:282
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:1425
TotalBitmap:63120
**************************END RTP Perf Log*************************




2012-03-29T16:33:57.081Z initialized!
2012-03-29T16:33:57.081Z loaded!
2012-03-29T16:33:57.113Z Verifying license file...
2012-03-29T16:33:57.128Z verified!
2012-03-29T16:33:57.128Z Product supports installmode: 1
2012-03-29T16:33:57.222Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-29T16:33:57.269Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 1.1.8202.0
AS Signature Version: 1.123.636.0
AV Signature Version: 1.123.636.0
************************************************************
2012-03-29T16:33:57.877Z WAT report: machine genuine, state(1) error(0x0)
2012-03-29T16:33:57.955Z IWscAVStatus::UpdateStatus() failed to write instance with state(0) and up-to-date state(1):0x8000000a
2012-03-29T16:34:48.889Z Process scan started.
2012-03-29T16:34:53.070Z Process scan completed.
2012-03-29T16:36:10.087Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T16:36:10.103Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T16:38:57.423Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-03-29T16:38:57.423Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 68002573(ms) from now with period 86400000(ms)
2012-03-29T16:43:57.276Z AutoPurgeWorker triggered with dwWork=0x3
2012-03-29T16:43:57.276Z Product supports installmode: 1
2012-03-29T16:43:57.291Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-29T16:43:57.837Z Detection State: Finished(3) Failed(0) CriticalFailed(0) Additional Actions(0)
2012-03-29T16:43:58.071Z WAT report: machine genuine, state(1) error(0x0)
2012-03-29T17:09:17.752Z Task(SpyNetService -RestrictPrivileges -AccessKey 82000750-FAB3-18A3-740B-2CA93BAA14AE) launched
Begin Resource Scan
Scan ID:{B7134A4A-6808-44F5-8FE1-BB742E29F0B1}
Scan Source:7
Start Time:‎Thu ‎Mar ‎29 ‎2012 07:09:47
End Time:‎Thu ‎Mar ‎29 ‎2012 07:10:25
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Result Count:1
Unknown File
Identifier:2767383697387683838
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:5865317542712
End Scan
************************************************************

2012-03-29T18:34:48.311Z Cache Resizing**********Cache stats************
No. Of buckets -> 251
Each Bucket has max capacity of -> 128 entries
number of Entries is 24092
Number of invalid entries is 0
Number of Inserts issued is 24097
Number of replaces issued is 0
Number of Insert failures is 3018
Number of lookups is 674665
Number of misses is 569965
Number of false fast lookups is 43922
Number of invalidations is 5
Number of maintenance invalidations is 0
Current File Size is 2060288

2012-03-29T18:44:13.038Z Cache Resizing**********Cache stats************
No. Of buckets -> 293
Each Bucket has max capacity of -> 128 entries
number of Entries is 30294
Number of invalid entries is 0
Number of Inserts issued is 30299
Number of replaces issued is 0
Number of Insert failures is 3281
Number of lookups is 712297
Number of misses is 589252
Number of false fast lookups is 46221
Number of invalidations is 5
Number of maintenance invalidations is 0
Current File Size is 2404352

Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log, (c) 2006
Stopped On ‎Thu ‎Mar ‎29 ‎2012 08:52:43 (Exit Code = 0x0)
**********************************************************************Cache stats************
No. Of buckets -> 347
Each Bucket has max capacity of -> 128 entries
number of Entries is 31924
Number of invalid entries is 0
Number of Inserts issued is 31929
Number of replaces issued is 0
Number of Insert failures is 3408
Number of lookups is 722277
Number of misses is 594464
Number of false fast lookups is 46769
Number of invalidations is 5
Number of maintenance invalidations is 0
Current File Size is 2846720

****************************RTP Perf Log***************************
RTP Start:‎Thu ‎Mar ‎29 ‎2012 06:33:57
Last Perf:‎Thu ‎Mar ‎29 ‎2012 06:33:57
First RTP Scan:‎Thu ‎Mar ‎29 ‎2012 06:33:57
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:6344
Misses:3914
BM Queue:38,350,0
Proc:28,346,0
File:10,152,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,0,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:12373
Pending:0
RegSize:13812
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2207688
AsyncQCurrent:0
BMFlags:3
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:5
TotalStreamCon:5510
TotalBitmap:63120
**************************END RTP Perf Log*************************




****************************RTP Perf Log***************************
RTP Start:‎Thu ‎Mar ‎29 ‎2012 08:52:44
Last Perf:‎Thu ‎Mar ‎29 ‎2012 08:52:44
First RTP Scan:N/A
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:0
Misses:0
BM Queue:38,0,0
Proc:28,0,0
File:10,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:0,1,0
SetEngine:0,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:12373
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2207688
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:5
TotalStreamCon:5506
TotalBitmap:63120
**************************END RTP Perf Log*************************




--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎Thu ‎Mar ‎29 ‎2012 11:11:24
**********************************************************************Cache stats************
No. Of buckets -> 347
Each Bucket has max capacity of -> 128 entries
number of Entries is 31924
Number of invalid entries is 0
Number of Inserts issued is 31929
Number of replaces issued is 0
Number of Insert failures is 3408
Number of lookups is 722277
Number of misses is 594464
Number of false fast lookups is 46769
Number of invalidations is 5
Number of maintenance invalidations is 0
Current File Size is 2846720

2012-03-29T21:11:24.597Z Verifying RTP plugin...
2012-03-29T21:11:24.660Z verified!
2012-03-29T21:11:25.096Z Verifying Nis plugin...
2012-03-29T21:11:25.096Z verified!
2012-03-29T21:11:25.096Z Initializing Nis plugin state...
2012-03-29T21:11:25.096Z Nis initialized!
2012-03-29T21:11:25.112Z Loading engine...
2012-03-29T21:11:25.267Z Verifying engine module...
2012-03-29T21:11:25.497Z verified!
2012-03-29T21:11:31.748Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:1128
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:941
TotalBitmap:63120
**************************END RTP Perf Log*************************




2012-03-29T21:11:31.748Z initialized!
2012-03-29T21:11:31.748Z loaded!
2012-03-29T21:11:31.794Z Verifying license file...
2012-03-29T21:11:31.794Z verified!
2012-03-29T21:11:31.794Z Product supports installmode: 1
2012-03-29T21:11:31.826Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-29T21:11:31.857Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 1.1.8202.0
AS Signature Version: 1.123.636.0
AV Signature Version: 1.123.636.0
************************************************************
2012-03-29T21:11:32.123Z IWscAVStatus::UpdateStatus() failed to write instance with state(0) and up-to-date state(1):0x8000000a
2012-03-29T21:11:39.769Z WAT report: machine genuine, state(1) error(0x0)
2012-03-29T21:12:24.588Z Process scan started.
2012-03-29T21:12:27.318Z Process scan completed.
2012-03-29T21:13:53.882Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T21:13:53.929Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T21:16:32.002Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-03-29T21:16:32.002Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 54086782(ms) from now with period 86400000(ms)
2012-03-29T21:21:31.859Z AutoPurgeWorker triggered with dwWork=0x3
2012-03-29T21:21:31.859Z Product supports installmode: 1
2012-03-29T21:21:32.015Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-29T21:21:32.233Z Detection State: Finished(3) Failed(0) CriticalFailed(0) Additional Actions(0)
2012-03-29T21:21:32.639Z WAT report: machine genuine, state(1) error(0x0)
2012-03-29T23:32:26.768Z Task(SignaturesUpdateService -UnmanagedUpdate) launched
2012-03-29T23:33:20.901Z Verifying engine module...
2012-03-29T23:33:21.026Z verified!
2012-03-29T23:33:36.815Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:‎Thu ‎Mar ‎29 ‎2012 11:11:31
Last Perf:‎Thu ‎Mar ‎29 ‎2012 11:11:31
First RTP Scan:‎Thu ‎Mar ‎29 ‎2012 11:11:31
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:2340
Misses:2890
BM Queue:0,670,0
Proc:0,650,0
File:0,121,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,0,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:6879
Pending:0
RegSize:13812
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2009190
AsyncQCurrent:0
BMFlags:3
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:4756
TotalBitmap:63120
**************************END RTP Perf Log*************************




2012-03-29T23:33:36.815Z initialized!
Signature updated on ‎Thu ‎Mar ‎29 ‎2012 13:33:36
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 1.1.8202.0
AS Signature Version: 1.123.708.0
AV Signature Version: 1.123.708.0
************************************************************
2012-03-29T23:33:36.831Z Process scan started.
Signature updated via MicrosoftUpdateServer on ‎Thu ‎Mar ‎29 ‎2012 13:33:37
************************************************************
2012-03-29T23:33:39.030Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T23:33:39.046Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T23:33:47.111Z Process scan completed.
2012-03-29T23:39:19.365Z Task(SpyNetService -RestrictPrivileges -AccessKey 176A95EF-DB7B-490B-B8F7-44BB511EE9B6) launched
Begin Resource Scan
Scan ID:{1CDB0576-6A7B-4D1C-B4A7-36E43BF8EAD7}
Scan Source:7
Start Time:‎Thu ‎Mar ‎29 ‎2012 13:39:01
End Time:‎Thu ‎Mar ‎29 ‎2012 13:39:49
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->m.class
Result Count:1
Unknown File
Identifier:2767383697387683838
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:5865317542712
End Scan
************************************************************

2012-03-29T23:42:57.320Z Task(SpyNetService -RestrictPrivileges -AccessKey 9E954340-BD2F-8222-72FC-B0A95167C6FA) launched
Begin Resource Scan
Scan ID:{0F65F182-225D-410A-92CC-9B49476A5322}
Scan Source:7
Start Time:‎Thu ‎Mar ‎29 ‎2012 13:43:26
End Time:‎Thu ‎Mar ‎29 ‎2012 13:43:26
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->META-INF/
Extended Info:35872925223583
End Scan
************************************************************


