Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Packed.Win32.tdss.z Trojan


  • This topic is locked This topic is locked
7 replies to this topic

#1 kerkor

kerkor

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 14 September 2009 - 12:46 PM

Kaspersky system scan is finding this but it is unable to remove it. When I google, links are hijaked.
Attach.txt and Root Repeal log are attached.
Please any help would be so much appreciated!

DDS.txt File Contents:


DDS (Ver_09-07-30.01) - NTFSx86
Run by kerri at 9:57:14.77 on Mon 09/14/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_04
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.3062.1381 [GMT -6:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\Magic-i Visual Effects.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\kerri\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: {bfb735d8-6524-4121-8985-ff847480de16} - No File
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\kerri\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
mRun: [VAIOSurvey] c:\program files\sony\vaio survey\Vista VAIO Survey.exe
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe" 1
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_04\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire\Corel PhotoDownloader.exe
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
StartupFolder: c:\users\kerri\appdata\roaming\micros~1\windows\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~2.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobea~1.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\magic-~1.lnk - c:\program files\arcsoft\magic-i visual effects\Magic-i Visual Effects.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
Notify: PCANotify - PCANotify.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\programdata\neyifiwa\neyifiwa.dll ,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
LSA: Notification Packages = scecli c:\programdata\neyifiwa\neyifiwa.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\kerri\appdata\roaming\mozilla\firefox\profiles\lnsuaxgf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\users\kerri\appdata\roaming\mozilla\firefox\profiles\lnsuaxgf.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\kerri\appdata\roaming\mozilla\firefox\profiles\lnsuaxgf.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-5-15 21008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-10-8 16640]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-5-16 19472]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-8-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-8-18 43904]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-18 812544]
S3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe --> c:\cygwin\bin\cygrunsrv.exe [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S3 Tomcat6;Apache Tomcat;c:\tomcat6\bin\tomcat6.exe //rs//tomcat6 --> c:\tomcat6\bin\tomcat6.exe [?]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-11-1 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-11-1 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-11-1 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-8-18 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-8-18 79736]

=============== Created Last 30 ================

2009-09-14 09:41 97,800 ac------ c:\windows\system32\infocardapi.dll
2009-09-14 09:41 105,016 ac------ c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-14 09:41 622,080 ac------ c:\windows\system32\icardagt.exe
2009-09-14 09:41 43,544 ac------ c:\windows\system32\PresentationHostProxy.dll
2009-09-14 09:41 37,384 ac------ c:\windows\system32\infocardcpl.cpl
2009-09-14 09:41 11,264 ac------ c:\windows\system32\icardres.dll
2009-09-14 09:41 781,344 ac------ c:\windows\system32\PresentationNative_v0300.dll
2009-09-14 09:41 326,160 ac------ c:\windows\system32\PresentationHost.exe
2009-09-14 09:37 102 ac-sh--- c:\windows\klif.spi
2009-09-12 16:27 604,140 ac-sh--- c:\windows\system32\drivers\ISwift3.dat
2009-09-12 16:26 107,547 ac------ c:\windows\system32\drivers\klin.dat
2009-09-12 16:26 95,259 ac------ c:\windows\system32\drivers\klick.dat
2009-09-12 16:24 <DIR> -cd----- c:\programdata\Kaspersky Lab
2009-09-12 16:24 <DIR> -cd----- c:\program files\Kaspersky Lab
2009-09-12 16:24 <DIR> -cd----- c:\progra~2\Kaspersky Lab
2009-09-12 16:23 <DIR> -cd----- c:\programdata\Kaspersky Lab Setup Files
2009-09-12 16:23 <DIR> -cd----- c:\progra~2\Kaspersky Lab Setup Files
2009-09-09 10:31 313,344 ac------ c:\windows\system32\wmpdxm.dll
2009-09-09 10:31 7,680 ac------ c:\windows\system32\spwmp.dll
2009-09-09 10:31 4,096 ac------ c:\windows\system32\msdxm.ocx
2009-09-09 10:31 4,096 ac------ c:\windows\system32\dxmasf.dll
2009-09-09 10:31 8,147,456 ac------ c:\windows\system32\wmploc.DLL
2009-09-09 10:31 43,520 ac------ c:\windows\system32\msdxm.tlb
2009-09-09 10:31 18,432 ac------ c:\windows\system32\amcompat.tlb
2009-09-08 20:09 <DIR> -cd----- c:\programdata\Office Genuine Advantage
2009-09-08 16:27 <DIR> -cd----- c:\program files\Windows Police Pro
2009-09-05 08:27 64 a--sh--- C:\desktop.ini
2009-09-05 08:16 54,156 ac--h--- c:\windows\QTFont.qfn
2009-09-05 08:16 1,409 ac------ c:\windows\QTFont.for
2009-09-05 06:54 96,760 ac------ c:\windows\system32\dfshim.dll
2009-09-05 06:54 282,112 ac------ c:\windows\system32\mscoree.dll
2009-09-05 06:54 41,984 ac------ c:\windows\system32\netfxperf.dll
2009-09-05 06:53 158,720 ac------ c:\windows\system32\mscorier.dll
2009-09-05 06:53 83,968 ac------ c:\windows\system32\mscories.dll
2009-09-04 19:20 268,974,373 a------- c:\windows\MEMORY.DMP
2009-09-04 11:14 28,672 ac------ c:\windows\system32\Apphlpdm.dll
2009-09-04 11:14 4,240,384 ac------ c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-04 11:04 784,896 ac------ c:\windows\system32\rpcrt4.dll
2009-09-04 10:15 <DIR> -cd----- c:\programdata\Spybot - Search & Destroy
2009-09-04 10:15 <DIR> -cd----- c:\program files\Spybot - Search & Destroy
2009-09-04 10:15 <DIR> -cd----- c:\progra~2\Spybot - Search & Destroy
2009-09-04 09:06 <DIR> -cd----- c:\users\kerri\www.dustydogcreations.com
2009-09-03 19:56 <DIR> -cd----- c:\programdata\NortonInstaller
2009-09-03 19:56 <DIR> -cd----- c:\progra~2\NortonInstaller
2009-09-02 13:49 <DIR> -cd----- c:\users\kerri\www.postersofsantafe.com

==================== Find3M ====================

2009-09-12 19:05 110,344 ac------ C:\TDSSKiller.exe
2009-09-12 16:25 86,016 a------- c:\windows\inf\infstor.dat
2009-09-12 16:25 51,200 a------- c:\windows\inf\infpub.dat
2009-09-12 16:25 143,360 a------- c:\windows\inf\infstrng.dat
2009-08-28 06:39 173,056 ac------ c:\windows\apppatch\AcXtrnal.dll
2009-08-28 06:38 2,153,984 ac------ c:\windows\apppatch\AcGenral.dll
2009-08-28 06:38 541,696 ac------ c:\windows\apppatch\AcLayers.dll
2009-08-28 06:38 459,776 ac------ c:\windows\apppatch\AcSpecfc.dll
2009-07-03 15:48 219,664 ac------ c:\windows\system32\klogon.dll
2009-04-16 21:29 174 a--sh--- c:\program files\desktop.ini
2009-04-16 21:06 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-16 21:54 32 ac------ c:\programdata\ezsid.dat
2008-01-16 21:54 32 ac------ c:\progra~2\ezsid.dat
2006-11-02 06:42 287,440 ac------ c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 06:42 287,440 ac------ c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 06:42 30,674 ac------ c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 06:42 30,674 ac------ c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 03:20 287,440 ac------ c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 03:20 287,440 ac------ c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 03:20 30,674 ac------ c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 03:20 30,674 ac------ c:\windows\inf\perflib\0000\perfc.dat
2008-01-22 10:14 16,384 ac-sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-01-22 10:14 32,768 ac-sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-01-22 10:14 16,384 ac-sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2007-08-18 08:03 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 9:58:09.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kerkor

kerkor
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 20 September 2009 - 04:17 PM

bump

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take a while to get a response but your log will be reviewed and answered as soon as possible.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 24 September 2009 - 09:38 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:35 PM

Posted 30 September 2009 - 07:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Pleaseinclude a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 kerkor

kerkor
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 02 October 2009 - 10:00 AM

First thank you for your response. My computer is still infected and Kaspersky still finds the trojan. My google searches are being hijaked. I pretty much haven't used the computer much at all.

