来源:蜘蛛抓取(WebSpider)
时间:2012-05-07 05:49
标签:
Русский
Portuguese
产品: VAIO Update公司: Sony Corporation描述: VUAgentPS版本: 7.0.0.13160MD5: 416aee1acdbf58b1ee9ceeSHA1: fb7bb6c3884SHA256: d8faff039cebe5b081b7d04ceaaa76f0ed51bff4ca9d8大小: 28208目录: %PROGRAMFILES%\Sony\VAIO Update操作系统: Windows Vista发生: 中 数字签名: Sony Corporation
Check your PC with our freeware tool
System Explorer is our freeware awards winning tool which provides easy way how to check all running processes via our database.
This tool will help you keep your system under control.
库“vuagentps.dll”安全“或”威胁?文库的犯罪嫌疑人对你吗?是您的计算机运行缓慢?你遇到了一些可疑的行为在您的计算机? We recommends make free computer scan with our
free award-winning tool .
添加系统“vuagentps.dll”与上面定义的参数
Select File Rating
Check your PC with our freeware tool
System Explorer is our freeware awards winning tool which provides easy way how to check all running processes via our database.
This tool will help you keep your system under control.
It's real freeware, no ads or bundles, available in installer or portable distribution.
Many satisfied users recommends to try it.文件位置:
vuagent.exe文件是什么?
Sony Corporation
5.0.0.10300
文件路径:C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
文件描述:VUAgent
感谢您发表评论!
键入图片中的字符:
如果您的系统软件或游戏提示“找不到vuagent.exe”或“vuagent.exe缺失损坏” 或者“exe等错误,在本页下载vuagent.RAR文件包,解压缩后找到适合的版本文件,直接拷贝到原目录即可解决错误提示!默认解压密码:www.wenjian.net
联系人工(解决Windows系统各类软件故障)
声明:由于文件众多,本站的某些文件可能还无法下载,因为各种各样的文件达到几十万之多,所以我们还无法为每个文件一一提供下载,但是我们为此在做努力,每天坚持更新,相信在不久,网站的任意一个安全文件都可以顺利下载,真正解决大家因丢失、缺少文件导致程序无法运行的烦恼。
vuagent.exe 是 安全文件Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.
Register a free account to unlock additional features
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
or read our
to learn how to use this site.
Infected After Font Install via Strange .exe, Browser Hijacked, What Else??
Started by
This topic is locked
14 replies to this topic
Hi All, my girlfriend wanted a new font so she downloaded an .exe from some strange website and ran it. Now I have no idea what kind trash might be infecting her laptop. Both IE and FF were redirecting to some russian search site, I've fixed them both by doing a browser reset. I've uninstalled browse2Save, and anything else that looked suspicious. Can you please look over these logs and let me know if theres anything more sinister I may have missed. There are no adverse symptoms I'm noticing now, but I'm just worried since she ran .exe from an unkown sorce it could have done anything.
Anyways I'm sorry I don't have anymore details but nothing seems to be happening, I'm just terrified since she committed the ultimate sin of run strange executables on her system.
DDS (Ver_.01) - NTFS_AMD64
Internet Explorer: 9.0.
Run by jenni at 0:27:15 on
Microsoft Windows 7 Home Premium   6.1.2.1.4.2129 [GMT -5:00]
AV: Microsoft Security Essentials *Enabled/Updated* {3FA2-C958-E30C-E}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E2-C6D6-D9BC-D9F}
============== Running Processes ===============
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\hasplms.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\SysWOW64\DllHost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Intel\Intel& Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel& Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
C:\Windows\system32\msiexec.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp:///ig/redirectdomain?brand=SNNT&bmod=SNNT
uSearch Bar = Preserve
uDefault_Page_URL = hxxp:///ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://websearch./?pid=95&r=&hid=&lg=EN&cc=US
mDefault_Page_URL = hxxp:///ig/redirectdomain?brand=SNNT&bmod=SNNT
mWinlogon: Userinit = userinit.exe
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel& Rapid Storage Technology\IAStorIcon.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SONYMS~1.LNK - C:\Program Files (x86)\Sony\MSS\3.0.271\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:1
IE: {219C-491a-A3C7-D9FCDDC9D600} - {5F7B-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {50-4f3c-EE0C6C49} - {48E7-C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C278809} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7CF6E6F534F6E656 : DHCPNameServer = 8.8.8.8 4.2.2.1 8.8.4.4
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7CF6E6F : DHCPNameServer = 8.8.8.8 4.2.2.1 8.8.4.4
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7C6677 : DHCPNameServer = 128.227.30.254 8.6.245.30
TCP: Interfaces\{5CA2638F-A594-4D24-80BE-A37A7CB455D : DHCPNameServer = 161.6.94.105 161.6.94.106
TCP: Interfaces\{F080DE39-A95A-4ECD-9EF4-659C412F3AD6} : DHCPNameServer = 161.6.94.105 161.6.94.106
Filter: text/xml - {--A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs=  c:\progra~2\websea~1\sprote~1.dll