BEGIN BM detection
GUID:{A4FDCFDE-4118-9169-1CD0670C4253B557}
DetectionName:Behavior:Win32/InjectedRemoteThread
SignatureID:199782661703945
ProcessID:3056
SessionID:1
CreationTime:‎Thu ‎Mar ‎29 ‎2012 15:06:05
ImagePath:C:\Windows\SysWOW64\GPhotos.scr
ImagePathHash:2A2EDEEE7652305E764F89D0DCC4499CB9E9DD4C5490C9140895DE2BD5CCE0EA
TargetFileName:C:\Windows\System32\csrss.exe
END BM detection

2012-03-30T01:06:08.132Z Task(SpyNetService -RestrictPrivileges -AccessKey 94D9E703-308B-66EF-011C-8A1BEFCAB9A8) launched
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log, (c) 2006
Stopped On ‎Thu ‎Mar ‎29 ‎2012 15:49:29 (Exit Code = 0x0)
**********************************************************************Cache stats************
No. Of buckets -> 347
Each Bucket has max capacity of -> 128 entries
number of Entries is 31944
Number of invalid entries is 0
Number of Inserts issued is 31953
Number of replaces issued is 0
Number of Insert failures is 3408
Number of lookups is 744141
Number of misses is 611107
Number of false fast lookups is 48521
Number of invalidations is 9
Number of maintenance invalidations is 0
Current File Size is 2846720

****************************RTP Perf Log***************************
RTP Start:‎Thu ‎Mar ‎29 ‎2012 13:33:36
Last Perf:‎Thu ‎Mar ‎29 ‎2012 13:33:36
First RTP Scan:‎Thu ‎Mar ‎29 ‎2012 13:33:36
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:1771
Misses:5234
BM Queue:17,516,0
Proc:10,515,0
File:7,67,0
Plugin Queue:0,1,0
Threat:0,1,0
Susp:0,1,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,0,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:15519
Pending:0
RegSize:15956
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:3776330
AsyncQCurrent:0
BMFlags:3
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:7963
TotalBitmap:63120
**************************END RTP Perf Log*************************




****************************RTP Perf Log***************************
RTP Start:‎Thu ‎Mar ‎29 ‎2012 15:49:30
Last Perf:‎Thu ‎Mar ‎29 ‎2012 15:49:29
First RTP Scan:N/A
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:0
Misses:0
BM Queue:17,0,0
Proc:10,0,0
File:7,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:0,1,0
SetEngine:0,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:15519
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:3776330
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:7964
TotalBitmap:63120
**************************END RTP Perf Log*************************




--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎Thu ‎Mar ‎29 ‎2012 22:04:19
**********************************************************************Cache stats************
No. Of buckets -> 347
Each Bucket has max capacity of -> 128 entries
number of Entries is 31944
Number of invalid entries is 0
Number of Inserts issued is 31953
Number of replaces issued is 0
Number of Insert failures is 3408
Number of lookups is 744141
Number of misses is 611107
Number of false fast lookups is 48521
Number of invalidations is 9
Number of maintenance invalidations is 0
Current File Size is 2846720

2012-03-30T08:04:19.842Z Verifying RTP plugin...
2012-03-30T08:04:19.932Z verified!
2012-03-30T08:04:20.102Z Verifying Nis plugin...
2012-03-30T08:04:20.122Z verified!
2012-03-30T08:04:20.122Z Initializing Nis plugin state...
2012-03-30T08:04:20.122Z Loading engine...
2012-03-30T08:04:20.122Z Nis initialized!
2012-03-30T08:04:20.302Z Verifying engine module...
2012-03-30T08:04:20.512Z verified!
2012-03-30T08:04:22.272Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:848
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:656
TotalBitmap:63120
**************************END RTP Perf Log*************************




2012-03-30T08:04:22.272Z initialized!
2012-03-30T08:04:22.272Z loaded!
2012-03-30T08:04:22.322Z Verifying license file...
2012-03-30T08:04:22.332Z verified!
2012-03-30T08:04:22.332Z Product supports installmode: 1
2012-03-30T08:04:22.362Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-30T08:04:22.372Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 1.1.8202.0
AS Signature Version: 1.123.708.0
AV Signature Version: 1.123.708.0
************************************************************
2012-03-30T08:04:32.920Z IWscAVStatus::UpdateStatus() failed to write instance with state(0) and up-to-date state(1):0x8000000a
2012-03-30T08:04:39.347Z WAT report: machine genuine, state(1) error(0x0)
2012-03-30T08:05:19.782Z Process scan started.
2012-03-30T08:05:22.169Z Process scan completed.
2012-03-30T08:07:03.829Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-30T08:07:03.860Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-30T08:09:22.544Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-03-30T08:09:22.544Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 13644269(ms) from now with period 86400000(ms)
2012-03-30T08:14:22.378Z AutoPurgeWorker triggered with dwWork=0x3
2012-03-30T08:14:22.378Z Product supports installmode: 1
2012-03-30T08:14:22.409Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-30T08:14:23.080Z Detection State: Finished(3) Failed(0) CriticalFailed(0) Additional Actions(0)
2012-03-30T08:14:23.189Z WAT report: machine genuine, state(1) error(0x0)
2012-03-30T17:06:02.303Z AutoPurgeWorker triggered with dwWork=0x100002
2012-03-30T17:06:02.303Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 68194811(ms) from now with period 86400000(ms)

BEGIN BM detection
GUID:{ED80191E-011A-20F0-EA4E12269C9CC2F2}
DetectionName:Behavior:Win32/InjectedRemoteThread
SignatureID:199782661703945
ProcessID:5240
SessionID:1
CreationTime:‎Fri ‎Mar ‎30 ‎2012 07:08:36
ImagePath:C:\Windows\SysWOW64\GPhotos.scr
ImagePathHash:2A2EDEEE7652305E764F89D0DCC4499CB9E9DD4C5490C9140895DE2BD5CCE0EA
TargetFileName:C:\Windows\System32\csrss.exe
END BM detection

Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log, (c) 2006
Stopped On ‎Fri ‎Mar ‎30 ‎2012 09:41:01 (Exit Code = 0x0)
**********************************************************************Cache stats************
No. Of buckets -> 347
Each Bucket has max capacity of -> 128 entries
number of Entries is 31951
Number of invalid entries is 0
Number of Inserts issued is 31962
Number of replaces issued is 0
Number of Insert failures is 3408
Number of lookups is 760722
Number of misses is 618081
Number of false fast lookups is 49219
Number of invalidations is 11
Number of maintenance invalidations is 0
Current File Size is 2846720

****************************RTP Perf Log***************************
RTP Start:‎Thu ‎Mar ‎29 ‎2012 22:04:22
Last Perf:‎Thu ‎Mar ‎29 ‎2012 22:04:22
First RTP Scan:‎Thu ‎Mar ‎29 ‎2012 22:04:22
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:2682
Misses:3088
BM Queue:27,317,0
Proc:17,309,0
File:10,72,0
Plugin Queue:0,1,0
Threat:0,0,0
Susp:0,1,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,0,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:9055
Pending:0
RegSize:13812
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:3399022
AsyncQCurrent:0
BMFlags:3
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:3697
TotalBitmap:63120
**************************END RTP Perf Log*************************




****************************RTP Perf Log***************************
RTP Start:‎Fri ‎Mar ‎30 ‎2012 09:41:02
Last Perf:‎Fri ‎Mar ‎30 ‎2012 09:41:01
First RTP Scan:N/A
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:0
Misses:0
BM Queue:1,0,0
Proc:0,0,0
File:1,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:9055
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:3399022
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:3697
TotalBitmap:63120
**************************END RTP Perf Log*************************




--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎Fri ‎Mar ‎30 ‎2012 11:39:49
**********************************************************************Cache stats************
No. Of buckets -> 347
Each Bucket has max capacity of -> 128 entries
number of Entries is 31951
Number of invalid entries is 0
Number of Inserts issued is 31962
Number of replaces issued is 0
Number of Insert failures is 3408
Number of lookups is 760722
Number of misses is 618081
Number of false fast lookups is 49219
Number of invalidations is 11
Number of maintenance invalidations is 0
Current File Size is 2846720

2012-03-30T21:39:50.516Z Verifying RTP plugin...
2012-03-30T21:39:50.586Z verified!
2012-03-30T21:39:51.076Z Verifying Nis plugin...
2012-03-30T21:39:51.076Z verified!
2012-03-30T21:39:51.076Z Initializing Nis plugin state...
2012-03-30T21:39:51.076Z Nis initialized!
2012-03-30T21:39:51.076Z Loading engine...
2012-03-30T21:39:51.276Z Verifying engine module...
2012-03-30T21:39:51.516Z verified!
2012-03-30T21:39:53.457Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:0
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:904
TotalBitmap:63120
**************************END RTP Perf Log*************************




2012-03-30T21:39:53.457Z initialized!
2012-03-30T21:39:53.457Z loaded!
2012-03-30T21:39:53.487Z Verifying license file...
2012-03-30T21:39:53.487Z verified!
2012-03-30T21:39:53.487Z Product supports installmode: 1
2012-03-30T21:39:58.109Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-30T21:39:58.125Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 1.1.8202.0
AS Signature Version: 1.123.708.0
AV Signature Version: 1.123.708.0
************************************************************
2012-03-30T21:40:04.209Z IWscAVStatus::UpdateStatus() failed to write instance with state(0) and up-to-date state(1):0x8000000a
2012-03-30T21:40:09.092Z WAT report: machine genuine, state(1) error(0x0)
2012-03-30T21:40:50.533Z Process scan started.
2012-03-30T21:40:55.182Z Process scan completed.
2012-03-30T21:42:34.493Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-30T21:42:34.524Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-30T21:44:58.326Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-03-30T21:44:58.326Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is sched
_________________
If we are to achieve results never before accomplished, we must expect to employ methods never before attempted.
Back to top
View user's profile Send private message Yahoo Messenger
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283
PostPosted: Sat Mar 31, 2012 4:03 am    Post subject: Reply with quote
Hi Pbarton :

Quote:
The file path is C:\ProgramData\Microsoft\Microsoft Antimalware\Support.