Here is the OTL.txt log:
OTL logfile created on: 10/2/2009 8:56:49 AM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Users\kerri\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.67% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67.32 Gb Total Space | 28.73 Gb Free Space | 42.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KVAIO
Current User Name: kerri
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/10/29 00:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2005/04/04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
PRC - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/02/25 22:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/07/24 20:26:38 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/05/31 10:32:14 | 00,551,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/06/15 13:45:20 | 00,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007/06/28 09:52:48 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/15 09:12:26 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe
PRC - [2007/06/28 09:53:00 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/07/24 20:26:38 | 00,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/28 09:53:02 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/07/03 10:07:46 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2007/07/03 10:09:28 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007/07/12 12:31:34 | 00,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
PRC - [2007/03/07 20:38:14 | 00,835,584 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/12/14 04:42:38 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
PRC - [2007/06/14 09:40:46 | 00,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/06/26 11:28:38 | 00,137,752 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2007/11/02 19:36:42 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/06/11 19:27:14 | 00,317,560 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/07/03 10:05:42 | 00,154,136 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2005/04/04 19:58:30 | 00,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 19:58:30 | 03,502,080 | ---- | M] () -- C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2004/12/14 03:12:02 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PRC - [2004/12/14 03:12:02 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\acrotray.exe
PRC - [2009/07/18 15:39:09 | 00,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2007/12/12 16:20:48 | 21,686,568 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2007/07/03 10:09:28 | 00,252,440 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2007/05/22 17:57:26 | 02,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/01/19 01:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2007/06/19 14:47:38 | 00,330,496 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\Magic-i Visual Effects.exe
PRC - [2008/01/19 01:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2006/06/22 15:15:48 | 00,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2009/07/03 15:45:24 | 00,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
PRC - [2008/01/19 01:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/03/02 20:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe
PRC - [2007/02/27 21:21:10 | 00,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/01/24 00:14:10 | 00,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007/04/26 15:53:38 | 00,274,432 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2009/05/26 21:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
PRC - [2007/11/02 19:36:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/12/14 04:42:37 | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe
PRC - [2008/01/19 01:38:32 | 00,319,544 | ---- | M] (Microsoft Corporation) -- c:\program files\windows defender\MpCmdRun.exe
PRC - [2008/01/19 01:33:32 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Taskmgr.exe
PRC - [2009/10/02 08:55:23 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Users\kerri\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/01/04 20:57:37 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/04/04 19:58:28 | 00,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2 [Auto | Running])
SRV - [2007/10/31 15:09:16 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/07/03 15:56:14 | 00,303,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP [Auto | Running])
SRV - File not found -- -- (BrlAPI [On_Demand | Stopped])
SRV - [2008/07/27 12:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/19 01:36:53 | 01,013,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2007/11/01 09:53:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/06/19 19:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/04/06 20:47:18 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 19:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/11/02 19:36:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/12/14 03:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2008/06/19 19:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/12/14 02:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2006/12/14 03:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Stopped])
SRV - File not found -- -- (Tomcat6 [On_Demand | Stopped])
SRV - [2007/02/25 22:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])
SRV - [2007/06/28 09:53:04 | 00,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service [On_Demand | Stopped])
SRV - [2007/07/24 20:26:38 | 00,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service [Auto | Running])
SRV - [2007/06/20 16:35:06 | 02,523,136 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer [On_Demand | Stopped])
SRV - [2007/06/20 16:34:50 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP [On_Demand | Stopped])
SRV - [2007/06/20 16:34:50 | 01,089,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP [On_Demand | Stopped])
SRV - [2007/06/20 16:34:52 | 00,499,712 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway [On_Demand | Stopped])
SRV - [2007/01/10 17:51:06 | 00,745,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer [On_Demand | Stopped])
SRV - [2007/06/20 16:34:50 | 00,397,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP [On_Demand | Stopped])
SRV - [2007/06/20 16:34:50 | 01,089,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP [On_Demand | Stopped])
SRV - [2007/07/13 11:55:56 | 00,292,152 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr [On_Demand | Stopped])
SRV - [2007/07/05 18:43:04 | 00,079,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper [On_Demand | Stopped])
SRV - [2007/06/28 09:52:48 | 00,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw [On_Demand | Running])
SRV - [2007/06/28 09:53:00 | 00,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc [Auto | Running])
SRV - [2007/06/28 09:53:02 | 00,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw [Auto | Running])
SRV - [2008/01/19 01:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/19 01:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
SRV - [2007/06/15 09:12:26 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.exe -- (XAudioService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/01/18 23:53:31 | 00,045,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2006/11/02 03:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 03:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 03:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 03:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 03:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 03:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 03:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2007/05/30 19:14:58 | 00,016,640 | ---- | M] (ArcSoft, Inc.) -- C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter [On_Demand | Running])
DRV - [2008/01/18 23:53:31 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2008/01/18 23:53:26 | 00,014,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\avcstrm.sys -- (AVCSTRM [On_Demand | Stopped])
DRV - [2006/11/02 02:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 02:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 02:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 02:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 02:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 02:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2007/06/14 13:02:13 | 00,009,336 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp [System | Running])
DRV - [2007/06/14 13:02:13 | 00,009,464 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k [System | Running])
DRV - [2006/11/02 03:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2007/06/27 20:29:58 | 00,010,216 | ---- | M] (Sony Corporation) -- C:\Windows\System32\DRIVERS\DMICall.sys -- (DMICall [System | Running])
DRV - [2006/11/02 01:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2006/11/02 03:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2006/09/19 15:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/02 03:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2006/11/02 01:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\VSTAZL3.SYS -- (HSFHWAZL [On_Demand | Stopped])
DRV - [2007/06/15 09:12:17 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/06/15 09:12:14 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSXHWAZL.sys -- (HSXHWAZL [On_Demand | Running])
DRV - [2006/11/02 03:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2007/06/26 10:53:36 | 01,776,128 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Running])
DRV - [2006/11/02 03:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2006/11/02 03:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 03:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2009/06/15 14:01:00 | 00,128,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\DRIVERS\kl1.sys -- (kl1 [System | Running])
DRV - [2008/12/15 20:41:32 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\Windows\system32\drivers\klbg.sys -- (klbg [Boot | Running])
DRV - [2009/09/12 16:24:16 | 00,280,592 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\DRIVERS\klif.sys -- (KLIF [System | Running])
DRV - [2009/05/15 18:50:22 | 00,021,008 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\DRIVERS\klim6.sys -- (KLIM6 [System | Running])
DRV - [2009/05/16 20:59:34 | 00,019,472 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\DRIVERS\klmouflt.sys -- (klmouflt [On_Demand | Running])
DRV - [2006/11/02 03:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 03:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 03:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2007/06/15 09:12:17 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/11/02 03:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2006/11/02 03:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2008/01/18 23:53:28 | 00,052,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2008/01/18 23:53:28 | 00,050,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\mstape.sys -- (MSTAPE [On_Demand | Stopped])
DRV - [2007/06/30 05:04:02 | 02,222,080 | ---- | M] (Intel Corporation) -- C:\Windows\System32\DRIVERS\NETw4v32.sys -- (NETw4v32 [On_Demand | Running])
DRV - [2006/11/02 03:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2006/11/02 01:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2006/11/02 03:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 03:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2007/06/14 13:02:13 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/02 03:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 03:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2007/04/19 07:07:25 | 00,073,472 | ---- | M] (Ricoh) -- C:\Windows\System32\Drivers\R5U870FLx86.sys -- (R5U870FLx86 [On_Demand | Running])
DRV - [2007/04/19 07:07:25 | 00,043,904 | ---- | M] (Ricoh) -- C:\Windows\System32\Drivers\R5U870FUx86.sys -- (R5U870FUx86 [On_Demand | Running])
DRV - [2007/04/17 21:09:28 | 00,011,032 | ---- | M] (InterVideo) -- C:\Windows\System32\drivers\regi.sys -- (regi [Auto | Running])
DRV - [2007/01/18 10:24:58 | 00,026,496 | ---- | M] (Research in Motion Ltd) -- C:\Windows\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
DRV - [2008/01/18 23:57:15 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2007/07/06 04:26:40 | 00,084,480 | ---- | M] (Realtek Corporation ) -- C:\Windows\System32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2006/11/02 00:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 03:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 03:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2006/11/06 01:09:26 | 00,027,520 | ---- | M] (Sony Corporation) -- C:\Windows\System32\Drivers\SonyNC.sys -- (SNC [On_Demand | Running])
DRV - [2006/11/02 03:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 03:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 03:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2007/03/07 20:38:05 | 00,181,560 | ---- | M] (Synaptics, Inc.) -- C:\Windows\System32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/10/01 06:37:02 | 00,026,624 | ---- | M] (The OpenVPN Project) -- C:\Windows\System32\DRIVERS\tap0801.sys -- (tap0801 [On_Demand | Stopped])
DRV - [2007/05/28 07:11:00 | 00,046,992 | ---- | M] (UPEK Inc.) -- C:\Windows\System32\Drivers\tcusb.sys -- (TcUsb [On_Demand | Stopped])
DRV - [2007/06/05 06:17:29 | 00,812,544 | ---- | M] (Texas Instruments) -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony [On_Demand | Running])
DRV - [2006/10/10 20:33:00 | 00,041,600 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\DRIVERS\tosporte.sys -- (tosporte [On_Demand | Running])
DRV - [2007/04/24 14:20:06 | 00,113,920 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\DRIVERS\tosrfbd.sys -- (tosrfbd [On_Demand | Stopped])
DRV - [2006/11/20 18:55:16 | 00,036,480 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\Drivers\tosrfbnp.sys -- (tosrfbnp [On_Demand | Stopped])
DRV - [2005/08/01 17:45:00 | 00,064,896 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\Drivers\tosrfcom.sys -- (Tosrfcom [System | Running])
DRV - [2007/03/01 17:53:12 | 00,073,728 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\DRIVERS\Tosrfhid.sys -- (Tosrfhid [On_Demand | Stopped])
DRV - [2005/01/06 14:42:00 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\Windows\System32\DRIVERS\tosrfnds.sys -- (tosrfnds [On_Demand | Stopped])
DRV - [2007/01/22 11:43:26 | 00,053,376 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\drivers\tosrfsnd.sys -- (TosRfSnd [On_Demand | Stopped])
DRV - [2007/04/24 20:36:00 | 00,041,856 | ---- | M] (TOSHIBA CORPORATION) -- C:\Windows\System32\DRIVERS\tosrfusb.sys -- (Tosrfusb [On_Demand | Stopped])
DRV - [2006/11/02 03:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 03:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 03:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2006/11/02 03:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 03:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/05/24 18:36:21 | 00,128,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DRIVERS\wimfltr.sys -- (WimFltr [On_Demand | Stopped])
DRV - [2007/06/15 09:12:14 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/06/15 09:12:26 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])
DRV - [2006/11/02 01:30:56 | 00,194,048 | ---- | M] (Marvell) -- C:\Windows\System32\DRIVERS\yk60x86.sys -- (yukonwlh [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-434937087-2225618841-3281089190-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-21-434937087-2225618841-3281089190-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-434937087-2225618841-3281089190-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-434937087-2225618841-3281089190-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-434937087-2225618841-3281089190-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
IE - HKU\S-1-5-21-434937087-2225618841-3281089190-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-434937087-2225618841-3281089190-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-434937087-2225618841-3281089190-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-434937087-2225618841-3281089190-1005\S-1-5-21-434937087-2225618841-3281089190-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.4.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.407
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:10.1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.3.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/16 03:04:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/11 12:09:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/11 12:09:13 | 00,000,000 | ---D | M]