SSODL: WebCheck - &orphaned&
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-IE: {50-4f3c-EE0C6C49} - {48E7-C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {--A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - &orphaned&
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
================= FIREFOX ===================
FF - ProfilePath - C:\Users\jenni\AppData\Roaming\Mozilla\Firefox\Profiles\kuugd2jw.default-8\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL - hxxp:///search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL:
01:04; {CAFEEFAC-33-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-33-ABCDEFFEDCBA}
FF - ExtSQL:
01:04; {CAFEEFAC-35-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-35-ABCDEFFEDCBA}
FF - ExtSQL:
01:04; {CAFEEFAC-37-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-37-ABCDEFFEDCBA}
============= SERVICES / DRIVERS ===============
R0 MpFMicrosoft Malware Protection DC:\Windows\System32\drivers\MpFilter.sys [ 230320]
R0 PRTDRV;PRTDRV;C:\Windows\System32\drivers\prtdrv.sys [ 29736]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [ 55280]
R2C:\Windows\System32\drivers\aksdf.sys [ 71040]
R2Sentinel HASP License MC:\Windows\System32\hasplms.exe  -run --& C:\Windows\System32\hasplms.exe  -run [?]
R2 IAStorDataMgrSIntel& Rapid Storage TC:\Program Files (x86)\Intel\Intel& Rapid Storage Technology\IAStorDataMgrSvc.exe [ 13336]
R2 NisDMicrosoft Network Inspection SC:\Windows\System32\drivers\NisDrvWFP.sys [ 130008]
R2 Oasis2SOasis2SC:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [ 60416]
R2 PMBDeviceInfoPPMBDeviceInfoPC:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [ 360224]
R2C:\Windows\System32\drivers\rimssne64.sys [ 93696]
R2C:\Windows\System32\drivers\risdsne64.sys [ 75776]
R2 SampleCVAIO Care Performance SC:\Program Files\Sony\VAIO Care\VCPerfService.exe [ 156672]
R2 uCamMCamMC:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [ 104960]
R2Cisco AnyConnect VPN AC:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [ 641464]
R3 ArcSoftKsUFArcSoft Magic-I Visual EC:\Windows\System32\drivers\ArcSoftKsUFilter.sys [ 19968]
R3 NisSMicrosoft Network IC:\Program Files\Microsoft Security Client\NisSrv.exe [ 379360]
R3 SFEP;Sony Firmware Extension PC:\Windows\System32\drivers\SFEP.sys [ 11392]
R3 VAIO Power MVAIO Power MC:\Program Files\Sony\VAIO Power Management\SPMService.exe [ 571248]
R3 VCSVCSC:\Program Files\Sony\VAIO Care\VCService.exe [ 54760]
R3 VUAVUAC:\Program Files\Sony\VAIO Update\VUAgent.exe [ 1286784]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet CC:\Windows\System32\drivers\yk62x64.sys [ 395264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [ 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [ 138576]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [ 362992]
S3Bluetooth USB FC:\Windows\System32\drivers\btusbflt.sys [ 52264]
S3 btwl2Bluetooth L2CAP SC:\Windows\System32\drivers\btwl2cap.sys [ 35104]
S3 IIC:\Windows\System32\drivers\Impcd.sys [ 151040]
S3 McComponentHostServiceSMcAfee Security Scan Component Host Service for SC:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [ 237328]
S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [ ]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [ 313840]
S3 SOHCIVAIO Media plus Content IC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [ 108400]
S3 SOHDVAIO Media plus Digital Media SC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [ 423280]
S3 SOHDs;VAIO Media plus Device SC:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [ 67952]
S3 SpfSVAIO Entertainment Common SC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [ 286936]
S3 TsUsbFTsUsbFC:\Windows\System32\drivers\TsUsbFlt.sys [ 59392]
S3 UsbGLGE CDMA USB GPS NMEA PC:\Windows\System32\drivers\lgx64gps.sys [ 27136]
S3 VCFw;VAIO Content Folder WC:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [ 887000]
S3 VcmIAlzMVAIO Content Metadata Intelligent Analyzing MC:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [ 549616]
S3 VcmINSMVAIO Content Metadata Intelligent Network Service MC:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [ 387896]
S3 VcmXmlIfHVAIO Content Metadata XML IC:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [ 101152]
S3 WatAdminSWindows Activation Technologies SC:\Windows\System32\Wat\WatAdminSvc.exe [ 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper SC:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [ 47128]
S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [ 370024]
=============== Created Last 30 ================