Thanks for the info.

Please post also:
Eset online scanning result
New DDS log
An update on your problems


Thanks,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Pbarton
Junior Member


Joined: 12 Aug 2005
Last Visit: 19 Jul 2012
Posts: 25
Location: Hawaii
PostPosted: Sat Mar 31, 2012 7:58 pm    Post subject: Reply with quote
Hi Torreattack,

I’m still getting wyUpate prompts when I exit Tweetdeck. User Account Control is blocking it and I am checking “no” for its access request. I suspect that is keeping it from spreading further. Regarding program uninstalls, Java Auto Updater is not listed so it was not removed. I successfully removed the other two programs and installed the new Java. All the news logs are below. Thanks again.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ee2ec138bd4a7342a18fd62a63e82016
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-31 07:10:55
# local_time=2012-03-31 09:10:55 (-1000, Hawaiian Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 84757860 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=174190
# found=2
# cleaned=0
# scan_time=6645
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032 Java/Agent.EA trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ee2ec138bd4a7342a18fd62a63e82016
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-31 08:58:41
# local_time=2012-03-31 10:58:41 (-1000, Hawaiian Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 84770958 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=95
# found=0
# cleaned=0
# scan_time=13
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ee2ec138bd4a7342a18fd62a63e82016
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-01 01:47:15
# local_time=2012-03-31 03:47:15 (-1000, Hawaiian Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 84771036 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=174215
# found=2
# cleaned=0
# scan_time=17249
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032 Java/Agent.EA trojan (unable to clean) 00000000000000000000000000000000 I



2012-03-29T08:41:48.030Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2012-03-29T08:41:48.438Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 0.0.0.0 AS 0.0.0.0 AV 0.0.0.0
2012-03-29T08:43:25.653Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.8202.0 AS 1.123.636.0 AV 1.123.636.0
2012-03-29T09:53:57.141Z DETECTION Exploit:Java/CVE-2011-3544 file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
2012-03-29T09:53:58.425Z DETECTION Exploit:Java/CVE-2010-0840.OO file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
2012-03-29T09:53:58.575Z DETECTION TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
2012-03-29T09:53:58.595Z DETECTION TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
2012-03-29T09:53:58.613Z DETECTION TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
2012-03-29T09:53:59.190Z DETECTION TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
2012-03-29T09:53:59.208Z DETECTION TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
2012-03-29T09:53:59.233Z DETECTION TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
2012-03-29T10:04:47.722Z DETECTION Exploit:Java/CVE-2011-3544 file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/umbro.class
2012-03-29T16:32:57.622Z Service stopped with exit code 0x0
2012-03-29T16:33:48.682Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2012-03-29T16:33:57.284Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.8202.0 AS 1.123.636.0 AV 1.123.636.0
2012-03-29T18:52:43.644Z Service stopped with exit code 0x0
2012-03-29T21:11:24.394Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2012-03-29T21:11:31.872Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.8202.0 AS 1.123.636.0 AV 1.123.636.0
2012-03-29T23:33:36.815Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.8202.0 AS 1.123.708.0 AV 1.123.708.0
2012-03-30T01:49:29.775Z Service stopped with exit code 0x0
2012-03-30T08:04:19.457Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2012-03-30T08:04:22.392Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.8202.0 AS 1.123.708.0 AV 1.123.708.0
2012-03-30T19:41:01.263Z Service stopped with exit code 0x0
2012-03-30T21:39:49.691Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2012-03-30T21:39:58.125Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.8202.0 AS 1.123.708.0 AV 1.123.708.0
2012-03-30T22:10:09.630Z Service stopped with exit code 0x0
2012-03-31T05:48:43.644Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2012-03-31T05:48:53.337Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.8202.0 AS 1.123.708.0 AV 1.123.708.0
2012-03-31T06:01:48.763Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.8202.0 AS 1.123.818.0 AV 1.123.818.0
2012-03-31T08:05:02.567Z Service stopped with exit code 0x0
2012-03-31T08:06:09.629Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2012-03-31T08:06:12.575Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.8202.0 AS 1.123.818.0 AV 1.123.818.0
2012-04-01T03:29:07.255Z Service stopped with exit code 0x0
2012-04-01T03:30:11.720Z Service started - Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094)
2012-04-01T03:30:15.336Z Version: Product 3.0.8402.0 Service 3.0.8402.0 Engine 1.1.8202.0 AS 1.123.818.0 AV 1.123.818.0


--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎Wed ‎Mar ‎28 ‎2012 22:41:48
**********************************************************************Cache stats************
No. Of buckets -> 53
Each Bucket has max capacity of -> 128 entries
number of Entries is 0
Number of invalid entries is 0
Number of Inserts issued is 0
Number of replaces issued is 0
Number of Insert failures is 0
Number of lookups is 0
Number of misses is 0
Number of false fast lookups is 0
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 438272

2012-03-29T08:41:48.181Z Verifying RTP plugin...
2012-03-29T08:41:48.255Z verified!
2012-03-29T08:41:48.315Z Verifying Nis plugin...
2012-03-29T08:41:48.325Z verified!
2012-03-29T08:41:48.351Z Initializing Nis plugin state...
2012-03-29T08:41:48.352Z Nis initialized!
2012-03-29T08:41:48.358Z Loading engine...
2012-03-29T08:41:48.360Z loaded!
2012-03-29T08:41:48.377Z Verifying license file...
2012-03-29T08:41:48.380Z Resetting Cache
2012-03-29T08:41:48.381Z Disabling cache because the SetOrValidateChangeJournalId operation didnt succeed with 0x80501002
2012-03-29T08:41:48.382Z Cache Disabled
2012-03-29T08:41:48.388Z verified!
2012-03-29T08:41:48.389Z Product supports installmode: 1
2012-03-29T08:41:48.431Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-29T08:41:48.434Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 0.0.0.0
AS Signature Version: 0.0.0.0
AV Signature Version: 0.0.0.0
************************************************************
2012-03-29T08:41:48.638Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:41:48.687Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:41:48.817Z WAT report: machine genuine, state(1) error(0x0)
2012-03-29T08:41:50.708Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:41:50.725Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:41:52.748Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:41:52.766Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:41:59.049Z Task(SignaturesUpdateService -UnmanagedUpdate) launched
2012-03-29T08:43:19.140Z Verifying engine module...
2012-03-29T08:43:19.267Z verified!
2012-03-29T08:43:25.578Z Cache Enabled
2012-03-29T08:43:25.619Z
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,1,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:0
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:366
TotalBitmap:63120
**************************END RTP Perf Log*************************



Initializing RTP plugin state...
2012-03-29T08:43:25.623Z initialized!
Signature updated on ‎Wed ‎Mar ‎28 ‎2012 22:43:25
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 1.1.8202.0
AS Signature Version: 1.123.636.0
AV Signature Version: 1.123.636.0
************************************************************
2012-03-29T08:43:25.719Z Process scan started.
2012-03-29T08:43:27.661Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0) and up-to-date state(1)
2012-03-29T08:43:27.679Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0) and up-to-date state(1)
2012-03-29T08:43:29.698Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (0) and up-to-date state(1)
2012-03-29T08:43:29.716Z IWscASStatus::UpdateStatus() succceeded writing instance with state (0) and up-to-date state(1)
2012-03-29T08:43:48.586Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:48.606Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:50.627Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:50.645Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:52.665Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:52.683Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:54.703Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T08:43:54.720Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Signature updated via MicrosoftUpdateServer on ‎Wed ‎Mar ‎28 ‎2012 22:43:58
************************************************************
2012-03-29T08:46:05.908Z Process scan completed.
2012-03-29T08:46:48.560Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-03-29T08:46:48.561Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 12474838(ms) from now with period 86400000(ms)
2012-03-29T08:51:48.435Z AutoPurgeWorker triggered with dwWork=0x3
2012-03-29T08:51:48.436Z Product supports installmode: 1
2012-03-29T08:51:48.758Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-29T08:51:48.777Z Detection State: Finished(0) Failed(0) CriticalFailed(0) Additional Actions(0)
2012-03-29T08:51:49.320Z WAT report: machine genuine, state(1) error(0x0)
2012-03-29T08:53:46.522Z Process scan started.
2012-03-29T08:54:32.203Z Process scan completed.
2012-03-29T08:59:02.599Z Cache Resizing**********Cache stats************
No. Of buckets -> 53
Each Bucket has max capacity of -> 128 entries
number of Entries is 5595
Number of invalid entries is 0
Number of Inserts issued is 5595
Number of replaces issued is 0
Number of Insert failures is 229
Number of lookups is 39352
Number of misses is 20743
Number of false fast lookups is 957
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 438272

2012-03-29T09:05:46.231Z First Scan Completed
2012-03-29T09:05:46.231Z MOAC capability telemetry: 0,0,CNTFS3E0x155
2012-03-29T09:05:46.262Z MOAC capability telemetry sent with hr = 0x0.
Begin Resource Scan
Scan ID:{839CCD09-400C-4A86-8C5B-A1D40B1A0D30}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:55
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:56
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Result Count:2
Unknown File
Identifier:15592067180370329598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:5865317542712
Threat Name:Exploit:Java/CVE-2011-3544
ID:2147652517
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Extended Info:18144074319851
Resource Schema:containerfile
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:0
End Scan
************************************************************