[2009/07/01 10:23:03 | 00,000,000 | ---D | M] -- C:\Users\kerri\AppData\Roaming\mozilla\Extensions
[2009/07/01 10:23:03 | 00,000,000 | ---D | M] -- C:\Users\kerri\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/27 17:44:11 | 00,000,000 | ---D | M] -- C:\Users\kerri\AppData\Roaming\mozilla\Firefox\Profiles\lnsuaxgf.default\extensions
[2009/09/27 08:43:36 | 00,000,000 | ---D | M] -- C:\Users\kerri\AppData\Roaming\mozilla\Firefox\Profiles\lnsuaxgf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/29 12:04:41 | 00,000,000 | ---D | M] -- C:\Users\kerri\AppData\Roaming\mozilla\Firefox\Profiles\lnsuaxgf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/21 22:40:08 | 00,000,000 | ---D | M] -- C:\Users\kerri\AppData\Roaming\mozilla\Firefox\Profiles\lnsuaxgf.default\extensions\{9c51bd27-6ed8-4000-a2bf-36cb95c0c947}
[2009/07/28 14:34:01 | 00,000,000 | ---D | M] -- C:\Users\kerri\AppData\Roaming\mozilla\Firefox\Profiles\lnsuaxgf.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/09/12 13:55:44 | 00,000,000 | ---D | M] -- C:\Users\kerri\AppData\Roaming\mozilla\Firefox\Profiles\lnsuaxgf.default\extensions\firebug@software.joehewitt.com
[2009/09/12 13:56:12 | 00,000,000 | ---D | M] -- C:\Users\kerri\AppData\Roaming\mozilla\Firefox\Profiles\lnsuaxgf.default\extensions\foxmarks@kei.com
[2009/07/29 11:06:26 | 00,000,000 | ---D | M] -- C:\Users\kerri\AppData\Roaming\mozilla\Firefox\Profiles\lnsuaxgf.default\extensions\LogMeInClient@logmein.com
[2009/06/29 12:04:37 | 00,000,000 | ---D | M] -- C:\Users\kerri\AppData\Roaming\mozilla\Firefox\Profiles\lnsuaxgf.default\extensions\moveplayer@movenetworks.com
[2009/09/27 17:44:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/11 12:09:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/04/21 22:38:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/04/21 22:38:45 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2009/09/12 16:26:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2009/09/11 12:09:12 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/09/11 12:09:12 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 18:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/01/03 19:19:06 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/09/11 12:09:12 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2004/12/14 03:19:18 | 00,057,344 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/11/06 22:02:17 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/11/06 22:02:17 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/11/06 22:02:18 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/11/06 22:02:18 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/11/06 22:02:18 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/11/06 22:02:18 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/11/06 22:02:18 | 00,131,072 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/07/01 10:22:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/01 10:22:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/01 10:22:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/01 10:22:38 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/01 10:22:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/01 10:22:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/01 10:22:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (324334 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 spydetect.microsoft.com
O1 - Hosts: 209.44.111.57 antivirwin2009.com
O1 - Hosts: 209.44.111.57 www.antivirwin2009.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 11115 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (no name) - {bfb735d8-6524-4121-8985-ff847480de16} - No CLSID value found.
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-434937087-2225618841-3281089190-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire\Corel PhotoDownloader.exe File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [nuluheyitu] C:\ProgramData\dabareto\dabareto.DLL File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-434937087-2225618841-3281089190-1005..\Run: [Google Update] C:\Users\kerri\AppData\Local\Google\Update\GoogleUpdate.exe File not found
O4 - HKU\S-1-5-21-434937087-2225618841-3281089190-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-434937087-2225618841-3281089190-1005..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found
O4 - HKU\S-1-5-21-434937087-2225618841-3281089190-1005..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-434937087-2225618841-3281089190-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-434937087-2225618841-3281089190-1005..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Users\kerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-434937087-2225618841-3281089190-1005\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\ProgramData\neyifiwa\neyifiwa.dll) - C:\ProgramData\neyifiwa\neyifiwa.dll File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\Windows\System32\PCANotify.dll (Symantec Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/02 08:55:23 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Users\kerri\Desktop\OTL.exe
[2009/09/21 09:25:29 | 00,133,795 | ---- | C] () -- C:\Users\kerri\Desktop\be.jpg
[2009/09/16 03:06:55 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/09/14 10:20:42 | 00,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/09/14 10:18:44 | 24,689,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRT.exe
[2009/09/14 10:14:06 | 00,000,000 | ---- | C] () -- C:\Users\kerri\Desktop\settings.dat
[2009/09/14 10:07:13 | 00,472,064 | ---- | C] ( ) -- C:\Users\kerri\Desktop\RootRepeal.exe
[2009/09/14 09:58:42 | 00,000,000 | ---D | C] -- C:\Windows\CheckSur
[2009/09/14 09:41:57 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/09/14 09:41:55 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/09/14 09:41:54 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/09/14 09:41:54 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/09/14 09:41:54 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/09/14 09:41:54 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/09/14 09:41:52 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/09/14 09:41:48 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/09/12 16:30:03 | 06,291,456 | -H-- | C] () -- C:\Users\kerri\AppData\Local\IconCache.db
[2009/09/12 16:27:10 | 00,604,140 | -HS- | C] () -- C:\Windows\System32\drivers\ISwift3.dat
[2009/09/12 16:26:09 | 00,107,547 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2009/09/12 16:26:09 | 00,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2009/09/12 16:24:44 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2009/09/12 16:24:44 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/09/12 16:24:16 | 00,280,592 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2009/09/12 16:23:20 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/09/09 22:05:14 | 00,196,232 | ---- | C] () -- C:\Users\kerri\Desktop\archDNS.jpg
[2009/09/09 14:43:30 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/09/09 14:43:30 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/09/09 14:43:30 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/09/09 14:43:30 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/09/09 14:43:30 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/09/09 14:43:30 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/09/09 14:43:30 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/09/09 14:43:30 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/09/09 14:43:29 | 00,897,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/09/09 14:43:22 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/09/09 10:33:58 | 00,513,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansvc.dll
[2009/09/09 10:33:58 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2009/09/09 10:33:57 | 02,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2009/09/09 10:33:57 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2009/09/09 10:33:53 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2009/09/09 10:33:19 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/09/09 10:33:16 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/09/09 10:32:41 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/09/09 10:32:20 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/09/09 10:32:13 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/09/09 10:32:07 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/09/09 10:31:56 | 03,583,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/09/09 10:31:56 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/09/09 10:31:54 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/09/09 10:31:53 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/09/09 10:31:52 | 00,827,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/09/09 10:31:51 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/09/09 10:31:51 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/09/09 10:31:51 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/09/09 10:31:50 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/09/09 10:31:50 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/09/09 10:31:50 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/09/09 10:31:49 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/09/09 10:31:49 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/09/09 10:31:49 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/09/09 10:31:49 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/09/09 10:31:32 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/09/09 10:31:30 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/09/09 10:31:28 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/09/09 10:31:26 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/09/09 10:31:26 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/09/09 10:31:25 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/09/09 10:31:25 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/09/09 10:31:25 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/09/08 21:49:38 | 00,000,213 | ---- | C] () -- C:\Windows\System32\rotscxlog.dat
[2009/09/08 20:09:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2009/09/08 16:27:39 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Police Pro
[2009/09/05 08:16:51 | 00,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2009/09/05 08:16:51 | 00,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2009/09/05 07:53:20 | 00,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/09/05 07:53:19 | 00,002,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2009/09/05 07:53:19 | 00,002,001 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
[2009/09/05 07:53:19 | 00,001,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[2009/09/05 07:53:19 | 00,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Magic-i Visual Effects.lnk
[2009/09/05 07:53:19 | 00,001,901 | ---- | C] () -- C:\Users\kerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DING!.lnk
[2009/09/05 07:53:19 | 00,001,152 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2009/09/05 07:53:19 | 00,000,821 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2009/09/05 06:54:11 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/09/05 06:54:08 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/09/05 06:54:08 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/09/05 06:53:59 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/09/05 06:53:56 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/09/04 19:20:03 | 26,897,4373 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/09/04 11:16:13 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/09/04 11:16:07 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2009/09/04 11:16:07 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2009/09/04 11:16:06 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2009/09/04 11:16:06 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2009/09/04 11:16:01 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/09/04 11:15:57 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/09/04 11:14:20 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/09/04 11:14:15 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/09/04 11:04:14 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2009/09/04 10:30:28 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/09/04 10:15:42 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/09/04 10:15:42 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/09/03 19:56:02 | 00,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2009/09/03 14:15:37 | 00,155,071 | ---- | C] () -- C:\Windows\System32\rotscxtpbsiuqo.dat
[2009/09/03 07:30:07 | 00,021,504 | ---- | C] () -- C:\Windows\System32\rotscxvhocdpux.dll
[2009/09/02 23:13:59 | 00,071,168 | ---- | C] () -- C:\Windows\System32\drivers\rotscxfvymfqpx.sys
[2009/09/02 23:13:59 | 00,014,604 | ---- | C] () -- C:\Windows\System32\rotscxgqpwpvmx.dat
[2009/09/02 23:13:59 | 00,000,000 | ---- | C] () -- C:\Windows\System32\drivers\rotscxyqeemyrx.sys
[2009/09/02 12:12:41 | 00,000,724 | ---- | C] () -- C:\Users\kerri\Desktop\www.barslinger.com - Shortcut.lnk
[2009/07/28 09:33:24 | 00,000,040 | ---- | C] () -- C:\Windows\BO5140.INI
[2009/05/14 20:10:23 | 00,000,620 | ---- | C] () -- C:\Windows\RegGenie.ini
[2009/04/29 20:26:17 | 00,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/01/24 20:37:30 | 00,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/01/24 20:37:30 | 00,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2007/12/16 22:16:17 | 00,008,092 | ---- | C] () -- C:\Windows\System32\pitvm4.sys
[2007/11/01 10:16:30 | 00,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/11/01 10:14:13 | 00,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007/08/18 08:18:55 | 00,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/08/18 07:56:25 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/08/18 07:56:25 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/08/18 07:55:22 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/06/26 11:20:42 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/06/26 10:51:10 | 00,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/06/14 13:02:02 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/06/14 13:02:01 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2007/06/14 13:01:08 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/05 14:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 04:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 04:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 01:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 22:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== Files - Modified Within 30 Days ==========