05:18:10    0;   ----a-r-    C:\Users\jenni\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
05:18:10    --------    d-----w-    C:\Program Files (x86)\Trend Micro
15:37:16    0;   ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A724B7E3-B5E6-430A-BD6F-282B298DD51C}\mpengine.dll
01:18:43    0;   ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
14:43:35    0;   ------w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2D12BB1D--9E6A-5AB7B7298401}\gapaengine.dll
21:33:23    --------    d-----w-    C:\EQS61
21:33:19    --------    d-----w-    C:\Program Files (x86)\EQS61
21:30:49    0;   ----a-w-    C:\Windows\IsUninst.exe
20:15:08    --------    d-----w-    C:\ProgramData\SoftSafe
20:15:03    --------    d-----w-    C:\ProgramData\Seayrch-NaeawTab
20:14:58    --------    d-----w-    C:\Program Files (x86)\WebSearch
20:14:50    --------    d-----w-    C:\Program Files (x86)\BrowseToSave
20:14:45    --------    d-----w-    C:\ProgramData\Breowwse2ssave
20:13:18    --------    d-----w-    C:\ProgramData\InstallMate
14:05:43    --------    d-----w-    C:\Program Files (x86)\MSECache
03:27:22    0;   ----a-w-    C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
03:27:22    0;   ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
==================== Find3M  ====================
01:20:50    0;   ----a-w-    C:\Windows\SysWow64\npdeployJava1.dll
01:20:50    0;   ----a-w-    C:\Windows\SysWow64\deployJava1.dll
22:37:21    7;   ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
22:37:21    0;   ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
10:53:22    0;   ------w-    C:\Windows\System32\MpSigStub.exe
21:59:04    0;   ----a-w-    C:\Windows\System32\drivers\MpFilter.sys
21:59:04    0;   ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
01:19:09    0;   ----a-w-    C:\Windows\System32\jscript9.dll
01:12:03    0;   ----a-w-    C:\Windows\System32\wininet.dll
01:11:06    0;   ----a-w-    C:\Windows\System32\inetcpl.cpl
01:07:51    0;   ----a-w-    C:\Windows\System32\ieUnatt.exe
01:07:47    0;   ----a-w-    C:\Windows\System32\vbscript.dll
01:04:42    0;   ----a-w-    C:\Windows\System32\mshtml.tlb
22:11:21    0;   ----a-w-    C:\Windows\SysWow64\jscript9.dll
22:03:20    0;   ----a-w-    C:\Windows\SysWow64\wininet.dll
22:03:12    0;   ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
21:59:02    0;   ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
21:58:29    0;   ----a-w-    C:\Windows\SysWow64\vbscript.dll
21:56:23    0;   ----a-w-    C:\Windows\SysWow64\mshtml.tlb
05:53:43    0;   ----a-w-    C:\Windows\System32\ntoskrnl.exe
05:00:15    0;   ----a-w-    C:\Windows\SysWow64\ntkrnlpa.exe
05:00:11    0;   ----a-w-    C:\Windows\SysWow64\ntoskrnl.exe
05:46:09    0;   ----a-w-    C:\Windows\System32\winsrv.dll
04:51:16    ;   ----a-w-    C:\Windows\SysWow64\wow32.dll
04:43:21    4;   ----a-w-    C:\Windows\apppatch\acwow64.dll
03:26:48    0;   ----a-w-    C:\Windows\System32\win32k.sys
02:47:35    2;   ----a-w-    C:\Windows\SysWow64\setup16.exe
02:47:34    ;   ----a-w-    C:\Windows\SysWow64\instnm.exe
02:47:34    ;   ----a-w-    C:\Windows\SysWow64\user.exe
02:47:33    1;   ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
06:00:54    0;   ----a-w-    C:\Windows\System32\drivers\tcpip.sys
06:00:42    0;   ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
00:52:00    0;   ----a-w-    C:\Windows\System32\nvudisp.exe
00:52:00    0;   ----a-w-    C:\Windows\System32\nvwgf2umx.dll
00:52:00    0;   ----a-w-    C:\Windows\SysWow64\nvwgf2um.dll
00:52:00    0;   ----a-w-    C:\Windows\System32\nvoglv64.dll
00:52:00    0;   ----a-w-    C:\Windows\System32\drivers\nvlddmkm.sys
00:52:00    0;   ----a-w-    C:\Windows\SysWow64\nvoglv32.dll
15:29:23    7;   ----a-w-    C:\Windows\SysWow64\mfc45.dll
17:11:22    4;   ----a-w-    C:\Windows\System32\atmlib.dll
14:45:03    0;   ----a-w-    C:\Windows\System32\atmfd.dll
14:13:28    0;   ----a-w-    C:\Windows\SysWow64\atmfd.dll
14:13:20    3;   ----a-w-    C:\Windows\SysWow64\atmlib.dll
============= FINISH:  0:27:51.94 ===============
Attached Files
& &&15.63KB
&&1 downloads
Back to top
BC AdBot (Login to Remove)
JRed5000 Welcome to The Forums!!Around here they call me Gringo and I'll be glad to help you with your malware problems.Very Important --& Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu & All Programs & Accessories & Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-Security Check-Download Security Check by screen317 from .Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-AdwCleaner-Please download
by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[S1].txt as well.--RogueKiller--Download & SAVE to your Desktop
or Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on "Scan" buttonWait until the Status box shows "Scan Finished"click on "delete"Wait until the Status box shows "Deleting Finished"Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me KnowIf I Have Not Replied To One Of My Topics In 48 Hrs
Please Bump The TopicMy help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --&&-- Don't worry every little bit helps.Proud Graduate Of
Back to top
Thank you so much for your help. I've run the programs as requested, here are the logfiles: checkup.txt Results of screen317's Security Check version 0.99.61   Windows 7 Service Pack 1 x64 (UAC is enabled)   Internet Explorer 9  ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled!  Microsoft Security Essentials    Antivirus up to date!  `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.6.602.180   Adobe Reader 9 Adobe Reader out of Date! Adobe Reader 10.1.6 Adobe Reader out of Date!   Mozilla Firefox (19.0.2)````````Process Check: objlist.exe by Laurent````````   Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe`````````````````System Health check````````````````` Total Fragmentation on Drive C: 2%````````````````````End of Log``````````````````````AdwCleaner[S1].txt# AdwCleaner v2.114 - Logfile created 03/16/2013 at 01:10:09# Updated 05/03/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : jenni - DAPUTER# Boot Mode : Normal# Running from : C:\Users\jenni\Downloads\adwcleaner.exe# Option [Delete]***** [Services] ********** [Files / Folders] *****Folder Deleted : C:\ProgramData\InstallMateFolder Deleted : C:\ProgramData\Partner***** [Registry] *****Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\websea~1\sprote~1.dllKey Deleted : HKCU\Software\AppDataLow\SProtectorKey Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Deleted : HKLM\Software\SP GlobalKey Deleted : HKLM\Software\SProtectorKey Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C--73315F71CFFE}***** [Internet Browsers] *****-\\ Internet Explorer v9.0.Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch./?pid=95&r=&hid=&lg=EN&cc=US --& hxxp://-\\ Mozilla Firefox v19.0.2 (en-US)File : C:\Users\jenni\AppData\Roaming\Mozilla\Firefox\Profiles\kuugd2jw.default-8\prefs.jsDeleted : user_pref("aol_toolbar.default.homepage.check", false);Deleted : user_pref("aol_toolbar.default.search.check", false);Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");-\\ Google Chrome v [Unable to get version]File : C:\Users\jenni\AppData\Local\Google\Chrome\User Data\Default\PreferencesDeleted [l.454] : homepage = "hxxp://websearch./?pid=95&r=&hid=&lg=EN&cc=US",*************************AdwCleaner[S1].txt - [2643 octets] - [16/03/:09]########## EOF - C:\AdwCleaner[S1].txt - [2703 octets] ##########   RKreport[2]_D_d0118.txt RogueKiller V8.5.3 [Mar 13 2013] by Tigzymail : tigzyRK&at&gmail&dot&comFeedback : Website : Blog : Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : jenni [Admin rights]Mode : Remove -- Date : 03/16/:25| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK] HKLM\[...]\NewStartPanel : {f72-44a7-89c5-ee} (1) -& REPLACED (0)[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA--D} (1) -& REPLACED (0)¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--& C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: ST9500325AS +++++--- User ---[MBR] 55ca98b0[BSP] 713acec5972 : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 8650 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors):
| Size: 100 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors):
| Size: 468188 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : && RKreport[2]_D_d0118.txt &&RKreport[1]_S_d0116. RKreport[2]_D_d0118.txt 
Back to top
JRed5000 I Would like you to do the following.Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the
(Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out
or Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts.When finished, it will produce a report for you.Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me KnowIf I Have Not Replied To One Of My Topics In 48 Hrs
Please Bump The TopicMy help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here --&&-- Don't worry every little bit helps.Proud Graduate Of
Back to top
No problems running combofix. So far computer seems fine, I'll keep an eye on it for the next few days and let you know if notice anything. Also, I noticed while combofix was running that it deleted a program called 'E-Prime'. This is a tool I know my Gf uses regularly, I think she can just reinstall it, but in case the directory deleted contained anything important, is there any way to recover the files? Thanks again for your help.