2012-03-29T09:53:56.887Z DETECTIONEVENT Exploit:Java/CVE-2011-3544 file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
2012-03-29T09:53:57.140Z DETECTION_ADD Exploit:Java/CVE-2011-3544 file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Begin Resource Scan
Scan ID:{DD8876F9-19C3-4C82-AB76-E0B4C3011687}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:57
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Result Count:2
Threat Name:Exploit:Java/CVE-2010-0840.OO
ID:2147653855
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Extended Info:18146082394177
Resource Schema:containerfile
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032
Extended Info:0
Threat Name:Exploit:Java/CVE-2011-3544
ID:2147652517
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/umbro.class
Extended Info:18145297784333
Resource Schema:containerfile
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032
Extended Info:0
End Scan
************************************************************

2012-03-29T09:53:58.420Z DETECTIONEVENT Exploit:Java/CVE-2010-0840.OO file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
2012-03-29T09:53:58.424Z DETECTION_ADD Exploit:Java/CVE-2010-0840.OO file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Begin Resource Scan
Scan ID:{8F0D3710-841C-403C-8B34-1570EC38958A}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Result Count:1
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Extended Info:18144679787965
End Scan
************************************************************

2012-03-29T09:53:58.563Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
2012-03-29T09:53:58.574Z DETECTION_ADD TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Begin Resource Scan
Scan ID:{94D452AD-28ED-4BED-A1D6-15530C7E2689}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Result Count:1
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Extended Info:18144679787965
End Scan
************************************************************

2012-03-29T09:53:58.594Z DETECTION_MERGE TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
2012-03-29T09:53:58.596Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Begin Resource Scan
Scan ID:{ACBE73D5-6EB3-4267-80FD-387A50211C6C}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Result Count:1
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Extended Info:18144679787965
End Scan
************************************************************

2012-03-29T09:53:58.613Z DETECTION_MERGE TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
2012-03-29T09:53:58.616Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Begin Resource Scan
Scan ID:{91D73229-1D16-4FCC-9EF6-C6FD7C371A17}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:58
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:59
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Result Count:1
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Extended Info:18144679787965
End Scan
************************************************************

2012-03-29T09:53:59.189Z DETECTION_MERGE TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
2012-03-29T09:53:59.191Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Begin Resource Scan
Scan ID:{274EC0E0-72C1-46B2-B130-2A1A40035F2B}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:59
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:59
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Result Count:1
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Extended Info:18144679787965
End Scan
************************************************************

2012-03-29T09:53:59.208Z DETECTION_MERGE TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
2012-03-29T09:53:59.210Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Begin Resource Scan
Scan ID:{CE2FF670-C9AF-4351-89B1-E0BE24FADE72}
Scan Source:3
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:59
End Time:‎Wed ‎Mar ‎28 ‎2012 23:53:59
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
Result Count:1
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
Extended Info:18144679787965
End Scan
************************************************************

2012-03-29T09:53:59.232Z DETECTION_MERGE TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
2012-03-29T09:53:59.234Z DETECTIONEVENT TrojanDownloader:Java/OpenConnection file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
2012-03-29T09:55:39.390Z Task(SpyNetService -RestrictPrivileges -AccessKey 6005110A-1D0B-F788-23AD-F56059A569A7) launched
Begin Resource Scan
Scan ID:{0806410E-1D7D-49D4-A067-B0CCD68607B2}
Scan Source:7
Start Time:‎Wed ‎Mar ‎28 ‎2012 23:53:55
End Time:‎Wed ‎Mar ‎28 ‎2012 23:56:08
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->m.class
Result Count:1
Unknown File
Identifier:15592067180370329598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:5865317542712
End Scan
************************************************************

2012-03-29T10:04:00.608Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T10:04:00.628Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T10:04:18.072Z Task(SpyNetService -RestrictPrivileges -AccessKey F988F388-FFD1-1241-E9E6-60F9C33DF2B6) launched
2012-03-29T10:04:47.720Z DETECTION_MERGE Exploit:Java/CVE-2011-3544 containerfile:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
2012-03-29T10:04:47.721Z DETECTION_MERGE Exploit:Java/CVE-2011-3544 containerfile:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032
2012-03-29T10:04:47.721Z DETECTION_MERGE Exploit:Java/CVE-2011-3544 file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/umbro.class
2012-03-29T10:04:47.727Z DETECTIONEVENT Exploit:Java/CVE-2011-3544 containerfile:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da;containerfile:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/umbro.class
2012-03-29T10:04:47.740Z DETECTION_MERGE Exploit:Java/CVE-2010-0840.OO containerfile:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032
2012-03-29T10:04:47.742Z DETECTIONEVENT Exploit:Java/CVE-2010-0840.OO containerfile:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032;file:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Begin Resource Scan
Scan ID:{9999E642-1658-43A7-BBF6-972C92E417FB}
Scan Source:6
Start Time:‎Thu ‎Mar ‎29 ‎2012 00:03:58
End Time:‎Thu ‎Mar ‎29 ‎2012 00:04:47
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Explicit resource to scan
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
Result Count:4
Unknown File
Identifier:15592067180370329598
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:5865317542712
Threat Name:Exploit:Java/CVE-2011-3544
ID:2147652517
Severity:5
Number of Resources:4
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/umbro.class
Extended Info:18145297784333
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Extended Info:18144074319851
Resource Schema:containerfile
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032
Extended Info:0
Resource Schema:containerfile
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:0
Threat Name:Exploit:Java/CVE-2010-0840.OO
ID:2147653855
Severity:5
Number of Resources:2
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Extended Info:18146082394177
Resource Schema:containerfile
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032
Extended Info:0
Threat Name:TrojanDownloader:Java/OpenConnection
ID:2147640002
Severity:5
Number of Resources:6
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
Extended Info:18144679787965
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Extended Info:18144679787965
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Extended Info:18144679787965
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Extended Info:18144679787965
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Extended Info:18144679787965
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Extended Info:18144679787965
End Scan
************************************************************

Beginning threat actions
Start time:‎Thu ‎Mar ‎29 ‎2012 00:04:47
Threat Name:Unknown
Threat ID:15592067180370329598
Action:unknown
Threat Name:Exploit:Java/CVE-2011-3544
Threat ID:2147652517
Action:remove
Threat Name:Exploit:Java/CVE-2010-0840.OO
Threat ID:2147653855
Action:remove
Threat Name:TrojanDownloader:Java/OpenConnection
Threat ID:2147640002
Action:remove
File to act on SHA1:197AE20983A557A50B1CB749C8028CC6FF6D7310
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-7a089ede
Threat ID:2147640002
Resource refcount:1
Result:0
File to act on SHA1:197AE20983A557A50B1CB749C8028CC6FF6D7310
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-64feec20
Threat ID:2147640002
Resource refcount:1
Result:0
File to act on SHA1:197AE20983A557A50B1CB749C8028CC6FF6D7310
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-5de46c40
Threat ID:2147640002
Resource refcount:1
Result:0
File to act on SHA1:197AE20983A557A50B1CB749C8028CC6FF6D7310
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-4843ad38
Threat ID:2147640002
Resource refcount:1
Result:0
File to act on SHA1:197AE20983A557A50B1CB749C8028CC6FF6D7310
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-42af38ec
Threat ID:2147640002
Resource refcount:1
Result:0
File to act on SHA1:197AE20983A557A50B1CB749C8028CC6FF6D7310
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\4c6388fd-41bef862
Threat ID:2147640002
Resource refcount:1
Result:0
File to act on SHA1:E03749957B7749C2E5A9263153F6058FE9C387E3
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/umbro.class
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/umbro.class
Threat ID:2147652517
Resource refcount:1
Result:0
File to act on SHA1:BF152BBA3722525F2057B641A5CEC10567C32482
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\1ffb66bb-298bb032->xmltree/alpina.class
Threat ID:2147653855
Resource refcount:1
Result:0
File to act on SHA1:5FB9DAAD45CA1187BDAAF8EEF0DA0A3C5D2848D2
File cleaned/removed successfully
File Name:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Resource action complete:Removal
Schema:file
Path:\\?\C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->morale.class
Threat ID:2147652517
Resource refcount:1
Result:0
Finished threat ID:2147640002
Threat result:0
Threat status flags:0
Finished threat ID:2147653855
Threat result:0
Threat status flags:0
Finished threat ID:2147652517
Threat result:0
Threat status flags:0
Finished threat ID:15592067180370329598
Threat result:0
Threat status flags:0
Finished threat actions
End time:‎Thu ‎Mar ‎29 ‎2012 00:04:49
Result:0
2012-03-29T10:04:51.504Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T10:04:51.522Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
Begin Resource Scan
Scan ID:{79B51684-5A64-4192-8310-1356028AF0B3}
Scan Source:7
Start Time:‎Thu ‎Mar ‎29 ‎2012 00:04:47
End Time:‎Thu ‎Mar ‎29 ‎2012 00:04:50
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->META-INF/
Extended Info:35872925223583
End Scan
************************************************************

2012-03-29T10:45:32.545Z Task(SpyNetService -RestrictPrivileges -AccessKey 8AB35499-391D-D411-25F7-91B1F7CCFB16) launched
Begin Resource Scan
Scan ID:{472B465A-B3BF-4205-BFB2-E37DE751C4CD}
Scan Source:7
Start Time:‎Thu ‎Mar ‎29 ‎2012 00:45:21
End Time:‎Thu ‎Mar ‎29 ‎2012 00:46:02
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->m.class
Result Count:1
Unknown File
Identifier:2767383697387683838
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:5865317542712
End Scan
************************************************************

2012-03-29T10:47:40.278Z Cache Resizing**********Cache stats************
No. Of buckets -> 97
Each Bucket has max capacity of -> 128 entries
number of Entries is 10063
Number of invalid entries is 0
Number of Inserts issued is 10063
Number of replaces issued is 0
Number of Insert failures is 237
Number of lookups is 347499
Number of misses is 317414
Number of false fast lookups is 22324
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 798720

2012-03-29T11:41:04.641Z Cache Resizing**********Cache stats************
No. Of buckets -> 193
Each Bucket has max capacity of -> 128 entries
number of Entries is 19174
Number of invalid entries is 0
Number of Inserts issued is 19174
Number of replaces issued is 0
Number of Insert failures is 1493
Number of lookups is 504738
Number of misses is 444419
Number of false fast lookups is 30343
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 1585152

Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log, (c) 2006
Stopped On ‎Thu ‎Mar ‎29 ‎2012 06:32:57 (Exit Code = 0x0)
**********************************************************************Cache stats************
No. Of buckets -> 251
Each Bucket has max capacity of -> 128 entries
number of Entries is 21150
Number of invalid entries is 0
Number of Inserts issued is 21150
Number of replaces issued is 0
Number of Insert failures is 1512
Number of lookups is 516639
Number of misses is 450410
Number of false fast lookups is 30900
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 2060288

****************************RTP Perf Log***************************
RTP Start:‎Wed ‎Mar ‎28 ‎2012 22:43:25
Last Perf:‎Wed ‎Mar ‎28 ‎2012 22:43:25
First RTP Scan:‎Wed ‎Mar ‎28 ‎2012 22:43:25
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:5670
Misses:144577
BM Queue:36,248,0
Proc:25,224,0
File:11,165,0
Plugin Queue:0,2,0
Threat:0,2,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,1,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:152046
Pending:0
RegSize:13812
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2820434
AsyncQCurrent:0
BMFlags:3
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:5
TotalStreamCon:22494
TotalBitmap:63120
**************************END RTP Perf Log*************************




****************************RTP Perf Log***************************
RTP Start:‎Thu ‎Mar ‎29 ‎2012 06:32:58
Last Perf:‎Thu ‎Mar ‎29 ‎2012 06:32:58
First RTP Scan:N/A
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:0
Misses:0
BM Queue:26,0,0
Proc:18,0,0
File:8,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,2,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:152046
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2820434
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:5
TotalStreamCon:22496
TotalBitmap:63120
**************************END RTP Perf Log*************************




--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎Thu ‎Mar ‎29 ‎2012 06:33:48
**********************************************************************Cache stats************
No. Of buckets -> 251
Each Bucket has max capacity of -> 128 entries
number of Entries is 21150
Number of invalid entries is 0
Number of Inserts issued is 21150
Number of replaces issued is 0
Number of Insert failures is 1512
Number of lookups is 516639
Number of misses is 450410
Number of false fast lookups is 30900
Number of invalidations is 0
Number of maintenance invalidations is 0
Current File Size is 2060288

2012-03-29T16:33:48.979Z Verifying RTP plugin...
2012-03-29T16:33:49.072Z verified!
2012-03-29T16:33:49.214Z Verifying Nis plugin...
2012-03-29T16:33:49.254Z verified!
2012-03-29T16:33:49.254Z Initializing Nis plugin state...
2012-03-29T16:33:49.254Z Nis initialized!
2012-03-29T16:33:49.254Z Loading engine...
2012-03-29T16:33:49.684Z Verifying engine module...
2012-03-29T16:33:50.274Z verified!
2012-03-29T16:33:57.081Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:282
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:1425
TotalBitmap:63120
**************************END RTP Perf Log*************************




2012-03-29T16:33:57.081Z initialized!
2012-03-29T16:33:57.081Z loaded!
2012-03-29T16:33:57.113Z Verifying license file...
2012-03-29T16:33:57.128Z verified!
2012-03-29T16:33:57.128Z Product supports installmode: 1
2012-03-29T16:33:57.222Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-29T16:33:57.269Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 1.1.8202.0
AS Signature Version: 1.123.636.0
AV Signature Version: 1.123.636.0
************************************************************
2012-03-29T16:33:57.877Z WAT report: machine genuine, state(1) error(0x0)
2012-03-29T16:33:57.955Z IWscAVStatus::UpdateStatus() failed to write instance with state(0) and up-to-date state(1):0x8000000a
2012-03-29T16:34:48.889Z Process scan started.
2012-03-29T16:34:53.070Z Process scan completed.
2012-03-29T16:36:10.087Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T16:36:10.103Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T16:38:57.423Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-03-29T16:38:57.423Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 68002573(ms) from now with period 86400000(ms)
2012-03-29T16:43:57.276Z AutoPurgeWorker triggered with dwWork=0x3
2012-03-29T16:43:57.276Z Product supports installmode: 1
2012-03-29T16:43:57.291Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-29T16:43:57.837Z Detection State: Finished(3) Failed(0) CriticalFailed(0) Additional Actions(0)
2012-03-29T16:43:58.071Z WAT report: machine genuine, state(1) error(0x0)
2012-03-29T17:09:17.752Z Task(SpyNetService -RestrictPrivileges -AccessKey 82000750-FAB3-18A3-740B-2CA93BAA14AE) launched
Begin Resource Scan
Scan ID:{B7134A4A-6808-44F5-8FE1-BB742E29F0B1}
Scan Source:7
Start Time:‎Thu ‎Mar ‎29 ‎2012 07:09:47
End Time:‎Thu ‎Mar ‎29 ‎2012 07:10:25
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Result Count:1
Unknown File
Identifier:2767383697387683838
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:5865317542712
End Scan
************************************************************

2012-03-29T18:34:48.311Z Cache Resizing**********Cache stats************
No. Of buckets -> 251
Each Bucket has max capacity of -> 128 entries
number of Entries is 24092
Number of invalid entries is 0
Number of Inserts issued is 24097
Number of replaces issued is 0
Number of Insert failures is 3018
Number of lookups is 674665
Number of misses is 569965
Number of false fast lookups is 43922
Number of invalidations is 5
Number of maintenance invalidations is 0
Current File Size is 2060288

2012-03-29T18:44:13.038Z Cache Resizing**********Cache stats************
No. Of buckets -> 293
Each Bucket has max capacity of -> 128 entries
number of Entries is 30294
Number of invalid entries is 0
Number of Inserts issued is 30299
Number of replaces issued is 0
Number of Insert failures is 3281
Number of lookups is 712297
Number of misses is 589252
Number of false fast lookups is 46221
Number of invalidations is 5
Number of maintenance invalidations is 0
Current File Size is 2404352

Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log, (c) 2006
Stopped On ‎Thu ‎Mar ‎29 ‎2012 08:52:43 (Exit Code = 0x0)
**********************************************************************Cache stats************
No. Of buckets -> 347
Each Bucket has max capacity of -> 128 entries
number of Entries is 31924
Number of invalid entries is 0
Number of Inserts issued is 31929
Number of replaces issued is 0
Number of Insert failures is 3408
Number of lookups is 722277
Number of misses is 594464
Number of false fast lookups is 46769
Number of invalidations is 5
Number of maintenance invalidations is 0
Current File Size is 2846720

****************************RTP Perf Log***************************
RTP Start:‎Thu ‎Mar ‎29 ‎2012 06:33:57
Last Perf:‎Thu ‎Mar ‎29 ‎2012 06:33:57
First RTP Scan:‎Thu ‎Mar ‎29 ‎2012 06:33:57
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:6344
Misses:3914
BM Queue:38,350,0
Proc:28,346,0
File:10,152,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,0,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:12373
Pending:0
RegSize:13812
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2207688
AsyncQCurrent:0
BMFlags:3
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:5
TotalStreamCon:5510
TotalBitmap:63120
**************************END RTP Perf Log*************************




****************************RTP Perf Log***************************
RTP Start:‎Thu ‎Mar ‎29 ‎2012 08:52:44
Last Perf:‎Thu ‎Mar ‎29 ‎2012 08:52:44
First RTP Scan:N/A
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:0
Misses:0
BM Queue:38,0,0
Proc:28,0,0
File:10,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:0,1,0
SetEngine:0,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:12373
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2207688
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:5
TotalStreamCon:5506
TotalBitmap:63120
**************************END RTP Perf Log*************************




--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎Thu ‎Mar ‎29 ‎2012 11:11:24
**********************************************************************Cache stats************
No. Of buckets -> 347
Each Bucket has max capacity of -> 128 entries
number of Entries is 31924
Number of invalid entries is 0
Number of Inserts issued is 31929
Number of replaces issued is 0
Number of Insert failures is 3408
Number of lookups is 722277
Number of misses is 594464
Number of false fast lookups is 46769
Number of invalidations is 5
Number of maintenance invalidations is 0
Current File Size is 2846720

2012-03-29T21:11:24.597Z Verifying RTP plugin...
2012-03-29T21:11:24.660Z verified!
2012-03-29T21:11:25.096Z Verifying Nis plugin...
2012-03-29T21:11:25.096Z verified!
2012-03-29T21:11:25.096Z Initializing Nis plugin state...
2012-03-29T21:11:25.096Z Nis initialized!
2012-03-29T21:11:25.112Z Loading engine...
2012-03-29T21:11:25.267Z Verifying engine module...
2012-03-29T21:11:25.497Z verified!
2012-03-29T21:11:31.748Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:1128
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:941
TotalBitmap:63120
**************************END RTP Perf Log*************************