[2009/10/02 08:55:31 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2881FC9C-AEAE-4A47-A1B9-DE31376AE802}.job
[2009/10/02 08:55:23 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Users\kerri\Desktop\OTL.exe
[2009/10/02 08:36:47 | 00,707,452 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/10/02 08:36:47 | 00,606,916 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/10/02 08:36:47 | 00,105,884 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/10/02 08:33:10 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009/10/02 08:31:47 | 00,002,495 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2009/10/02 08:30:24 | 00,000,410 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2009/10/02 08:30:24 | 00,000,026 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2009/10/02 08:30:21 | 00,000,402 | ---- | M] () -- C:\Windows\tasks\RegistrySmart System Startup.job
[2009/10/02 08:30:17 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/10/02 08:30:16 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/10/02 08:30:02 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/10/02 08:30:00 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/22 18:30:32 | 00,107,547 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2009/09/22 18:30:32 | 00,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2009/09/21 21:37:00 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/09/21 09:25:29 | 00,133,795 | ---- | M] () -- C:\Users\kerri\Desktop\be.jpg
[2009/09/16 03:15:56 | 00,443,392 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/09/16 03:13:30 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/09/16 03:12:59 | 06,291,456 | -H-- | M] () -- C:\Users\kerri\AppData\Local\IconCache.db
[2009/09/14 10:20:42 | 00,071,168 | ---- | M] () -- C:\Windows\System32\drivers\rotscxfvymfqpx.sys
[2009/09/14 10:20:42 | 00,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2009/09/14 10:14:06 | 00,000,000 | ---- | M] () -- C:\Users\kerri\Desktop\settings.dat
[2009/09/14 10:07:13 | 00,472,064 | ---- | M] ( ) -- C:\Users\kerri\Desktop\RootRepeal.exe
[2009/09/14 09:40:18 | 00,155,071 | ---- | M] () -- C:\Windows\System32\rotscxtpbsiuqo.dat
[2009/09/12 19:05:10 | 00,110,344 | ---- | M] () -- C:\TDSSKiller.exe
[2009/09/12 17:20:38 | 00,000,000 | ---- | M] () -- C:\Windows\System32\drivers\rotscxyqeemyrx.sys
[2009/09/12 16:27:10 | 00,604,140 | -HS- | M] () -- C:\Windows\System32\drivers\ISwift3.dat
[2009/09/12 16:24:16 | 00,280,592 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2009/09/12 16:19:09 | 00,113,712 | ---- | M] () -- C:\Users\kerri\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/09/12 13:57:59 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/09/12 13:57:46 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/09/10 19:53:09 | 00,002,627 | ---- | M] () -- C:\Users\kerri\Desktop\Microsoft Office Word 2007.lnk
[2009/09/09 22:05:14 | 00,196,232 | ---- | M] () -- C:\Users\kerri\Desktop\archDNS.jpg
[2009/09/09 20:09:02 | 00,000,680 | ---- | M] () -- C:\Users\kerri\AppData\Local\d3d9caps.dat
[2009/09/08 21:49:38 | 00,000,213 | ---- | M] () -- C:\Windows\System32\rotscxlog.dat
[2009/09/05 08:16:51 | 00,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2009/09/05 07:33:53 | 26,897,4373 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/09/04 19:37:54 | 00,324,334 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/09/04 14:11:56 | 00,327,106 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2009/09/03 14:04:35 | 00,014,604 | ---- | M] () -- C:\Windows\System32\rotscxgqpwpvmx.dat
[2009/09/03 07:30:07 | 00,021,504 | ---- | M] () -- C:\Windows\System32\rotscxvhocdpux.dll
[2009/09/02 12:12:41 | 00,000,724 | ---- | M] () -- C:\Users\kerri\Desktop\www.barslinger.com - Shortcut.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:B63300D1
< End of report >