Combofix log:
ComboFix 13-03-16.01 - jenni 03/16/;  1:44.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.2.1.4.2454 [GMT -5:00]
Running from: c:\users\jenni\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3FA2-C958-E30C-E}
SP: Microsoft Security Essentials *Disabled/Updated* {84E2-C6D6-D9BC-D9F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
c:\program files (x86)\pst
c:\program files (x86)\pst\E-Prime 2.0\Documentation\GettingStartedGuide.pdf
c:\program files (x86)\pst\E-Prime 2.0\Documentation\NewFeaturesGuide.pdf
c:\program files (x86)\pst\E-Prime 2.0\Documentation\readme.txt
c:\program files (x86)\pst\E-Prime 2.0\Documentation\ReferenceGuide.pdf
c:\program files (x86)\pst\E-Prime 2.0\Documentation\UsersGuide.pdf
c:\program files (x86)\pst\E-Prime 2.0\mfc71.dll
c:\program files (x86)\pst\E-Prime 2.0\mfc71u.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\ActivateBetaWizard.exe
c:\program files (x86)\pst\E-Prime 2.0\Program\ActivateBetaWizard.XmlSerializers.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\AxScriptLib.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\ClockExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\Program\CodecConfig.exe
c:\program files (x86)\pst\E-Prime 2.0\Program\Components\DeviceHelpers.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Components\E-ObjectLogging.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Components\E-StudioHelpers.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Components\E-Upgrade.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Components\PSTControls.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\CoreExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\Program\Devices\DisplayDevice.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Devices\JoystickDevice.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Devices\KeyboardDevice.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Devices\MouseDevice.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Devices\ParallelPortDevice.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Devices\PortDevice.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Devices\SerialDevice.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Devices\SocketDevice.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Devices\SoundCaptureDevice.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Devices\SoundDevice.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Devices\SRBoxDevice.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\DisplayExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Basic.chm
c:\program files (x86)\pst\E-Prime 2.0\Program\E-DataAid.chm
c:\program files (x86)\pst\E-Prime 2.0\Program\E-DataAid.exe
c:\program files (x86)\pst\E-Prime 2.0\Program\E-DataAidCSH.chm
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Merge.chm
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Merge.exe
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Objects\ImageDisplay.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Objects\InLine.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Objects\Label.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Objects\List.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Objects\MovieDisplay.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Objects\PackageCall.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Objects\Procedure.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Objects\Slide.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Objects\SoundIn.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Objects\SoundOut.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Objects\TextDisplay.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Objects\Wait.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Recovery.chm
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Recovery.exe
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Run.exe
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Runtime.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Studio.chm
c:\program files (x86)\pst\E-Prime 2.0\Program\E-Studio.exe
c:\program files (x86)\pst\E-Prime 2.0\Program\EDataAidAnalysisMacros.xla
c:\program files (x86)\pst\E-Prime 2.0\Program\FactorExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\Program\FactorTableWizard.xls
c:\program files (x86)\pst\E-Prime 2.0\Program\hasp_net_windows.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\hasp_net_windows_x64.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\hasp_net_windows_x64.dll.manifest
c:\program files (x86)\pst\E-Prime 2.0\Program\hasp_windows_50978.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\hasp_windows_x64_50978.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\ICSharpCode.SharpZipLib.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Interop.MSXML.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\JoystickExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\Program\KeyboardExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\Program\keywords.ini
c:\program files (x86)\pst\E-Prime 2.0\Program\LicenseManager.exe
c:\program files (x86)\pst\E-Prime 2.0\Program\MouseExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\Program\PackageFileEditor.exe
c:\program files (x86)\pst\E-Prime 2.0\Program\PackageFileEditor.exe.manifest