2012-03-29T21:11:31.748Z initialized!
2012-03-29T21:11:31.748Z loaded!
2012-03-29T21:11:31.794Z Verifying license file...
2012-03-29T21:11:31.794Z verified!
2012-03-29T21:11:31.794Z Product supports installmode: 1
2012-03-29T21:11:31.826Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-29T21:11:31.857Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 1.1.8202.0
AS Signature Version: 1.123.636.0
AV Signature Version: 1.123.636.0
************************************************************
2012-03-29T21:11:32.123Z IWscAVStatus::UpdateStatus() failed to write instance with state(0) and up-to-date state(1):0x8000000a
2012-03-29T21:11:39.769Z WAT report: machine genuine, state(1) error(0x0)
2012-03-29T21:12:24.588Z Process scan started.
2012-03-29T21:12:27.318Z Process scan completed.
2012-03-29T21:13:53.882Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T21:13:53.929Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T21:16:32.002Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-03-29T21:16:32.002Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 54086782(ms) from now with period 86400000(ms)
2012-03-29T21:21:31.859Z AutoPurgeWorker triggered with dwWork=0x3
2012-03-29T21:21:31.859Z Product supports installmode: 1
2012-03-29T21:21:32.015Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-29T21:21:32.233Z Detection State: Finished(3) Failed(0) CriticalFailed(0) Additional Actions(0)
2012-03-29T21:21:32.639Z WAT report: machine genuine, state(1) error(0x0)
2012-03-29T23:32:26.768Z Task(SignaturesUpdateService -UnmanagedUpdate) launched
2012-03-29T23:33:20.901Z Verifying engine module...
2012-03-29T23:33:21.026Z verified!
2012-03-29T23:33:36.815Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:‎Thu ‎Mar ‎29 ‎2012 11:11:31
Last Perf:‎Thu ‎Mar ‎29 ‎2012 11:11:31
First RTP Scan:‎Thu ‎Mar ‎29 ‎2012 11:11:31
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:2340
Misses:2890
BM Queue:0,670,0
Proc:0,650,0
File:0,121,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,0,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:6879
Pending:0
RegSize:13812
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:2009190
AsyncQCurrent:0
BMFlags:3
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:4756
TotalBitmap:63120
**************************END RTP Perf Log*************************




2012-03-29T23:33:36.815Z initialized!
Signature updated on ‎Thu ‎Mar ‎29 ‎2012 13:33:36
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 1.1.8202.0
AS Signature Version: 1.123.708.0
AV Signature Version: 1.123.708.0
************************************************************
2012-03-29T23:33:36.831Z Process scan started.
Signature updated via MicrosoftUpdateServer on ‎Thu ‎Mar ‎29 ‎2012 13:33:37
************************************************************
2012-03-29T23:33:39.030Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T23:33:39.046Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-29T23:33:47.111Z Process scan completed.
2012-03-29T23:39:19.365Z Task(SpyNetService -RestrictPrivileges -AccessKey 176A95EF-DB7B-490B-B8F7-44BB511EE9B6) launched
Begin Resource Scan
Scan ID:{1CDB0576-6A7B-4D1C-B4A7-36E43BF8EAD7}
Scan Source:7
Start Time:‎Thu ‎Mar ‎29 ‎2012 13:39:01
End Time:‎Thu ‎Mar ‎29 ‎2012 13:39:49
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->m.class
Result Count:1
Unknown File
Identifier:2767383697387683838
Number of Resources:1
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Extended Info:5865317542712
End Scan
************************************************************

2012-03-29T23:42:57.320Z Task(SpyNetService -RestrictPrivileges -AccessKey 9E954340-BD2F-8222-72FC-B0A95167C6FA) launched
Begin Resource Scan
Scan ID:{0F65F182-225D-410A-92CC-9B49476A5322}
Scan Source:7
Start Time:‎Thu ‎Mar ‎29 ‎2012 13:43:26
End Time:‎Thu ‎Mar ‎29 ‎2012 13:43:26
Explicit resource to scan
Resource Schema:queryfilertsig
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da
Result Count:1
Known File
Number of Resources:1
Resource Schema:file
Resource Path:C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4d87edcc-67d365da->META-INF/
Extended Info:35872925223583
End Scan
************************************************************


BEGIN BM detection
GUID:{A4FDCFDE-4118-9169-1CD0670C4253B557}
DetectionName:Behavior:Win32/InjectedRemoteThread
SignatureID:199782661703945
ProcessID:3056
SessionID:1
CreationTime:‎Thu ‎Mar ‎29 ‎2012 15:06:05
ImagePath:C:\Windows\SysWOW64\GPhotos.scr
ImagePathHash:2A2EDEEE7652305E764F89D0DCC4499CB9E9DD4C5490C9140895DE2BD5CCE0EA
TargetFileName:C:\Windows\System32\csrss.exe
END BM detection

2012-03-30T01:06:08.132Z Task(SpyNetService -RestrictPrivileges -AccessKey 94D9E703-308B-66EF-011C-8A1BEFCAB9A8) launched
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Log, (c) 2006
Stopped On ‎Thu ‎Mar ‎29 ‎2012 15:49:29 (Exit Code = 0x0)
**********************************************************************Cache stats************
No. Of buckets -> 347
Each Bucket has max capacity of -> 128 entries
number of Entries is 31944
Number of invalid entries is 0
Number of Inserts issued is 31953
Number of replaces issued is 0
Number of Insert failures is 3408
Number of lookups is 744141
Number of misses is 611107
Number of false fast lookups is 48521
Number of invalidations is 9
Number of maintenance invalidations is 0
Current File Size is 2846720

****************************RTP Perf Log***************************
RTP Start:‎Thu ‎Mar ‎29 ‎2012 13:33:36
Last Perf:‎Thu ‎Mar ‎29 ‎2012 13:33:36
First RTP Scan:‎Thu ‎Mar ‎29 ‎2012 13:33:36
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:1771
Misses:5234
BM Queue:17,516,0
Proc:10,515,0
File:7,67,0
Plugin Queue:0,1,0
Threat:0,1,0
Susp:0,1,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,2,0
SetEngine:1,1,0
SetState:0,1,0
SetUser:0,0,0
Config:0,1,0
ProcExcl:0,1,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:15519
Pending:0
RegSize:15956
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:3776330
AsyncQCurrent:0
BMFlags:3
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:7963
TotalBitmap:63120
**************************END RTP Perf Log*************************




****************************RTP Perf Log***************************
RTP Start:‎Thu ‎Mar ‎29 ‎2012 15:49:30
Last Perf:‎Thu ‎Mar ‎29 ‎2012 15:49:29
First RTP Scan:N/A
Plugin States: AV:1 AS:1 RTP:1 OA:1 BM:1
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:1
System File Cache:
Hits:0
Misses:0
BM Queue:17,0,0
Proc:10,0,0
File:7,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:0,1,0
SetEngine:0,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:15519
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:3776330
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:7964
TotalBitmap:63120
**************************END RTP Perf Log*************************




--------------------------------------------------------------------------------
Microsoft Security Essentials (EDB4FA23-53B8-4AFA-8C5D-99752CCA7094) Service Log
Started On ‎Thu ‎Mar ‎29 ‎2012 22:04:19
**********************************************************************Cache stats************
No. Of buckets -> 347
Each Bucket has max capacity of -> 128 entries
number of Entries is 31944
Number of invalid entries is 0
Number of Inserts issued is 31953
Number of replaces issued is 0
Number of Insert failures is 3408
Number of lookups is 744141
Number of misses is 611107
Number of false fast lookups is 48521
Number of invalidations is 9
Number of maintenance invalidations is 0
Current File Size is 2846720

2012-03-30T08:04:19.842Z Verifying RTP plugin...
2012-03-30T08:04:19.932Z verified!
2012-03-30T08:04:20.102Z Verifying Nis plugin...
2012-03-30T08:04:20.122Z verified!
2012-03-30T08:04:20.122Z Initializing Nis plugin state...
2012-03-30T08:04:20.122Z Loading engine...
2012-03-30T08:04:20.122Z Nis initialized!
2012-03-30T08:04:20.302Z Verifying engine module...
2012-03-30T08:04:20.512Z verified!
2012-03-30T08:04:22.272Z Initializing RTP plugin state...
****************************RTP Perf Log***************************
RTP Start:N/A
Last Perf:N/A
First RTP Scan:N/A
Plugin States: AV:2 AS:2 RTP:2 OA:2 BM:2
Process Exclusions:
Path Exclusions:
Ext Exclusions:
Worker Threads:
AM:19
Async:4
Cache Flushes:
RTP:0
System File Cache:
Hits:0
Misses:0
BM Queue:0,0,0
Proc:0,0,0
File:0,0,0
Plugin Queue:0,0,0
Threat:0,0,0
Susp:0,0,0
Unknown:0,0,0
Error:0,0,0
Request Queue:1,1,0
SetEngine:1,1,0
SetState:0,0,0
SetUser:0,0,0
Config:0,0,0
ProcExcl:0,0,0
FilterReload:0,0,0
FilterUnload:0,0,0
MpFilter:
Scans:0
Pending:0
RegSize:0
AsyncQNotif:0
AsyncQMissed:0
AsyncQTotalSent:848
AsyncQCurrent:0
BMFlags:0
ServiceMaj:0
ServiceMin:0
ProcBitmap:0
NumInstance:4
TotalStreamCon:656
TotalBitmap:63120
**************************END RTP Perf Log*************************




2012-03-30T08:04:22.272Z initialized!
2012-03-30T08:04:22.272Z loaded!
2012-03-30T08:04:22.322Z Verifying license file...
2012-03-30T08:04:22.332Z verified!
2012-03-30T08:04:22.332Z Product supports installmode: 1
2012-03-30T08:04:22.362Z Task(-GenuineCheck -RestrictPrivileges) launched
2012-03-30T08:04:22.372Z Auto purger task is scheduled to run in 600000(ms) from now with period 86400000(ms)
Product Version: 3.0.8402.0
Service Version: 3.0.8402.0
Engine Version: 1.1.8202.0
AS Signature Version: 1.123.708.0
AV Signature Version: 1.123.708.0
************************************************************
2012-03-30T08:04:32.920Z IWscAVStatus::UpdateStatus() failed to write instance with state(0) and up-to-date state(1):0x8000000a
2012-03-30T08:04:39.347Z WAT report: machine genuine, state(1) error(0x0)
2012-03-30T08:05:19.782Z Process scan started.
2012-03-30T08:05:22.169Z Process scan completed.
2012-03-30T08:07:03.829Z IWscAVStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-30T08:07:03.860Z IWscASStatus::UpdateStatus() succceeded writing instance with state (1) and up-to-date state(1)
2012-03-30T08:09:22.544Z Task(SignatureUpdate -ScheduleJob -RestrictPrivileges) is scheduled to run in 86400000(ms) from now with period 86400000(ms)
2012-03-30T08:09:22.544Z Task(Scan -ScheduleJob -RestrictPrivileges -ScanType 2) is scheduled to run in 13644269(ms) from now with period 86400000(ms)
2012-03-30T08:14:22.378Z AutoPurgeWorker
_________________
If we are to achieve results never before accomplished, we must expect to employ methods never before attempted.
Back to top
View user's profile Send private message Yahoo Messenger
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283
PostPosted: Sun Apr 01, 2012 1:17 pm    Post subject: Reply with quote
Hi Pbarton :

Quote:
I’m still getting wyUpate prompts when I exit Tweetdeck.

The wyUpdate is used by many developer to update their software, however, let's try to uninstall the Tweetdeck and observe whether the wyUpdate appear again.

1. Please uninstall Tweetdeck and observe for a few days to confirm it.


2. OTL fix
Please download OTL ... by Old Timer . Save it to your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Copy the following text... do not include the quote box title "Quote'
    Quote:

    :Files
    C:\Program Files (x86)\Common Files\Spigot
    C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
    ipconfig /flushdns /c

    :Commands
    [EmptyTemp]
    [Emptyjava]
    [CreateRestorePoint]

  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results.
  • Please post the contents of report in your next reply.

note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.



3. re-scan with OTL
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop. Disable you antivirus if needed.
  • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Under Output, ensure that Minimal Output is selected.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

  • Please post the contents of OTL.txt ONLY in your next reply.


Thanks,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Pbarton
Junior Member


Joined: 12 Aug 2005
Last Visit: 19 Jul 2012
Posts: 25
Location: Hawaii
PostPosted: Sun Apr 01, 2012 4:23 pm    Post subject: Reply with quote
Tweetdeck has been uninstalled. Ran the OTL. The log is below. I'll run the scan again and post that log as well.

All processes killed
========== FILES ==========
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Paul\Desktop\cmd.bat deleted successfully.
C:\Users\Paul\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Paul
->Temp folder emptied: 20806669 bytes
->Temporary Internet Files folder emptied: 1105457 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39134155 bytes
->Flash cache emptied: 56990 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70980 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 204148 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 59.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Paul
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04012012_140443

Files\Folders moved on Reboot...
C:\Users\Paul\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C7F243DD-ABFF-4395-B0DC-52E67E95E4CC}.tmp not found!

Registry entries deleted on Reboot...
_________________
If we are to achieve results never before accomplished, we must expect to employ methods never before attempted.
Back to top
View user's profile Send private message Yahoo Messenger
Pbarton
Junior Member


Joined: 12 Aug 2005
Last Visit: 19 Jul 2012
Posts: 25
Location: Hawaii
PostPosted: Sun Apr 01, 2012 4:37 pm    Post subject: Reply with quote
And here the other OTL log file:

OTL logfile created on: 4/1/2012 2:27:09 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Paul\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.30 Gb Available Physical Memory | 58.31% Memory free
7.90 Gb Paging File | 5.96 Gb Available in Paging File | 75.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 585.57 Gb Total Space | 523.77 Gb Free Space | 89.45% Space Free | Partition Type: NTFS

Computer Name: PAUL-VAIO | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Sony of America Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c6b914d595e5b00ae540004a71c6c3a2\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\ebfad289d9759034cd3a887802fadb5b\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (VSNService) -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe (Sony Corporation)
SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)
SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VCService) -- C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe (Sony Corporation)
SRV:64bit: - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV:64bit: - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe (Digital Delivery Networks, Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (bpmp) Intel(R) Centrino(R) -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)
DRV:64bit: - (bpusb) Intel(R) Centrino(R) -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)
DRV:64bit: - (bpenum) Intel(R) Centrino(R) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)
DRV:64bit: - (NETwNs64) ___ Intel(R) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (npf) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (e1yexpress) Intel(R) -- C:\Windows\SysNative\drivers\e1y60x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-564319083-1466883796-1806163869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE
IE - HKU\S-1-5-21-564319083-1466883796-1806163869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-564319083-1466883796-1806163869-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9MSE
IE - HKU\S-1-5-21-564319083-1466883796-1806163869-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-564319083-1466883796-1806163869-1001\..\SearchScopes\{87BAD993-C050-4707-A925-A6EF09B3BB09}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-ydwnld
IE - HKU\S-1-5-21-564319083-1466883796-1806163869-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={0E91A13F-ACF8-4D31-8E72-FE554B513EA1}&mid=d1728ae75e8d47d19488a9cd7a0409aa-97a3e4fe4c81d37b518835f3f93bf15d9571b684&lang=en&ds=ts023&pr=sa&d=2012-03-07 06:56:45&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-564319083-1466883796-1806163869-1001\..\SearchScopes\{96E72FFA-282F-4F9F-8D1B-5D6AAE83A7F6}: "URL" = http://www.bing.com/search?q={searchTerms}&form=BIE9SE&pc=BIE9&src=IE-SearchBox
IE - HKU\S-1-5-21-564319083-1466883796-1806163869-1001\..\SearchScopes\{BF9070A5-F245-4774-83E8-056D56468044}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-564319083-1466883796-1806163869-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-564319083-1466883796-1806163869-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.my.yahoo.com"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B567c3161-b875-449a-ad71-7d38d0512f4f%7D&mid=d1728ae75e8d47d19488a9cd7a0409aa-97a3e4fe4c81d37b518835f3f93bf15d9571b684&ds=ts023&v=10.2.0.3&lang=en&pr=sa&d=2012-03-07%2006%3A56%3A45&sap=ku&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/30 22:01:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/30 22:01:15 | 000,000,000 | ---D | M]

[2011/07/24 16:46:56 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Extensions
[2012/03/29 11:40:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\0yd1rt4h.default\extensions
[2012/03/29 11:40:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\0yd1rt4h.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/01/18 23:19:56 | 000,002,417 | -H-- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\0yd1rt4h.default\searchplugins\s-amazon-bymp.xml
[2011/10/03 22:39:17 | 000,000,942 | -H-- | M] () -- C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\0yd1rt4h.default\searchplugins\yahoo.xml
[2012/02/18 10:35:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/05 10:39:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/21 07:40:36 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/25 17:03:10 | 000,071,016 | ---- | M] ( ) -- C:\Program Files (x86)\mozilla firefox\plugins\npsharedview.dll
[2009/10/11 15:02:46 | 000,619,784 | ---- | M] (Symantec Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\NPXPEE.dll
[2012/03/12 21:44:00 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/05/06 11:14:46 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/10 14:44:42 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2009/06/10 11:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKU\S-1-5-21-564319083-1466883796-1806163869-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCUDelayStartup.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-564319083-1466883796-1806163869-1001..\Run: [VRLPHelper] C:\Program Files (x86)\Sony\Media Gallery\VRLPHelper.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12E1852A-6906-4573-9264-7690FB4C2352}: DhcpNameServer = 10.11.0.1 10.11.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD41A4FB-3088-4844-B21D-EA26BC5D196B}: DhcpNameServer = 24.25.227.55 209.18.47.61 24.25.227.53
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/01 14:04:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/01 14:02:48 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012/03/31 07:17:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe
[2012/03/30 22:28:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/03/30 22:17:57 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/03/30 22:17:57 | 000,264,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/03/30 22:17:57 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/03/30 22:17:57 | 000,188,808 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/03/28 22:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/03/28 22:41:36 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/22 10:25:10 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Paul\Desktop\dds.scr
[2012/03/13 16:53:15 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/13 16:53:14 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/13 16:53:14 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/13 09:26:18 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/13 09:25:31 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/13 09:25:31 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/13 09:25:31 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/13 09:25:31 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/13 09:25:30 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/11 14:12:05 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/03/11 13:54:23 | 000,000,000 | ---D | C] -- C:\ProgramData\{CC6525B7-42F2-42DB-BF33-445E26F52EC1}
[2012/03/11 13:53:56 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\PackageAware
[2012/03/11 12:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/03/11 12:24:18 | 000,000,000 | ---D | C] -- C:\Users\Paul\Adobe Dreamweaver CS5.5
[2012/03/11 12:24:04 | 000,000,000 | ---D | C] -- C:\Users\Paul\New folder
[2012/03/11 12:22:15 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/03/11 11:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/03/10 22:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/03/10 22:01:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/10 22:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/10 22:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/09 15:32:32 | 004,431,872 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2012/03/07 08:54:01 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\twitter
[2012/03/07 06:56:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/03/07 06:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimComputer
[2012/03/06 23:58:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/03/06 23:04:44 | 000,000,000 | -H-D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[4 C:\Users\Paul\Documents\*.tmp files -> C:\Users\Paul\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/01 14:16:49 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/01 14:16:49 | 000,020,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/01 14:08:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/01 14:08:46 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/01 14:02:55 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2012/04/01 13:58:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-564319083-1466883796-1806163869-1001UA.job
[2012/03/31 19:58:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-564319083-1466883796-1806163869-1001Core.job
[2012/03/31 10:24:53 | 000,782,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/31 10:24:53 | 000,662,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/31 10:24:53 | 000,122,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/31 07:17:36 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Paul\Desktop\esetsmartinstaller_enu.exe
[2012/03/30 22:17:44 | 000,264,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/03/30 22:17:44 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/03/30 22:17:44 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/03/30 22:17:43 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012/03/30 22:17:43 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/28 22:41:58 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/28 22:41:47 | 000,796,852 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/26 21:02:51 | 037,068,134 | ---- | M] () -- C:\Users\Paul\Desktop\fir-644.mp3
[2012/03/22 10:25:15 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Paul\Desktop\dds.scr
[2012/03/13 22:27:01 | 000,375,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/09 15:32:32 | 004,431,872 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2012/03/07 08:59:18 | 000,001,141 | ---- | M] () -- C:\Users\Paul\Desktop\TweetDeck - Shortcut.lnk
[2012/03/06 23:04:46 | 000,000,288 | -H-- | M] () -- C:\ProgramData\~pPd285JJhG1kSl
[2012/03/06 23:04:46 | 000,000,200 | -H-- | M] () -- C:\ProgramData\~pPd285JJhG1kSlr
[2012/03/06 23:04:41 | 000,000,336 | -H-- | M] () -- C:\ProgramData\pPd285JJhG1kSl
[4 C:\Users\Paul\Documents\*.tmp files -> C:\Users\Paul\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/28 22:41:58 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/03/28 22:41:40 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/26 21:02:16 | 037,068,134 | ---- | C] () -- C:\Users\Paul\Desktop\fir-644.mp3
[2012/03/11 12:35:41 | 000,001,247 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.5.lnk
[2012/03/11 12:33:54 | 000,001,379 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012/03/11 12:33:50 | 000,001,551 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012/03/11 12:33:45 | 000,001,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/03/11 12:33:30 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/03/11 12:33:06 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/03/11 11:50:02 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/03/07 08:59:18 | 000,001,141 | ---- | C] () -- C:\Users\Paul\Desktop\TweetDeck - Shortcut.lnk
[2012/03/06 23:04:46 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~pPd285JJhG1kSlr
[2012/03/06 23:04:45 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~pPd285JJhG1kSl
[2012/03/06 23:04:41 | 000,000,336 | -H-- | C] () -- C:\ProgramData\pPd285JJhG1kSl
[2012/01/26 11:15:14 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/01/26 11:15:14 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011/11/16 18:29:10 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2011/07/18 20:38:04 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/07/18 20:38:04 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/07/18 20:33:14 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/07/18 20:15:30 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/05/03 19:30:30 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/03/29 15:46:46 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/02/10 13:03:27 | 000,796,852 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

< End of report >
_________________
If we are to achieve results never before accomplished, we must expect to employ methods never before attempted.
Back to top
View user's profile Send private message Yahoo Messenger
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283
PostPosted: Mon Apr 02, 2012 1:36 pm    Post subject: Reply with quote
Hi Pbarton :


1. OTL fix
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  • Right click on OTL.exe and select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Copy the following text... do not include the quote box title "Quote'
    Quote:
    :OTL
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O3 - HKU\S-1-5-21-564319083-1466883796-1806163869-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    [2012/03/06 23:04:44 | 000,000,000 | -H-D | C] -- C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/03/06 23:04:46 | 000,000,200 | -H-- | C] () -- C:\ProgramData\~pPd285JJhG1kSlr
    [2012/03/06 23:04:45 | 000,000,288 | -H-- | C] () -- C:\ProgramData\~pPd285JJhG1kSl
    [2012/03/06 23:04:41 | 000,000,336 | -H-- | C] () -- C:\ProgramData\pPd285JJhG1kSl

    :Commands
    [EmptyTemp]
    [CreateRestorePoint]

  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results.
  • Please post the contents of report in your next reply.

note: The OTL fix log was located at c:\_OTL\MovedFiles with the format MMDDYYY_HHMMSS.log.


2. Malwarebytes' Anti-Malware (MBAM)
As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:
  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform FULL scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
Note: If MBAM doesn't return after an update, please start it again.


3. Please give me an update regarding your computer problem, any other problem?

Thanks,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Pbarton
Junior Member


Joined: 12 Aug 2005
Last Visit: 19 Jul 2012
Posts: 25
Location: Hawaii
PostPosted: Tue Apr 03, 2012 8:43 am    Post subject: Reply with quote
Hi Torreattack,
Everything seems to be running fine now. The logs are below. Thanks.

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_USERS\S-1-5-21-564319083-1466883796-1806163869-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\ProgramData\~pPd285JJhG1kSlr moved successfully.
C:\ProgramData\~pPd285JJhG1kSl moved successfully.
C:\ProgramData\pPd285JJhG1kSl moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Paul
->Temp folder emptied: 9788 bytes
->Temporary Internet Files folder emptied: 693183 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41678183 bytes
->Flash cache emptied: 470 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16056 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 208979 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 41.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 04022012_224314

Files\Folders moved on Reboot...
C:\Users\Paul\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{6E6D0A60-39F7-4AE3-9D29-44888F075906}.tmp not found!
File\Folder C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{451B7B3B-86D7-4E00-8282-2596B760623D}.tmp not found!
C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5317B991-F398-4AE8-994C-932FE1CF1BDD}.tmp moved successfully.
C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A1517F29-C424-402C-9610-0174D72B6956}.tmp moved successfully.
File\Folder C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A24AE5FE-48C4-46BF-9327-0DC5966B1771}.tmp not found!
File\Folder C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C0C37865-B87D-4927-98FD-1ADC1DACC1D3}.tmp not found!
C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{D1306F45-B07E-470E-ADC9-ED94A9AAFFED}.tmp moved successfully.
File\Folder C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DB5B7BFF-D771-4B25-970F-7D1DF42CF360}.tmp not found!

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Paul :: PAUL-VAIO [administrator]

Protection: Enabled

4/2/2012 11:36:07 PM
mbam-log-2012-04-02 (23-36-07).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 353059
Time elapsed: 1 hour(s), 17 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
_________________
If we are to achieve results never before accomplished, we must expect to employ methods never before attempted.
Back to top
View user's profile Send private message Yahoo Messenger
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283
PostPosted: Wed Apr 04, 2012 8:30 am    Post subject: Reply with quote
Hi Pbarton :

Quote:
Everything seems to be running fine now.

Good.

Let's try to identify whether the wyUpdate is related to Tweetdeck:

1. Please reinstall Tweetdeck and observe whether the wyUpdate appear again.

2. Do you have other problem?


Thanks,
torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Pbarton
Junior Member


Joined: 12 Aug 2005
Last Visit: 19 Jul 2012
Posts: 25
Location: Hawaii
PostPosted: Wed Apr 04, 2012 8:58 am    Post subject: Reply with quote
All clear. No problems. I no longer get the wyUpdate prompts upon exiting Tweetdeck like I did before and everything else is working fine. Thank you for all your help!
_________________
If we are to achieve results never before accomplished, we must expect to employ methods never before attempted.
Back to top
View user's profile Send private message Yahoo Messenger
torreattack
SWW Graduate


Joined: 21 Apr 2011
Last Visit: 24 Apr 2013
Posts: 283
PostPosted: Thu Apr 05, 2012 4:48 am    Post subject: Reply with quote
Hi Pbarton :

Quote:
All clear. No problems. I no longer get the wyUpdate prompts upon exiting Tweetdeck like I did before and everything else is working fine.

Well done!

============================================================
This is my general post for when your logs show no more signs of malware.

Congratulations... your computer now appears to be malware free! Smile
Please follow these simple guidelines in order to help keep your computer more secure:

Time for some housekeeping

Flush Restore Point
Please make sure OTL.exe is on your Desktop.
Important! Close all applications and windows so that you have nothing open and are at your Desktop
  • Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  • Copy the following text... do not include the quote box title "Quote'
    Quote:
    :Commands
    [EmptyTemp]
    [ClearAllRestorePoints]

  • Click under the Custom Scan/Fixes box and paste the copied text.
  • Click the Run Fix button. If prompted... click OK.
  • When the scan completes, Notepad will open with the scan results.
  • Just close the notepad and do not need to post the contents of report.



Clean up with OTL
  • Right-click OTL.exe And select " Run as administrator " to run it. If Windows UAC prompts you, please allow it.
  • This tool will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.



You can now delete any tools we used if they remain on your Desktop.


Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.


Update your Antivirus programs and other programs regularly.
Secunia Software Inspector
F-secure Health Check


Visit Microsoft often.
Keep on top of critical updates , as well as other updates for your computer.
What is Windows Update?
Microsoft Update Home



Install additional (free) programs, that can help improve security.
Many feel that having a "layered" protection scheme is beneficial, you'll have to decide what works best for your situation.
Here are a few you can look into, if you want.


WinPatrol
Do not install if you have installed Spybot Search & Destroy and enabled Teatimer protection. System conflicts can occur.
Download it from BillP Studios
Information about how WinPatrol works, is available Here
(The free version of WinPatrol... provides limited real-time protection)


MVPS Hosts
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Install MVPS Hosts File Here
You can Find the Tutorial HERE


Read - stay informed.
To help minimize the chances of becoming re-infected, please read.
Computer Security - a short guide to staying safer online

If your computer is running slowly after your clean up, please read.
What to do if your Computer is running slowly



I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.


Happy surfing!

torreattack
_________________
Graduate of Malware Removal University, - You too could train to help others
Failure to post replies within 3 days will result in this thread being closed
Back to top
View user's profile Send private message
Pbarton
Junior Member


Joined: 12 Aug 2005
Last Visit: 19 Jul 2012
Posts: 25
Location: Hawaii
PostPosted: Fri Apr 06, 2012 12:47 am    Post subject: Reply with quote
Ran the additional clean-ups. Everything is running smoothly. Thanks again for all your help! Keep fighting the good fight!
_________________
If we are to achieve results never before accomplished, we must expect to employ methods never before attempted.
Back to top
View user's profile Send private message Yahoo Messenger
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 25 May 2013
Posts: 4051
Location: Land Of The Leprechauns
PostPosted: Fri Apr 06, 2012 6:32 am    Post subject: Reply with quote
Quote:
As your issues appear to be resolved, this topic is now closed.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

_________________
Admin/Teacher at Malware Removal University
Member of...

Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group