Here is the Extras.txt log:
OTL Extras logfile created on: 10/2/2009 8:56:53 AM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Users\kerri\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 79.67% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67.32 Gb Total Space | 28.73 Gb Free Space | 42.68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KVAIO
Current User Name: kerri
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-434937087-2225618841-3281089190-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22181B3B-AB8B-4B36-A62A-D3A77502A4D0}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{6C702E13-B7E4-46FB-9096-B4928D6B9F21}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8057B09E-5803-439C-B89C-7ABD5E78E86D}" = lport=445 | protocol=6 | dir=in | name=tcp 445 |
"{83821F97-0354-417B-9152-EAD242121DBB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{87CC9628-7E89-482A-B8E1-8D122A6BA12B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B2AB46A-5CAA-4B2B-BFC7-DDDB5900A95C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8F101446-D717-4E9F-8F20-24F5724BA7DF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9E1A0ADA-97E7-4C37-AA01-E3C4D995F47C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6E34CD2-27EB-4D19-B000-3A5A0C10A6A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7E30A92-EFE2-49CE-AE45-F08E80A51834}" = lport=138 | protocol=17 | dir=in | name=udp 138 |
"{BADB8EF4-B79B-487C-91E9-F5D448CA646A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C6001A1B-5532-42B2-B991-98180B8FCA91}" = lport=139 | protocol=6 | dir=in | name=tcp 139 |
"{C91708A0-C938-4B20-BFC0-7211EF17A55B}" = lport=137 | protocol=17 | dir=in | name=udp 137 |
"{D3E8483B-73A7-4378-866C-9C98033D68DB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E0A559E1-CF70-4074-B053-9B87969B7D95}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D675B1C-515D-4BAB-9B92-AE180C2FC5C0}" = protocol=17 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe |
"{130AFFDC-FABF-434E-8A5B-94800732BEFA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{177E2A9E-D251-4372-AFA8-A6F574667CBD}" = protocol=17 | dir=in | app=c:\users\kerri\appdata\local\temp\7zs1dbc.tmp\symnrt.exe |
"{2B531BEA-18D9-4282-A2D5-C3131F8BCC72}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2F11E932-CAD8-4180-8885-565A63448A51}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A74DC47-F27C-47D8-A598-346A48B407BA}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{3AB48FC0-0EDE-46E5-B1FD-3B1B9FD5A811}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3FA878CC-5E87-4CCF-94A0-DE1E23ABFECF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{532C5943-8787-4D8F-B88C-C5D978A7AE93}" = protocol=6 | dir=in | app=c:\users\kerri\appdata\local\temp\7zs1dbc.tmp\symnrt.exe |
"{65295EF7-3803-49AC-A350-C36D7159BD44}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{673497D6-E87C-4F86-8AC9-A53467FD2817}" = protocol=6 | dir=in | app=c:\users\kerri\appdata\local\temp\7zs5fec.tmp\symnrt.exe |
"{A5FA9ADB-6F30-425F-84E8-A039C2311F1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A6C2C8F7-4C9C-48E1-9B39-566887200175}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{AE561EAA-F4A5-43E0-8EF6-9BA09F38B499}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B89E54CB-C1EB-4923-9766-B8A6A0207F1C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BBAA2832-9771-4A92-AEB9-5BB67CF67E8F}" = protocol=17 | dir=in | app=c:\users\kerri\appdata\local\temp\7zs5fec.tmp\symnrt.exe |
"{BBC481E8-6BAC-49EF-9857-1B93ABD4088F}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{BC7AA05F-2E55-4229-9105-3E33D619688B}" = protocol=6 | dir=in | app=c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe |
"{C399B3EB-2B43-4C21-9FE0-FD3670558F68}" = protocol=6 | dir=out | app=system |
"{D6ABBE08-38E0-4E88-A4F7-DC9A2A593236}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{D6FFBE1B-8A0A-4038-B26D-5603857A51FF}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{FA887709-4A7C-49BB-A978-ACA3586BB1B5}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{FCCBA051-B43B-4FFA-8502-8F5EF966DCB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE918585-829C-4943-AA43-C026A2E399B2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0C5A7A82-8A92-4AC9-B730-9E4BD5B7D25F}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{1B23153A-46E7-41ED-8517-A799277B6CA4}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{2615AADC-B0E5-4DE8-9C68-76C5B96D2AAF}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{2718D26A-0313-45DF-9E75-D2343E62A8B9}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{3B33A61C-5455-4780-AB48-B9F6624BBBE5}C:\program files\soulseek-test\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek-test\slsk.exe |
"TCP Query User{3D1EE7DC-4A11-443F-9AF3-76C2AFC91C93}C:\program files\jetbrains\intellij idea 8.0\bin\idea.exe" = protocol=6 | dir=in | app=c:\program files\jetbrains\intellij idea 8.0\bin\idea.exe |
"TCP Query User{3F164A24-F721-45C2-A5D4-14207EC88C1B}C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe" = protocol=6 | dir=in | app=c:\program files\ipswitch\ws_ftp professional\wsftpgui.exe |
"TCP Query User{3FD3585C-7B5F-47A8-8B0E-D8C3ACB8BA38}C:\program files\steam\steamapps\kkors\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\kkors\team fortress 2\hl2.exe |
"TCP Query User{4B6A3245-8CDC-4140-B6A3-3CC566E3B2E7}C:\program files\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"TCP Query User{615731BE-BD27-43F7-BD44-4EF8DB776B07}C:\program files\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"TCP Query User{62449E62-356E-444C-8A6C-CFFAA4C9A103}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{636103F3-51EA-40A1-9D4F-C9000BC97E0F}C:\program files\jetbrains\intellij idea 7.0.2\bin\idea.exe" = protocol=6 | dir=in | app=c:\program files\jetbrains\intellij idea 7.0.2\bin\idea.exe |
"TCP Query User{6906B075-4B16-4370-82FF-6826601F9FAC}C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe" = protocol=6 | dir=in | app=c:\program files\ipswitch\ws_ftp professional\wsftpgui.exe |
"TCP Query User{6B782DFB-4307-4743-A817-7CAA9EE29306}C:\program files\pandion\pandion.exe" = protocol=6 | dir=in | app=c:\program files\pandion\pandion.exe |
"TCP Query User{6D496EDC-7369-4ECE-8413-23B0EA8114B3}C:\program files\jetbrains\intellij idea 7.0.2\bin\idea.exe" = protocol=6 | dir=in | app=c:\program files\jetbrains\intellij idea 7.0.2\bin\idea.exe |
"TCP Query User{7164AEAF-0ED8-4916-9673-A61DE72B3FA9}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{8A7F4D11-AF2C-4D03-B271-B1499972B034}C:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe" = protocol=6 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe |
"TCP Query User{B2358A91-EBD7-4DA4-B126-C4A51BE703C7}C:\program files\pandion\pandion.exe" = protocol=6 | dir=in | app=c:\program files\pandion\pandion.exe |
"TCP Query User{C8A07B3A-ECBA-4BB7-B84A-2056F7E05B00}C:\program files\soulseek-test\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek-test\slsk.exe |
"TCP Query User{CD14CDB8-810F-44CC-8D37-1DBFB464F97A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{D3F61C07-F675-4E83-A568-748AF2372798}C:\program files\jetbrains\intellij idea 8.0\bin\idea.exe" = protocol=6 | dir=in | app=c:\program files\jetbrains\intellij idea 8.0\bin\idea.exe |
"TCP Query User{EFB33B72-085F-4C40-8F96-EAC1B2BBB7E6}C:\program files\steam\steamapps\kkors\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\kkors\team fortress 2\hl2.exe |
"TCP Query User{FCEE1256-0733-4270-B344-3F125C708F00}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{12634746-6A5D-4D27-B552-6F14366A5AE2}C:\program files\jetbrains\intellij idea 7.0.2\bin\idea.exe" = protocol=17 | dir=in | app=c:\program files\jetbrains\intellij idea 7.0.2\bin\idea.exe |
"UDP Query User{198A1631-A1E7-45A0-9BEB-97E7D1AFDF6B}C:\program files\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"UDP Query User{1BAB78D1-D035-41C7-8435-DD37CDC32967}C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe" = protocol=17 | dir=in | app=c:\program files\ipswitch\ws_ftp professional\wsftpgui.exe |
"UDP Query User{2DEF08CE-5A9E-490C-9991-C4D9CEDCE279}C:\program files\steam\steamapps\kkors\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\kkors\team fortress 2\hl2.exe |
"UDP Query User{33B14A97-325C-4211-8E45-AF8612DACF3C}C:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe" = protocol=17 | dir=in | app=c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe |
"UDP Query User{3F7D1C2E-C3B6-4A7F-8900-05471C2EB666}C:\program files\jetbrains\intellij idea 8.0\bin\idea.exe" = protocol=17 | dir=in | app=c:\program files\jetbrains\intellij idea 8.0\bin\idea.exe |
"UDP Query User{4C0E0A66-DBE4-428D-89B9-3D80EBBBDDF5}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{5A992EF8-C5B1-480E-9FA4-76581702DEB6}C:\program files\pandion\pandion.exe" = protocol=17 | dir=in | app=c:\program files\pandion\pandion.exe |
"UDP Query User{609E2BAC-B5DE-454C-BEA7-4EDD1906ADAA}C:\program files\jetbrains\intellij idea 8.0\bin\idea.exe" = protocol=17 | dir=in | app=c:\program files\jetbrains\intellij idea 8.0\bin\idea.exe |
"UDP Query User{6BBA706F-8064-4B17-BA14-71E01339A6D2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{801105DE-DDD3-4BE2-8BA8-ADF5F0F4C7DA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{8590A2DA-806D-4DC8-9B74-1258823DBC4F}C:\program files\jetbrains\intellij idea 7.0.2\bin\idea.exe" = protocol=17 | dir=in | app=c:\program files\jetbrains\intellij idea 7.0.2\bin\idea.exe |
"UDP Query User{9F98BF36-0AB6-4DE3-A844-F8D46CAEE136}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{A21FDE93-1F90-4706-B8FA-ADFBCBB4FD9D}C:\program files\steam\steamapps\kkors\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\kkors\team fortress 2\hl2.exe |
"UDP Query User{A3117B2B-16EF-4933-9F2C-88B4318435E7}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{A37FE5C3-DCC1-4C61-BECD-2262C7D2D259}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{B46BDD39-8759-415D-AA87-850D2876979A}C:\program files\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\program files\last.fm\lastfm.exe |
"UDP Query User{B5653BE9-EDA3-4BCF-8318-9C8ABEC5468E}C:\program files\pandion\pandion.exe" = protocol=17 | dir=in | app=c:\program files\pandion\pandion.exe |
"UDP Query User{C7B1F2D2-4756-4097-9532-A0AB5C9167A1}C:\program files\ipswitch\ws_ftp professional\wsftpgui.exe" = protocol=17 | dir=in | app=c:\program files\ipswitch\ws_ftp professional\wsftpgui.exe |
"UDP Query User{D157F35E-7C48-4D5C-8B34-8FE7D35DDCE2}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{D795402E-2F07-46A8-B83D-4BA797DC3F69}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{DF4FDFB8-F7F5-45C6-B0F3-BC2ECCDBEB78}C:\program files\soulseek-test\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek-test\slsk.exe |
"UDP Query User{F51C2781-37A7-490D-B20A-ED9ADD966174}C:\program files\soulseek-test\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek-test\slsk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{0312BD0D-A1FE-4E1A-9208-D436F566D867}" = VAIO Azure Float Wallpaper
"{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{235915A8-1C0D-4920-95EA-FE8B773E5F57}" = VAIO Teal Whisper Wallpaper
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{32A3A4F4-B792-11D6-A78A-00B0D0160040}" = Java™ SE Development Kit 6 Update 4
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{359DF682-BC8F-429D-AB6D-3C8002099F38}" = VAIO Content Metadata Intelligent Analyzing Manager
"{46548E80-0409-0000-7E8A-45000F855001}" = Adobe GoLive CS2
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{48B82226-75E3-4E90-92CC-D30F79EA6380}" = Norton Security Scan
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5F12E9D1-402C-4672-86D7-52E86A3A1411}" = VAIO Content Importer VAIO Content Exporter
"{5F5DE5D5-D130-4110-A3A4-69FFB0B14BD9}" = VAIO Content Metadata XML Interface Library
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{638BAD93-701B-482A-86C6-72DFF3E6FE51}" =
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7D716354-2C08-48DC-9AC5-957348048817}" = VAIO Help And Support
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91208A47-5D08-4C79-986F-1931940F51BB}" = QuickBooks Product Listing Service
"{92F8615C-43B7-4925-8457-B6D004E8D478}" = VAIO Content Metadata XML Interface Library
"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B59B3DA8-06F8-4B4C-AE94-5180753EF108}" = VAIO Floral Dusk Wallpaper
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}" = Java DB 10.3.1.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
"{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media
"{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool
"{D937DD80-3928-4617-876F-538A25AECB17}" = LocationFree Player
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}" = iTunes
"{E58AB36F-9D50-4969-9228-AC24270741BF}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Apache Tomcat 6.0" = Apache Tomcat 6.0 (remove only)
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Crackle Screen Saver_is1" = Crackle Screen Saver 1.0
"EOS Utility" = Canon Utilities EOS Utility
"HDMI" = Intel® Graphics Media Accelerator Driver
"IE4Dev" = Microsoft Script Debugger
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"IntelliJ IDEA 7.0.2" = IntelliJ IDEA 7.0.2
"IntelliJ IDEA 8.0" = IntelliJ IDEA 8.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"PROHYBRIDR" = 2007 Microsoft Office system
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Soulseek2" = SoulSeek Client 157 test 12c
"Subversion_is1" = Subversion 1.4.5-r25188
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VAIO Service Utility" = VAIO Service Utility
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/5/2009 10:00:52 AM | Computer Name = kVaio | Source = Windows Search Service | ID = 7040
Description =