c:\program files (x86)\pst\E-Prime 2.0\Program\ParallelPortExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\Program\PortExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\mon.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Pst.EPrime.ActivateBeta.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\mon.MachineInfo.Interop.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Pst.EPrime.EStudio.Packages.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Pst.EPrime.EStudio.StartupInfo.Data.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Pst.EPrime.EStudio.StartupInfo.UI.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Pst.Gui.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\PSTNCM22.DLL
c:\program files (x86)\pst\E-Prime 2.0\Program\PSTNCX22.DLL
c:\program files (x86)\pst\E-Prime 2.0\Program\PSTNDC22.DLL
c:\program files (x86)\pst\E-Prime 2.0\Program\PSTNDD22.DLL
c:\program files (x86)\pst\E-Prime 2.0\Program\PSTNDG22.DLL
c:\program files (x86)\pst\E-Prime 2.0\Program\PSTNOL22.DLL
c:\program files (x86)\pst\E-Prime 2.0\Program\PSTNPB22.DLL
c:\program files (x86)\pst\E-Prime 2.0\Program\PSTNRN22.DLL
c:\program files (x86)\pst\E-Prime 2.0\Program\PSTNTL22.DLL
c:\program files (x86)\pst\E-Prime 2.0\Program\PSTNUASM.DLL
c:\program files (x86)\pst\E-Prime 2.0\Program\RuntimeAudio.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\Script.ocx
c:\program files (x86)\pst\E-Prime 2.0\Program\ScriptLib.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\SerialExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\Program\SharpZipLib.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\SNTPClockExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\Program\SocketExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\Program\SoundExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\Program\SRBoxExtension.ebn
c:\program files (x86)\pst\E-Prime 2.0\Program\StartupInfoEditor.exe
c:\program files (x86)\pst\E-Prime 2.0\Program\vc6-re200l.dll
c:\program files (x86)\pst\E-Prime 2.0\Program\WebRequest.dll
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\BasicRT\BasicRT.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\Box.mpg
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\Cylinder.mpg
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\Face.mpg
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\MovieRT.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\MovieRT\Perception.mpg
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\MultipleDisplayRT\MultipleDisplayRT.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\NestingRT\NestingRT.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\NestingXRT\NestingXRT.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\PictureRT\BlueCar.bmp
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\PictureRT\PictureRT.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\PictureRT\RedCar.bmp
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\down.bmp
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\left.bmp
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\right.bmp
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\SlideRT.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\SlideRT\up.bmp
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\SoundRT\APPLEF.WAV
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\SoundRT\CANARYF.WAV
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Samples\SoundRT\SoundRT.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Bob.WAV
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\CANARYF.WAV
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\cigars.MPG
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\cigars.wav
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\MovieTutorial.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\PictureTutorial.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\ScriptTutorial.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\SoundTutorial.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-1-1.edat2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-2-1.edat2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-3-1.edat2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-4-1.edat2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial-5-1.edat2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Originals\Tutorial.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-1-1.edat2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-2-1.edat2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-3-1.edat2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-4-1.edat2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Data\Tutorial-5-1.edat2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\E-BasicExample.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\E-BasicSoundExample.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Female.bmp
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Female.jpg
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\flowers.MPG
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\flowers.wav
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\laundry.MPG
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\laundry.wav
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Linda.WAV
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Male.bmp
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Male.jpg
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\RedCar.bmp
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\sports.MPG
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\sports.wav
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Tones.wav