Error - 9/5/2009 10:23:08 AM | Computer Name = kVaio | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 9/8/2009 10:07:29 PM | Computer Name = kVaio | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 9/8/2009 10:32:25 PM | Computer Name = kVaio | Source = EventSystem | ID = 4609
Description =

Error - 9/8/2009 11:45:18 PM | Computer Name = kVaio | Source = EventSystem | ID = 4609
Description =

Error - 9/8/2009 11:46:03 PM | Computer Name = kVaio | Source = ESENT | ID = 455
Description = Catalog Database (1044) Catalog Database: Error -1811 occurred while
opening logfile C:\Windows\system32\CatRoot2\edb00103.log.

Error - 9/8/2009 11:46:04 PM | Computer Name = kVaio | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

Error - 9/8/2009 11:50:55 PM | Computer Name = kVaio | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 9/9/2009 2:54:52 PM | Computer Name = kVaio | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 9/9/2009 2:56:42 PM | Computer Name = kVaio | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 538 Start Time: 01ca317ed546173a Termination Time: 0


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:35 PM

Posted 02 October 2009 - 10:52 AM

Hi,

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 kerkor

kerkor
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:35 AM

Posted 02 October 2009 - 02:33 PM

Here is the combofix log:
ComboFix 09-10-01.05 - kerri 10/02/2009 10:14.1.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6001.1.1252.1.1033.18.3062.1381 [GMT -6:00]
Running from: c:\users\kerri\Desktop\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4103148037-311819285-351509405-500
c:\$recycle.bin\S-1-5-21-434937087-2225618841-3281089190-500
c:\$recycle.bin\S-1-5-21-782822310-1240864431-3743502249-500
c:\$recycle.bin\S-1-5-21-918056312-2952985149-2686913973-500
C:\desktop.ini
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\tmp\images\i1.gif
c:\program files\Windows Police Pro\tmp\images\i2.gif
c:\program files\Windows Police Pro\tmp\images\i3.gif
c:\program files\Windows Police Pro\tmp\images\j1.gif
c:\program files\Windows Police Pro\tmp\images\j2.gif
c:\program files\Windows Police Pro\tmp\images\j3.gif
c:\program files\Windows Police Pro\tmp\images\jj1.gif
c:\program files\Windows Police Pro\tmp\images\jj2.gif
c:\program files\Windows Police Pro\tmp\images\jj3.gif
c:\program files\Windows Police Pro\tmp\images\l1.gif
c:\program files\Windows Police Pro\tmp\images\l2.gif
c:\program files\Windows Police Pro\tmp\images\l3.gif
c:\program files\Windows Police Pro\tmp\images\pix.gif
c:\program files\Windows Police Pro\tmp\images\t1.gif
c:\program files\Windows Police Pro\tmp\images\t2.gif
c:\program files\Windows Police Pro\tmp\images\up1.gif
c:\program files\Windows Police Pro\tmp\images\up2.gif
c:\program files\Windows Police Pro\tmp\images\w1.gif
c:\program files\Windows Police Pro\tmp\images\w11.gif
c:\program files\Windows Police Pro\tmp\images\w2.gif
c:\program files\Windows Police Pro\tmp\images\w3.gif
c:\program files\Windows Police Pro\tmp\images\w3.jpg
c:\program files\Windows Police Pro\tmp\images\wt1.gif
c:\program files\Windows Police Pro\tmp\images\wt2.gif
c:\program files\Windows Police Pro\tmp\images\wt3.gif
c:\windows\Installer\69f2f2.msi
c:\windows\system32\bszip.dll
c:\windows\system32\drivers\rotscxfvymfqpx.sys
c:\windows\system32\drivers\rotscxyqeemyrx.sys
c:\windows\system32\rotscxgqpwpvmx.dat
c:\windows\system32\rotscxlog.dat
c:\windows\system32\rotscxtpbsiuqo.dat
c:\windows\system32\rotscxvhocdpux.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_rotscxfeeeiepu
-------\Legacy_rotscxqbspotdb
-------\Service_rotscxfeeeiepu
-------\Service_rotscxqbspotdb


((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.

2009-10-02 16:19 . 2009-10-02 16:22 -------- dc----w- c:\users\kerri\AppData\Local\temp
2009-10-02 16:19 . 2009-10-02 16:19 -------- dc----w- c:\users\Default\AppData\Local\temp
2009-09-16 09:06 . 2009-06-22 10:22 2048 -c--a-w- c:\windows\system32\tzres.dll
2009-09-14 15:58 . 2009-09-14 15:58 -------- dc----w- c:\windows\CheckSur
2009-09-14 15:41 . 2008-06-20 01:14 97800 -c--a-w- c:\windows\system32\infocardapi.dll
2009-09-14 15:41 . 2008-06-20 01:14 105016 -c--a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-14 15:41 . 2008-06-20 01:14 43544 -c--a-w- c:\windows\system32\PresentationHostProxy.dll
2009-09-14 15:41 . 2008-06-20 01:14 11264 -c--a-w- c:\windows\system32\icardres.dll
2009-09-14 15:41 . 2008-06-20 01:14 622080 -c--a-w- c:\windows\system32\icardagt.exe
2009-09-14 15:41 . 2008-06-20 01:14 781344 -c--a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-09-14 15:41 . 2008-06-20 01:14 326160 -c--a-w- c:\windows\system32\PresentationHost.exe
2009-09-12 22:27 . 2009-09-12 22:27 604140 -csha-w- c:\windows\system32\drivers\ISwift3.dat
2009-09-12 22:26 . 2009-09-23 00:30 95259 -c--a-w- c:\windows\system32\drivers\klick.dat
2009-09-12 22:26 . 2009-09-23 00:30 107547 -c--a-w- c:\windows\system32\drivers\klin.dat
2009-09-12 22:24 . 2009-10-02 15:58 -------- dc----w- c:\programdata\Kaspersky Lab
2009-09-12 22:24 . 2009-09-12 22:24 -------- dc----w- c:\program files\Kaspersky Lab
2009-09-12 22:23 . 2009-09-12 22:23 -------- dc----w- c:\programdata\Kaspersky Lab Setup Files
2009-09-09 20:43 . 2009-08-14 16:29 104960 -c--a-w- c:\windows\system32\netiohlp.dll
2009-09-09 20:43 . 2009-08-14 14:16 9728 -c--a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 20:43 . 2009-08-14 14:16 17920 -c--a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 20:43 . 2009-08-14 14:16 11264 -c--a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 20:43 . 2009-08-14 14:16 27136 -c--a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 20:43 . 2009-08-14 14:16 19968 -c--a-w- c:\windows\system32\ARP.EXE
2009-09-09 20:43 . 2009-08-14 14:16 8704 -c--a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 20:43 . 2009-08-14 14:16 10240 -c--a-w- c:\windows\system32\finger.exe
2009-09-09 20:43 . 2009-08-14 17:07 897608 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 20:43 . 2009-08-14 16:29 17920 -c--a-w- c:\windows\system32\netevent.dll
2009-09-09 16:33 . 2009-07-11 19:32 513024 -c--a-w- c:\windows\system32\wlansvc.dll
2009-09-09 16:33 . 2009-07-11 19:32 302592 -c--a-w- c:\windows\system32\wlansec.dll
2009-09-09 16:33 . 2009-07-11 19:32 293376 -c--a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 16:33 . 2009-07-11 19:29 127488 -c--a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 16:33 . 2009-06-10 12:11 2868224 -c--a-w- c:\windows\system32\mf.dll
2009-09-09 16:32 . 2009-06-04 12:34 2066432 -c--a-w- c:\windows\system32\mstscax.dll
2009-09-09 16:32 . 2009-04-23 12:42 636928 -c--a-w- c:\windows\system32\localspl.dll
2009-09-09 16:32 . 2009-06-10 12:07 91136 -c--a-w- c:\windows\system32\avifil32.dll
2009-09-09 02:09 . 2009-09-09 02:09 -------- dc----w- c:\programdata\Office Genuine Advantage
2009-09-05 12:54 . 2008-07-27 18:03 96760 -c--a-w- c:\windows\system32\dfshim.dll
2009-09-05 12:54 . 2008-07-27 18:03 41984 -c--a-w- c:\windows\system32\netfxperf.dll
2009-09-05 12:54 . 2008-07-27 18:03 282112 -c--a-w- c:\windows\system32\mscoree.dll
2009-09-05 12:53 . 2008-07-27 18:03 158720 -c--a-w- c:\windows\system32\mscorier.dll
2009-09-05 12:53 . 2008-07-27 18:03 83968 -c--a-w- c:\windows\system32\mscories.dll
2009-09-04 17:16 . 2009-04-21 11:55 2033152 -c--a-w- c:\windows\system32\win32k.sys
2009-09-04 17:16 . 2009-06-15 15:24 156672 -c--a-w- c:\windows\system32\t2embed.dll
2009-09-04 17:16 . 2009-06-15 15:20 72704 -c--a-w- c:\windows\system32\fontsub.dll
2009-09-04 17:16 . 2009-06-15 15:20 10240 -c--a-w- c:\windows\system32\dciman32.dll
2009-09-04 17:16 . 2009-06-15 12:52 289792 -c--a-w- c:\windows\system32\atmfd.dll
2009-09-04 17:16 . 2009-07-17 14:35 71680 -c--a-w- c:\windows\system32\atl.dll
2009-09-04 17:15 . 2009-06-10 12:12 160256 -c--a-w- c:\windows\system32\wkssvc.dll
2009-09-04 17:14 . 2009-08-28 12:39 28672 -c--a-w- c:\windows\system32\Apphlpdm.dll
2009-09-04 17:14 . 2009-08-28 10:15 4240384 -c--a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-09-04 17:04 . 2009-04-23 12:43 784896 -c--a-w- c:\windows\system32\rpcrt4.dll
2009-09-04 16:30 . 2009-09-04 16:30 -------- dc----w- c:\program files\Alwil Software
2009-09-04 16:15 . 2009-09-05 01:02 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-09-04 16:15 . 2009-09-05 01:02 -------- dc----w- c:\programdata\Spybot - Search & Destroy
2009-09-04 15:06 . 2009-09-04 16:18 -------- dc----w- c:\users\kerri\www.dustydogcreations.com
2009-09-04 01:56 . 2009-09-04 01:56 -------- dc----w- c:\programdata\NortonInstaller
2009-09-02 19:49 . 2009-09-02 19:49 -------- dc----w- c:\users\kerri\www.postersofsantafe.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 16:20 . 2007-07-25 23:15 12 ----a-w- c:\windows\bthservsdp.dat
2009-09-16 09:13 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2009-09-14 16:23 . 2007-11-01 16:01 -------- dc----w- c:\programdata\Microsoft Help
2009-09-13 01:05 . 2009-08-05 16:07 110344 -c--a-w- C:\TDSSKiller.exe
2009-09-12 22:19 . 2007-11-06 18:14 113712 -c--a-w- c:\users\kerri\AppData\Local\GDIPFONTCACHEV1.DAT
2009-09-12 20:01 . 2007-11-01 16:04 -------- dc----w- c:\program files\Microsoft Works
2009-09-12 19:36 . 2007-11-07 04:04 -------- dc----w- c:\users\kerri\AppData\Roaming\Skype
2009-09-11 14:00 . 2008-01-17 03:54 -------- dc----w- c:\users\kerri\AppData\Roaming\skypePM
2009-09-10 02:09 . 2009-04-17 19:30 680 -c--a-w- c:\users\kerri\AppData\Local\d3d9caps.dat
2009-09-09 19:18 . 2009-04-21 04:12 -------- dc----w- c:\users\kerri\AppData\Roaming\SUPERAntiSpyware.com
2009-09-09 19:18 . 2007-11-07 05:52 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-09 19:18 . 2009-04-21 04:12 -------- dc----w- c:\program files\SUPERAntiSpyware
2009-09-09 05:35 . 2007-11-01 15:53 -------- dc----w- c:\programdata\FLEXnet
2009-09-05 14:22 . 2009-04-21 03:39 -------- dc----w- c:\program files\Trend Micro
2009-09-04 02:05 . 2007-11-01 16:24 -------- dc----w- c:\program files\Common Files\Symantec Shared
2009-09-04 01:59 . 2007-11-01 16:24 -------- dc----w- c:\programdata\Symantec
2009-08-16 04:47 . 2007-11-07 04:02 -------- dc----w- c:\program files\iTunes
2009-07-18 16:06 . 2009-09-09 16:31 827904 -c--a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-09-09 16:31 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-09-09 16:31 26624 -c--a-w- c:\windows\system32\ieUnatt.exe
2009-07-14 13:00 . 2009-09-09 16:31 313344 -c--a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-09-09 16:31 4096 -c--a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-09-09 16:31 7680 -c--a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-09-09 16:31 8147456 -c--a-w- c:\windows\system32\wmploc.DLL
2007-08-18 14:03 . 2007-08-18 14:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-16 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-12-12 21686568]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 45056]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-08 835584]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 144784]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-10-20 286720]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-26 137752]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-11-03 267048]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-12 317560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-03 154136]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-05 856064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-07-03 303376]

c:\users\kerri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-1-4 25214]
Adobe Acrobat Synchronizer.lnk - c:\program files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2007-04-27 19:10 18744 -c--a-w- c:\windows\System32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26 98304 -c--a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C91708A0-C938-4B20-BFC0-7211EF17A55B}"= TCP:137:UDP 137
"{B7E30A92-EFE2-49CE-AE45-F08E80A51834}"= TCP:138:UDP 138
"{C6001A1B-5532-42B2-B991-98180B8FCA91}"= UDP:139:TCP 139
"{8057B09E-5803-439C-B89C-7ABD5E78E86D}"= UDP:445:TCP 445
"{E0A559E1-CF70-4074-B053-9B87969B7D95}"= TCP:1900:UDP 1900
"{22181B3B-AB8B-4B36-A62A-D3A77502A4D0}"= UDP:2869:TCP 2869
"TCP Query User{2718D26A-0313-45DF-9E75-D2343E62A8B9}c:\\program files\\itunes\\itunes.exe"= UDP:c:\program files\itunes\itunes.exe:iTunes
"UDP Query User{4C0E0A66-DBE4-428D-89B9-3D80EBBBDDF5}c:\\program files\\itunes\\itunes.exe"= TCP:c:\program files\itunes\itunes.exe:iTunes
"TCP Query User{1B23153A-46E7-41ED-8517-A799277B6CA4}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{A37FE5C3-DCC1-4C61-BECD-2262C7D2D259}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{7164AEAF-0ED8-4916-9673-A61DE72B3FA9}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{D157F35E-7C48-4D5C-8B34-8FE7D35DDCE2}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{2615AADC-B0E5-4DE8-9C68-76C5B96D2AAF}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{801105DE-DDD3-4BE2-8BA8-ADF5F0F4C7DA}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{62449E62-356E-444C-8A6C-CFFAA4C9A103}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{9F98BF36-0AB6-4DE3-A844-F8D46CAEE136}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{BC7AA05F-2E55-4229-9105-3E33D619688B}"= UDP:c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"{0D675B1C-515D-4BAB-9B92-AE180C2FC5C0}"= TCP:c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:Adobe Version Cue CS2
"TCP Query User{FCEE1256-0733-4270-B344-3F125C708F00}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D795402E-2F07-46A8-B83D-4BA797DC3F69}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{4B6A3245-8CDC-4140-B6A3-3CC566E3B2E7}c:\\program files\\last.fm\\lastfm.exe"= UDP:c:\program files\last.fm\lastfm.exe:Last.fm
"UDP Query User{198A1631-A1E7-45A0-9BEB-97E7D1AFDF6B}c:\\program files\\last.fm\\lastfm.exe"= TCP:c:\program files\last.fm\lastfm.exe:Last.fm
"TCP Query User{CD14CDB8-810F-44CC-8D37-1DBFB464F97A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{6BBA706F-8064-4B17-BA14-71E01339A6D2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{C8A07B3A-ECBA-4BB7-B84A-2056F7E05B00}c:\\program files\\soulseek-test\\slsk.exe"= UDP:c:\program files\soulseek-test\slsk.exe:SoulSeek
"UDP Query User{F51C2781-37A7-490D-B20A-ED9ADD966174}c:\\program files\\soulseek-test\\slsk.exe"= TCP:c:\program files\soulseek-test\slsk.exe:SoulSeek
"TCP Query User{3B33A61C-5455-4780-AB48-B9F6624BBBE5}c:\\program files\\soulseek-test\\slsk.exe"= UDP:c:\program files\soulseek-test\slsk.exe:SoulSeek
"UDP Query User{DF4FDFB8-F7F5-45C6-B0F3-BC2ECCDBEB78}c:\\program files\\soulseek-test\\slsk.exe"= TCP:c:\program files\soulseek-test\slsk.exe:SoulSeek
"TCP Query User{EFB33B72-085F-4C40-8F96-EAC1B2BBB7E6}c:\\program files\\steam\\steamapps\\kkors\\team fortress 2\\hl2.exe"= UDP:c:\program files\steam\steamapps\kkors\team fortress 2\hl2.exe:hl2
"UDP Query User{2DEF08CE-5A9E-490C-9991-C4D9CEDCE279}c:\\program files\\steam\\steamapps\\kkors\\team fortress 2\\hl2.exe"= TCP:c:\program files\steam\steamapps\kkors\team fortress 2\hl2.exe:hl2
"TCP Query User{636103F3-51EA-40A1-9D4F-C9000BC97E0F}c:\\program files\\jetbrains\\intellij idea 7.0.2\\bin\\idea.exe"= UDP:c:\program files\jetbrains\intellij idea 7.0.2\bin\idea.exe:idea
"UDP Query User{12634746-6A5D-4D27-B552-6F14366A5AE2}c:\\program files\\jetbrains\\intellij idea 7.0.2\\bin\\idea.exe"= TCP:c:\program files\jetbrains\intellij idea 7.0.2\bin\idea.exe:idea
"TCP Query User{6B782DFB-4307-4743-A817-7CAA9EE29306}c:\\program files\\pandion\\pandion.exe"= UDP:c:\program files\pandion\pandion.exe:Pandion Instant Messenger
"UDP Query User{B5653BE9-EDA3-4BCF-8318-9C8ABEC5468E}c:\\program files\\pandion\\pandion.exe"= TCP:c:\program files\pandion\pandion.exe:Pandion Instant Messenger
"TCP Query User{3D1EE7DC-4A11-443F-9AF3-76C2AFC91C93}c:\\program files\\jetbrains\\intellij idea 8.0\\bin\\idea.exe"= UDP:c:\program files\jetbrains\intellij idea 8.0\bin\idea.exe:idea
"UDP Query User{609E2BAC-B5DE-454C-BEA7-4EDD1906ADAA}c:\\program files\\jetbrains\\intellij idea 8.0\\bin\\idea.exe"= TCP:c:\program files\jetbrains\intellij idea 8.0\bin\idea.exe:idea
"TCP Query User{3F164A24-F721-45C2-A5D4-14207EC88C1B}c:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= UDP:c:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application
"UDP Query User{C7B1F2D2-4756-4097-9532-A0AB5C9167A1}c:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= TCP:c:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application
"TCP Query User{8A7F4D11-AF2C-4D03-B271-B1499972B034}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= UDP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client
"UDP Query User{33B14A97-325C-4211-8E45-AF8612DACF3C}c:\\program files\\sonicwall\\sonicwall global vpn client\\swgvpnclient.exe"= TCP:c:\program files\sonicwall\sonicwall global vpn client\swgvpnclient.exe:SonicWALL Global VPN Client
"TCP Query User{6906B075-4B16-4370-82FF-6826601F9FAC}c:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= UDP:c:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application
"UDP Query User{1BAB78D1-D035-41C7-8435-DD37CDC32967}c:\\program files\\ipswitch\\ws_ftp professional\\wsftpgui.exe"= TCP:c:\program files\ipswitch\ws_ftp professional\wsftpgui.exe:WS_FTP Pro Application
"{BBC481E8-6BAC-49EF-9857-1B93ABD4088F}"= UDP:c:\windows\explorer.exe:Explorer
"{A6C2C8F7-4C9C-48E1-9B39-566887200175}"= TCP:c:\windows\explorer.exe:Explorer
"{D6FFBE1B-8A0A-4038-B26D-5603857A51FF}"= UDP:c:\windows\explorer.exe:Explorer
"{D6ABBE08-38E0-4E88-A4F7-DC9A2A593236}"= TCP:c:\windows\explorer.exe:Explorer
"{3A74DC47-F27C-47D8-A598-346A48B407BA}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{FA887709-4A7C-49BB-A978-ACA3586BB1B5}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{73A80D64-1FF7-4485-8AF8-D254BB304F10}c:\\program files\\skype\\phone\\skype.exe"= Disabled:UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{7EA37158-FA69-4C78-99B4-4CC1E3B8E2BE}c:\\program files\\skype\\phone\\skype.exe"= Disabled:TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{D3F61C07-F675-4E83-A568-748AF2372798}c:\\program files\\jetbrains\\intellij idea 8.0\\bin\\idea.exe"= UDP:c:\program files\jetbrains\intellij idea 8.0\bin\idea.exe:idea
"UDP Query User{3F7D1C2E-C3B6-4A7F-8900-05471C2EB666}c:\\program files\\jetbrains\\intellij idea 8.0\\bin\\idea.exe"= TCP:c:\program files\jetbrains\intellij idea 8.0\bin\idea.exe:idea
"{673497D6-E87C-4F86-8AC9-A53467FD2817}"= UDP:c:\users\kerri\AppData\Local\Temp\7zS5FEC.tmp\SymNRT.exe:Norton Removal Tool
"{BBAA2832-9771-4A92-AEB9-5BB67CF67E8F}"= TCP:c:\users\kerri\AppData\Local\Temp\7zS5FEC.tmp\SymNRT.exe:Norton Removal Tool
"{532C5943-8787-4D8F-B88C-C5D978A7AE93}"= UDP:c:\users\kerri\AppData\Local\Temp\7zS1DBC.tmp\SymNRT.exe:Norton Removal Tool
"{177E2A9E-D251-4372-AFA8-A6F574667CBD}"= TCP:c:\users\kerri\AppData\Local\Temp\7zS1DBC.tmp\SymNRT.exe:Norton Removal Tool

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [12/15/2008 8:41 PM 33808]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [5/15/2009 6:50 PM 21008]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [4/17/2007 9:09 PM 11032]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\System32\drivers\ArcSoftKsUFilter.sys [10/8/2008 1:54 PM 16640]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [5/16/2009 8:59 PM 19472]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\System32\drivers\R5U870FLx86.sys [8/18/2007 7:56 AM 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\System32\drivers\R5U870FUx86.sys [8/18/2007 7:56 AM 43904]
R3 ti21sony;ti21sony;c:\windows\System32\drivers\ti21sony.sys [8/18/2007 7:56 AM 812544]
S3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe --> c:\cygwin\bin\cygrunsrv.exe [?]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\System32\drivers\tap0801.sys [10/1/2006 6:37 AM 26624]
S3 Tomcat6;Apache Tomcat;c:\tomcat6\bin\tomcat6.exe //RS//Tomcat6 --> c:\tomcat6\bin\tomcat6.exe [?]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [11/1/2007 10:17 AM 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [11/1/2007 10:17 AM 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [11/1/2007 10:17 AM 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [8/18/2007 8:08 AM 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [8/18/2007 8:09 AM 79736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2009-10-02 c:\windows\Tasks\User_Feed_Synchronization-{2881FC9C-AEAE-4A47-A1B9-DE31376AE802}.job
- c:\windows\system32\msfeedssync.exe [2008-08-03 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\kerri\AppData\Roaming\Mozilla\Firefox\Profiles\lnsuaxgf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\kerri\AppData\Roaming\Mozilla\Firefox\Profiles\lnsuaxgf.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\users\kerri\AppData\Roaming\Mozilla\Firefox\Profiles\lnsuaxgf.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

BHO-{bfb735d8-6524-4121-8985-ff847480de16} - (no file)
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKCU-Run-Google Update - c:\users\kerri\AppData\Local\Google\Update\GoogleUpdate.exe
HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
AddRemove-Apache Tomcat 6.0 - c:\tomcat6\Uninstall.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\igfxext.exe
c:\windows\System32\igfxsrvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\ArcSoft\Magic-i Visual Effects\Magic-i Visual Effects.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Java\jre1.6.0_04\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-10-02 10:32 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-02 16:32

Pre-Run: 30,018,035,712 bytes free
Post-Run: 30,271,537,152 bytes free

356 --- E O F --- 2009-10-02 14:37

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:35 PM

Posted 03 October 2009 - 07:33 AM

Hi,

things are looking a lot better already. :( How is your PC doing now?

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

please post back with the log from Malwarebytes and a description of any remaining problem you might have.

regards _temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:35 PM

Posted 08 October 2009 - 05:50 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users