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\LexicalDecision001.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage2-LexicalDecision001.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage3-LexicalDecision001.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage3-MethodA-LexicalDecision001.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage3-MethodB-LexicalDecision001.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage3-MethodC-LexicalDecision001.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage4-ChangeTrialProc-LexicalDecision001.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage4-LexicalDecision001.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage4-NestedBlockList-LexicalDecision001.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage5-LexicalDecision001.es2
c:\program files (x86)\pst\E-Prime 2.0\Samples and Tutorials\Tutorials\Using E-Studio Stages\Stage6-LexicalDecision001.es2
c:\program files (x86)\pst\E-Prime 2.0\Templates\Basic (Professional).es2
c:\program files (x86)\pst\E-Prime 2.0\Templates\Basic.es2
c:\program files (x86)\pst\E-Prime 2.0\Templates\Blank (Professional).es2
c:\program files (x86)\pst\E-Prime 2.0\Templates\Blank.es2
c:\program files (x86)\pst\E-Prime 2.0\Templates\template.xml
c:\windows\security\Database\tmp.edb
(((((((((((((((((((((((((   Files Created from
to   )))))))))))))))))))))))))))))))
06:51    --------    d-----w-    c:\users\Default\AppData\Local\temp
05:18    0;   ----a-r-    c:\users\jenni\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
05:18    --------    d-----w-    c:\program files (x86)\Trend Micro
00:28    0;   ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A724B7E3-B5E6-430A-BD6F-282B298DD51C}\mpengine.dll
01:20    --------    d-----w-    c:\program files (x86)\Java
00:28    0;   ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
02:11    0;   ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2D12BB1D--9E6A-5AB7B7298401}\gapaengine.dll
21:33    --------    d-----w-    C:\EQS61
21:33    --------    d-----w-    c:\program files (x86)\EQS61
23:33    0;   ----a-w-    c:\windows\IsUninst.exe
20:15    --------    d-----w-    c:\programdata\SoftSafe
20:15    --------    d-----w-    c:\programdata\Seayrch-NaeawTab
20:14    --------    d-----w-    c:\program files (x86)\WebSearch
06:11    --------    d-----w-    c:\program files (x86)\BrowseToSave
05:06    --------    d-----w-    c:\programdata\Breowwse2ssave
14:05    --------    d-----w-    c:\program files (x86)\MSECache
01:10    0;   ----a-w-    c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
22:01    0;   ----a-w-    c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
14:57    0;   ----a-w-    c:\windows\SysWow64\npdeployJava1.dll
21:55    0;   ----a-w-    c:\windows\SysWow64\deployJava1.dll
19:49    0;   ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
19:56    7;   ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
23:14    0;   ----a-w-    c:\windows\system32\MRT.exe
22:45    0;   ------w-    c:\windows\system32\MpSigStub.exe
21:59    0;   ----a-w-    c:\windows\system32\drivers\MpFilter.sys
20:25    0;   ----a-w-    c:\windows\system32\drivers\NisDrvWFP.sys
23:02    0;   ----a-w-    c:\windows\system32\ntoskrnl.exe
23:02    0;   ----a-w-    c:\windows\SysWow64\ntkrnlpa.exe
23:02    0;   ----a-w-    c:\windows\SysWow64\ntoskrnl.exe
23:02    0;   ----a-w-    c:\windows\system32\winsrv.dll
23:02    ;   ----a-w-    c:\windows\SysWow64\wow32.dll
23:02    4;   ----a-w-    c:\windows\apppatch\acwow64.dll
23:02    0;   ----a-w-    c:\windows\system32\win32k.sys
23:02    2;   ----a-w-    c:\windows\SysWow64\setup16.exe
23:02    ;   ----a-w-    c:\windows\SysWow64\instnm.exe
23:02    ;   ----a-w-    c:\windows\SysWow64\user.exe
23:02    1;   ----a-w-    c:\windows\SysWow64\ntvdm64.dll
23:02    0;   ----a-w-    c:\windows\system32\drivers\tcpip.sys
23:02    0;   ----a-w-    c:\windows\system32\drivers\FWPKCLNT.SYS
00:52    0;   ----a-w-    c:\windows\system32\nvudisp.exe
00:52    0;   ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
00:52    0;   ----a-w-    c:\windows\system32\nvoglv64.dll
00:52    0;   ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys
00:52    0;   ----a-w-    c:\windows\SysWow64\nvoglv32.dll
19:48    0;   ----a-w-    c:\windows\system32\nvwgf2umx.dll
00:51    0;   ----a-w-    c:\windows\system32\nvcuvid.dll
00:51    0;   ----a-w-    c:\windows\SysWow64\nvcuvid.dll
00:51    0;   ----a-w-    c:\windows\system32\nvdecodemft.dll
00:51    0;   ----a-w-    c:\windows\SysWow64\nvdecodemft.dll
00:51    0;   ----a-w-    c:\windows\system32\nvcod189.dll
00:51    0;   ----a-w-    c:\windows\system32\nvcod.dll
00:51    0;   ----a-w-    c:\windows\system32\nvcuda.dll
00:51    0;   ----a-w-    c:\windows\SysWow64\nvcuda.dll
00:51    0;   ----a-w-    c:\windows\SysWow64\nvencodemft.dll
00:51    0;   ----a-w-    c:\windows\SysWow64\nvcuvenc.dll
19:48    0;   ----a-w-    c:\windows\system32\nvd3dumx.dll
19:48    0;   ----a-w-    c:\windows\SysWow64\nvd3dum.dll
19:48    0;   ----a-w-    c:\windows\system32\nvapi64.dll
19:48    0;   ----a-w-    c:\windows\SysWow64\nvapi.dll
15:29    7;   ----a-w-    c:\windows\SysWow64\mfc45.dll
09:01    4;   ----a-w-    c:\windows\system32\atmlib.dll
09:01    0;   ----a-w-    c:\windows\system32\atmfd.dll
09:01    0;   ----a-w-    c:\windows\SysWow64\atmfd.dll
09:01    3;   ----a-w-    c:\windows\SysWow64\atmlib.dll
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [ 80384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [ 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [ 597792]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [ 91520]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [ 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [ 946352]
"IAStorIcon"="c:\program files (x86)\Intel\Intel& Rapid Storage Technology\IAStorIcon.exe" [ 284696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [ 152544]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [ 1081632]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [ 542264]
Sony MSS.lnk - c:\program files (x86)\Sony\MSS\3.0.271\SSScheduler.exe [ 274328]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
03:20    9;   ----a-w-    c:\windows\System32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [ 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [ 362992]
R3Bluetooth USB Fc:\windows\system32\drivers\btusbflt.sys [ 52264]
R3 btwl2Bluetooth L2CAP Sc:\windows\system32\DRIVERS\btwl2cap.sys [ 35104]
R3 IIc:\windows\system32\drivers\Impcd.sys [ 151040]
R3 McComponentHostServiceSMcAfee Security Scan Component Host Service for Sc:\program files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [ 237328]
R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [ ]
R3 NisDMicrosoft Network Inspection Sc:\windows\system32\DRIVERS\NisDrvWFP.sys [ 130008]
R3 NisSMicrosoft Network Ic:\program files\Microsoft Security Client\NisSrv.exe [ 379360]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [ 313840]
R3 SOHCIVAIO Media plus Content Ic:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [ 108400]
R3 SOHDVAIO Media plus Digital Media Sc:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [ 423280]
R3 SOHDs;VAIO Media plus Device Sc:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [ 67952]
R3 SpfSVAIO Entertainment Common Sc:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [ 286936]
R3 TsUsbFTsUsbFc:\windows\system32\drivers\tsusbflt.sys [ 59392]
R3 UsbGLGE CDMA USB GPS NMEA Pc:\windows\system32\DRIVERS\lgx64gps.sys [ 27136]
R3 VCFw;VAIO Content Folder Wc:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [ 887000]
R3 VcmIAlzMVAIO Content Metadata Intelligent Analyzing Mc:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [ 549616]
R3 VcmINSMVAIO Content Metadata Intelligent Network Service Mc:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [ 387896]
R3 VcmXmlIfHVAIO Content Metadata XML Ic:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [ 101152]
R3 WatAdminSWindows Activation Technologies Sc:\windows\system32\Wat\WatAdminSvc.exe [ 1255736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Sc:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [ 47128]
R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [ 370024]
S0 PRTDRV;PRTDRV;c:\windows\System32\Drivers\PRTDRV.sys [ 29736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [ 55280]
S2c:\windows\system32\drivers\aksdf.sys [ 71040]
S2Sentinel HASP License Mc:\windows\system32\hasplms.exe  -run [x]
S2 IAStorDataMgrSIntel& Rapid Storage Tc:\program files (x86)\Intel\Intel& Rapid Storage Technology\IAStorDataMgrSvc.exe [ 13336]
S2 Oasis2SOasis2Sc:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [ 60416]
S2 PMBDeviceInfoPPMBDeviceInfoPc:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [ 360224]
S2c:\windows\system32\drivers\rimssne64.sys [ 93696]
S2c:\windows\system32\drivers\risdsne64.sys [ 75776]
S2 SampleCVAIO Care Performance Sc:\program files\Sony\VAIO Care\VCPerfService.exe [ 156672]
S2 uCamMCamMc:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [ 104960]
S2Cisco AnyConnect VPN Ac:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [ 641464]
S3 ArcSoftKsUFArcSoft Magic-I Visual Ec:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [ 19968]
S3 SFEP;Sony Firmware Extension Pc:\windows\system32\drivers\SFEP.sys [ 11392]
S3 VAIO Power MVAIO Power Mc:\program files\Sony\VAIO Power Management\SPMService.exe [ 571248]
S3 VCSVCSc:\program files\Sony\VAIO Care\VCService.exe [ 54760]
S3 VUAVUAc:\program files\Sony\VAIO Update\VUAgent.exe [ 1286784]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Cc:\windows\system32\DRIVERS\yk62x64.sys [ 395264]
Contents of the 'Scheduled Tasks' folder
c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [ 22:37]
--------- X64 Entries -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [ ]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [ 1281512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [ ]
------- Supplementary Scan -------
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp:///ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp:///ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\jenni\AppData\Roaming\Mozilla\Firefox\Profiles\kuugd2jw.default-8\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: keyword.URL - hxxp:///search?ie=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL:
01:04; {CAFEEFAC-33-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-33-ABCDEFFEDCBA}
FF - ExtSQL:
01:04; {CAFEEFAC-35-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-35-ABCDEFFEDCBA}
FF - ExtSQL:
01:04; {CAFEEFAC-37-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-37-ABCDEFFEDCBA}
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{0645CAC4-9AF0-9F2E-4FD4-C64} - c:\progra~3\INSTAL~1\{0EBC7~1\Setup.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=10000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 & Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY
