Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Assistance needed after infections


  • This topic is locked This topic is locked
29 replies to this topic

#1 Caribx

Caribx

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 14 January 2012 - 03:12 PM

Hello all,

This is a post in reference to an original topic: http://www.bleepingcomputer.com/forums/topic437774.html

I've been successful in running the the programs I was instructed to in the Prep guide up until it came to changing the fire wall settings (step 5). I could not even get to the "turn on/off firewall" I got a pop up stating

"Due to an unidentified problem, Windows cannot display Windows Firewall settings"


So I continued on to the following steps, was able to run 'defogger_disable'


I am now stuck on (step 8 ) DDS.scr Download and install were successful but once I run the script It loads, starts to run but will not go past the '###########..." My computer appears to me frozen except for the cursor of the DDS application. I let it run for up to an hour to no avail.

Please advise

Note: I am only able to run these processes in Safe Mode)

Edited by Caribx, 14 January 2012 - 03:13 PM.


BC AdBot (Login to Remove)

 


#2 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 14 January 2012 - 09:00 PM

Hello All,

I am submitting my OTL logs for review as instructed from a previous topic in another forum: http://www.bleepingcomputer.com/forums/topic437774.html

Now, I was instructed to follow the prep guide. I did so up in till it came time to run DDS which failed. I then was instructed to run OTL the output logs are as follows.

OTL Log:


OTL logfile created on: 1/14/2012 8:32:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Cari\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 81.37% Memory free
4.19 Gb Paging File | 3.98 Gb Available in Paging File | 94.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.22 Gb Total Space | 120.01 Gb Free Space | 67.34% Space Free | Partition Type: NTFS

Computer Name: CARI-PC | User Name: Cari | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Cari\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))


========== Modules (No Company Name) ==========

MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (PEVSystemStart) -- File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_8832f4b.dll ()
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (WRConsumerService) -- C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110704.033\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20110704.033\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20110704.050\IDSvix86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20110616.003\BHDrvx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (SSIDRV) -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (SSHRMD) -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com))
DRV - (ssfs0bbc) -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (SSKBFD) -- C:\Windows\System32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com))
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (netbt) -- C:\Windows\System32\drivers\netbt.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-21-2568416600-4111015234-3006906328-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2568416600-4111015234-3006906328-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-2568416600-4111015234-3006906328-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2568416600-4111015234-3006906328-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-2568416600-4111015234-3006906328-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-2568416600-4111015234-3006906328-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:0.1.2008d
FF - prefs.js..extensions.enabledItems: default-palette@celtx.com:1.0
FF - prefs.js..extensions.enabledItems: emoticons-msn-smileys@m513901.de:0.1
FF - prefs.js..extensions.enabledItems: inspector@mozilla.org:2.0.0
FF - prefs.js..extensions.enabledItems: messagestyle-blackened@addons.instantbird.org:0.9
FF - prefs.js..extensions.enabledItems: messagestyle-depth@addons.instantbird.org:1.1
FF - prefs.js..extensions.enabledItems: messagestyle-minimal20@addons.instantbird.org:1.5

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Cari\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Cari\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Cari\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\myspacefftb@myspace.com: C:\Program Files\MySpace\Toolbar\1.0.72.0\ [2010/06/15 19:42:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/09/28 16:45:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_4_3 [2012/01/14 15:01:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00927671-25B8-483B-8F20-DCB3CC64C090}: C:\Users\Cari\AppData\Local\{00927671-25B8-483B-8F20-DCB3CC64C090} [2011/06/05 01:31:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7671A0C7-0494-4346-9A96-23878F2C66FB}: C:\Users\Cari\AppData\Local\{7671A0C7-0494-4346-9A96-23878F2C66FB} [2011/06/20 14:16:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5A41D5F1-D136-473C-9CF9-6AE60A88BC58}: C:\Users\Cari\AppData\Local\{5A41D5F1-D136-473C-9CF9-6AE60A88BC58} [2011/06/22 16:36:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C436586C-5610-45AE-9B78-58AEAF0F192B}: C:\Users\Cari\AppData\Local\{C436586C-5610-45AE-9B78-58AEAF0F192B}\ [2011/06/27 09:43:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{375C1AB7-B6C8-4686-9282-FFF9422B1DF5}: C:\Users\Cari\AppData\Local\{375C1AB7-B6C8-4686-9282-FFF9422B1DF5}\ [2011/06/28 17:00:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E9FF3348-8D03-445F-B90A-D3716733B4EC}: C:\Users\Cari\AppData\Local\{E9FF3348-8D03-445F-B90A-D3716733B4EC} [2011/06/29 12:51:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{56F6EE6A-1900-4410-86B9-1D5B876F7964}: C:\Users\Cari\AppData\Local\{56F6EE6A-1900-4410-86B9-1D5B876F7964} [2011/07/04 21:01:08 | 000,000,000 | ---D | M]

[2011/12/21 15:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cari\AppData\Roaming\Mozilla\Extensions
[2011/12/21 15:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cari\AppData\Roaming\Mozilla\Extensions\celtx@celtx.com
[2011/12/21 15:38:04 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG
[2011/12/21 15:38:03 | 000,000,000 | ---D | M] (Default Shot Palette) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\DEFAULT-PALETTE@CELTX.COM
[2011/12/21 15:38:03 | 000,000,000 | ---D | M] (MSN-Smileys) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\EMOTICONS-MSN-SMILEYS@M513901.DE
[2011/12/21 15:38:03 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\INSPECTOR@MOZILLA.ORG
[2011/12/21 15:38:03 | 000,000,000 | ---D | M] (Blackened) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-BLACKENED@ADDONS.INSTANTBIRD.ORG
[2011/12/21 15:38:03 | 000,000,000 | ---D | M] (Depth) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-DEPTH@ADDONS.INSTANTBIRD.ORG
[2011/12/21 15:38:03 | 000,000,000 | ---D | M] (Minimal) -- C:\PROGRAM FILES\CELTX\EXTENSIONS\MESSAGESTYLE-MINIMAL20@ADDONS.INSTANTBIRD.ORG

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Cari\AppData\Local\Google\Chrome\Application\10.0.648.204\gcswf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Cari\AppData\Local\Google\Chrome\Application\10.0.648.204\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Users\Cari\AppData\Local\Google\Chrome\Application\10.0.648.204\gears.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Cari\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {574be437-25ae-4010-a53e-8c63b6ae02ff} - C:\Program Files\oovootoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-2568416600-4111015234-3006906328-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-2568416600-4111015234-3006906328-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2568416600-4111015234-3006906328-1000\..\Toolbar\WebBrowser: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-2568416600-4111015234-3006906328-1000..\Run: [Facebook Update] C:\Users\Cari\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2568416600-4111015234-3006906328-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2568416600-4111015234-3006906328-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-2568416600-4111015234-3006906328-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\wshbth.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABE3899E-4A54-402C-9350-879195F38C10}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Cari\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Cari\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4fe45050-e205-11df-a4f2-001a807a9bbf}\Shell\AutoRun\command - "" = .System\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe
O33 - MountPoints2\{4fe45050-e205-11df-a4f2-001a807a9bbf}\Shell\open\command - "" = .System\S-1-6-21-2434476501-1644491937-600003330-1213\Autorun.exe
O33 - MountPoints2\{96ddfe4d-3788-11e0-a3bc-001a807a9bbf}\Shell - "" = AutoRun
O33 - MountPoints2\{96ddfe4d-3788-11e0-a3bc-001a807a9bbf}\Shell\AutoRun\command - "" = I:\LaunchU3.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/14 20:30:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Cari\Desktop\OTL.exe
[2012/01/14 12:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 8
[2012/01/14 12:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2012/01/14 11:45:04 | 000,000,000 | ---D | C] -- C:\Users\Cari\AppData\Local\Safe mirror
[2012/01/14 11:44:45 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2012/01/13 17:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/01/13 16:15:51 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/13 00:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/13 00:17:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/13 00:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/11 14:42:45 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cari\Desktop\tdsskiller.exe
[2012/01/09 20:17:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/01/09 18:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/09 18:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/01/09 18:43:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/01/09 14:37:14 | 000,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF22075.exe
[2012/01/09 14:23:05 | 000,320,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CF19302.exe
[2012/01/09 14:23:05 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\swsc.exe
[2012/01/08 14:58:34 | 000,000,000 | ---D | C] -- C:\Users\Cari\AppData\Local\Spotify
[2012/01/08 14:54:55 | 000,000,000 | ---D | C] -- C:\Users\Cari\AppData\Roaming\Spotify
[2012/01/01 16:53:18 | 000,000,000 | ---D | C] -- C:\PFiles
[2011/12/21 15:48:40 | 000,000,000 | ---D | C] -- C:\Users\Cari\AppData\Roaming\Mozilla
[2011/12/21 15:48:39 | 000,000,000 | ---D | C] -- C:\Users\Cari\AppData\Roaming\Greyfirst
[2011/12/21 15:48:39 | 000,000,000 | ---D | C] -- C:\Users\Cari\AppData\Local\Greyfirst
[2011/12/21 15:38:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Celtx
[2011/12/21 15:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\Celtx
[2011/12/20 18:47:35 | 000,000,000 | ---D | C] -- C:\Firefox
[2011/12/20 18:47:34 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

========== Files - Modified Within 30 Days ==========

[2012/01/14 20:30:47 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Cari\Desktop\OTL.exe
[2012/01/14 19:53:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/14 17:06:18 | 000,642,090 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/14 17:06:18 | 000,111,476 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/14 14:59:33 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 14:59:33 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/14 13:02:47 | 000,000,000 | ---- | M] () -- C:\Users\Cari\defogger_reenable
[2012/01/13 16:15:51 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/13 11:42:31 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2568416600-4111015234-3006906328-1000UA.job
[2012/01/13 00:20:55 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 21:32:19 | 000,396,071 | ---- | M] () -- C:\Users\Cari\Desktop\MiniToolBox.exe
[2012/01/12 18:57:18 | 000,002,521 | ---- | M] () -- C:\Users\Cari\Desktop\HiJackThis.lnk
[2012/01/11 20:06:22 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2568416600-4111015234-3006906328-1000UA.job
[2012/01/10 16:14:37 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2568416600-4111015234-3006906328-1000Core.job
[2012/01/10 04:43:22 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cari\Desktop\tdsskiller.exe
[2012/01/10 01:34:11 | 000,006,324 | ---- | M] () -- C:\Users\Cari\AppData\Local\d3d9caps.dat
[2012/01/09 18:43:03 | 000,001,079 | ---- | M] () -- C:\Users\Cari\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/09 18:06:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2568416600-4111015234-3006906328-1000Core.job
[2012/01/09 14:37:09 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF22075.exe
[2012/01/09 14:32:44 | 000,010,020 | -HS- | M] () -- C:\ProgramData\488o5v2e4050
[2012/01/09 14:32:43 | 000,010,020 | -HS- | M] () -- C:\Users\Cari\AppData\Local\488o5v2e4050
[2012/01/09 14:23:00 | 000,320,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CF19302.exe
[2012/01/09 13:01:08 | 000,000,000 | ---- | M] () -- C:\Users\Cari\AppData\Local\Nxoresebebeb.bin
[2012/01/08 14:58:34 | 000,001,706 | ---- | M] () -- C:\Users\Cari\Desktop\Spotify.lnk
[2012/01/07 23:20:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/01/02 23:13:47 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2012/01/02 23:13:45 | 000,031,232 | ---- | M] () -- C:\Users\Cari\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/02 23:13:45 | 000,000,088 | RHS- | M] () -- C:\Windows\System32\15C721A374.sys
[2011/12/21 15:38:14 | 000,001,638 | ---- | M] () -- C:\Users\Cari\Application Data\Microsoft\Internet Explorer\Quick Launch\Celtx.lnk
[2011/12/21 15:38:14 | 000,001,614 | ---- | M] () -- C:\Users\Public\Desktop\Celtx.lnk
[2011/12/20 18:46:34 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk

========== Files Created - No Company Name ==========

[2012/01/14 13:02:47 | 000,000,000 | ---- | C] () -- C:\Users\Cari\defogger_reenable
[2012/01/13 00:20:55 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/12 21:32:25 | 000,396,071 | ---- | C] () -- C:\Users\Cari\Desktop\MiniToolBox.exe
[2012/01/11 20:35:10 | 000,294,400 | ---- | C] () -- C:\Users\Cari\Desktop\exeHelper.com
[2012/01/11 14:42:38 | 001,008,141 | ---- | C] () -- C:\Users\Cari\Desktop\rkill.com
[2012/01/09 18:43:03 | 000,001,079 | ---- | C] () -- C:\Users\Cari\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/01/09 14:39:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/08 21:12:40 | 000,010,020 | -HS- | C] () -- C:\Users\Cari\AppData\Local\488o5v2e4050
[2012/01/08 21:12:40 | 000,010,020 | -HS- | C] () -- C:\ProgramData\488o5v2e4050
[2012/01/08 14:58:34 | 000,001,692 | ---- | C] () -- C:\Users\Cari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012/01/08 14:58:33 | 000,001,706 | ---- | C] () -- C:\Users\Cari\Desktop\Spotify.lnk
[2011/12/21 15:38:14 | 000,001,638 | ---- | C] () -- C:\Users\Cari\Application Data\Microsoft\Internet Explorer\Quick Launch\Celtx.lnk
[2011/12/21 15:38:14 | 000,001,614 | ---- | C] () -- C:\Users\Public\Desktop\Celtx.lnk
[2011/06/05 01:31:30 | 000,000,120 | ---- | C] () -- C:\Users\Cari\AppData\Local\Odoveqayofikahas.dat
[2011/06/05 01:31:30 | 000,000,000 | ---- | C] () -- C:\Users\Cari\AppData\Local\Nxoresebebeb.bin
[2011/06/04 23:39:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/06/04 23:39:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/06/04 23:39:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/06/04 23:39:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/06/04 23:22:09 | 000,011,834 | -HS- | C] () -- C:\Users\Cari\AppData\Local\fue230iefqs74jss13b3bi41
[2011/06/04 23:22:09 | 000,011,834 | -HS- | C] () -- C:\ProgramData\fue230iefqs74jss13b3bi41
[2011/06/04 23:21:50 | 000,006,170 | ---- | C] () -- C:\Users\Cari\AppData\Roaming\55C2.E90
[2011/05/12 13:46:07 | 000,001,940 | ---- | C] () -- C:\Users\Cari\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/01 09:14:42 | 000,000,552 | ---- | C] () -- C:\Users\Cari\AppData\Local\d3d8caps.dat
[2010/10/11 18:40:38 | 009,079,808 | ---- | C] () -- C:\Windows\System32\alltoall.exe
[2010/09/12 17:25:48 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/09/12 17:25:48 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/09/07 21:49:35 | 000,229,147 | ---- | C] () -- C:\Windows\hpwins23.dat
[2010/09/07 21:49:35 | 000,002,075 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2010/09/07 20:57:01 | 000,031,232 | ---- | C] () -- C:\Users\Cari\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/20 15:26:37 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/07/20 15:26:37 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\15C721A374.sys
[2010/07/19 18:07:45 | 000,006,324 | ---- | C] () -- C:\Users\Cari\AppData\Local\d3d9caps.dat
[2010/06/15 18:28:03 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/06/14 21:35:18 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2010/06/14 12:54:28 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2010/06/14 12:50:04 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2009/12/03 08:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2007/11/22 18:30:39 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/11/22 17:12:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/11/22 17:05:03 | 000,000,034 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/11/22 15:43:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/11/22 15:40:33 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/11/22 15:40:33 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/11/22 15:40:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/10/30 13:44:52 | 000,393,216 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/06/05 15:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2007/04/16 06:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,346,784 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,642,090 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,111,476 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:57:20 | 000,184,320 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 02:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#3 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 14 January 2012 - 09:01 PM

The following is the Extra log:

OTL Extras logfile created on: 1/14/2012 8:32:01 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Cari\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16982)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 81.37% Memory free
4.19 Gb Paging File | 3.98 Gb Available in Paging File | 94.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 178.22 Gb Total Space | 120.01 Gb Free Space | 67.34% Space Free | Partition Type: NTFS

Computer Name: CARI-PC | User Name: Cari | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{014D12AF-EF0A-491B-B831-D0E9C550CCA7}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{19827112-6652-460D-987A-221585581205}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{1C4473FE-1C4B-482D-A9D6-26FDB8AF39A9}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{1F0F39C9-A55E-4CDF-BAE7-09F6125AB893}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{38AED397-0498-4533-BD87-05B6C6BB0BB1}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{397D09E4-44DC-429B-96C5-5E8AE7237E17}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{58235DCC-AF93-4303-8B18-6BDD3F240F6E}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{5FEA17B1-C294-4355-A649-1AF1DA79A859}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{63E3F2ED-A9F9-40E5-AB5B-DEB8F2FE8E99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BB659E0A-F85C-4989-A193-35708F02C4F2}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{CE9CB822-B9AA-4EF5-A541-F7D398B1DB59}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{D13233E8-A87C-4C5F-8FC5-AE205C8017B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E57A8A41-77DE-428C-8383-ED77D223CE7E}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{E7A7008A-A5CD-4F85-925D-1491A52C81FC}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{EDD85464-F31E-43D1-8025-11EA3DA6FF2F}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{FAA7CC10-E63D-491F-92FA-9F9A5DD62E9D}" = lport=49185 | protocol=6 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E0839A1-B1A1-45DA-8142-FF1B440EC1E2}" = dir=in | app=c:\program files\myspace\im\myspaceim.exe |
"{0E6A1854-23F4-4502-81CB-BF0860CBA482}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{14151CF3-2D68-4F4F-88E8-D444C55B899D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{1BC004CA-C7DE-48C7-AFB7-C123B36CB382}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{412399CC-01D2-4937-B348-6A31C68C511E}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{45D978EA-E509-4AAC-B36F-74C8250F3A97}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{4BAF7E1A-CAA5-4D86-B877-547FC6185E41}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{532B7B43-9A68-4D48-BD2F-886B9F16DD1C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{54162040-5820-4126-A112-1100D7DCB354}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{58871273-7B8B-4A99-B9E2-6DE98E1A28B4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{603BB554-DAE7-449A-A47C-739E7D89CB4A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{6DC07E63-B75B-4D89-85A8-F9DDC6B08635}" = protocol=6 | dir=in | app=c:\users\cari\appdata\roaming\spotify\spotify.exe |
"{7967C265-57D5-4CF7-9FB3-D638FEB3ECF3}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7E6D4C8C-FADF-416D-8077-AAAAF5C543BC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7F36AF88-0F10-4348-8367-4FC30CD67019}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{81787C8E-48B0-4D34-BC3F-C65CC26323C6}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{82348A28-9D58-45EC-9D22-CA477E1339DB}" = protocol=17 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
"{9B24CAC5-7936-4BF3-B7CF-D099D4884F04}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{9D386CB7-E4C2-4628-96D7-D6C4AA0098F4}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{A25448F3-0072-4E9C-BCD9-E1020D6EC9D4}" = dir=in | app=c:\users\cari\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{A36ED4C1-3750-4869-B637-B85DEF25116F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{A5799C3C-D75E-4973-88DD-DA1B273F6B1B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{AA054AF5-3F2A-4677-9E4F-33B430438BA0}" = protocol=17 | dir=in | app=c:\users\cari\appdata\roaming\spotify\spotify.exe |
"{AC0920A7-AEAF-44EB-A4AC-6A1F07A6D8F8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{B3F69D8A-DC11-4C5A-954F-83539C2A3E07}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{B567604B-1168-40CC-8F87-CDBA34EEA478}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{B841FDCD-833C-4D40-9A9A-DF5825B3ECB2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{C08C1D16-6F11-41C6-A157-79B1BC521C3F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{CC1A3633-EB5B-47ED-921D-9191A8666547}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{D47DE044-E182-4BDF-BFDF-2DC8397F6FEA}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{D8AD8221-9DCE-407B-B2D6-125492882ECF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{DC01FC02-5ABB-46E6-A88C-D150804C23CE}" = protocol=6 | dir=in | app=c:\program files\sony\locationfreeplayer\lfpc3\lfpc3.exe |
"{E460273C-D334-4174-AD62-0EE0897EC715}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{F4C978B5-AA30-48C8-AC71-0B70921218B4}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{FC353F37-2307-4438-997F-7850AC2D9C2A}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0E52A52C-E120-461C-AA1B-21B045BEE842}" = bpd_scan
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1D7CE340-70C3-4848-BCCF-215950328A4C}" = Facebook Video Calling 1.0.0.8953
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{3BE02281-FCCF-44BB-8413-AC4A633059EB}" = BPDSoftware
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{58D79E62-CFC8-4331-8469-3A1B16E1769C}" = HP Officejet 6500 E709 Series
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68654483-9629-4CF5-88FF-9FB70B3BECDE}" = ProductContext
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.2
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{99F67894-9486-413F-94E1-8B12B1606EAB}" = BPDSoftware_Ini
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
"{AA787E05-E835-4812-AA3D-4048C8A46587}" = 6500_E709_eDocs
"{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BB558CDC-C7BE-44D0-9260-B810D66702C4}" = 6500_E709n
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool
"{D937DD80-3928-4617-876F-538A25AECB17}" = LocationFree Player
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
"{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5397A82-641F-4643-8200-51D7F0016511}" = Click to Disc
"{F53B432E-BD19-4400-BFA0-2BBD16410F8F}" = 6500_E709_Help
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Celtx (2.9.1)" = Celtx (2.9.1)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CobBackup8" = Cobian Backup 8
"Crackle Screen Saver_is1" = Crackle Screen Saver 1.0
"DivX Setup.divx.com" = DivX Setup
"ESET Online Scanner" = ESET Online Scanner v3
"FrostWire" = FrostWire 4.20.7
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MySpaceIM" = MySpaceIM
"MySpaceToolbar" = MySpace Toolbar
"N360" = Norton 360
"oovootoolbar" = ooVoo Toolbar
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VAIO Service Utility" = VAIO Service Utility
"Video Free Files Convert" = Video Free Files Convert 1.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2568416600-4111015234-3006906328-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/14/2012 6:27:50 PM | Computer Name = Cari-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/14/2012 6:27:50 PM | Computer Name = Cari-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/14/2012 6:27:50 PM | Computer Name = Cari-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/14/2012 8:54:35 PM | Computer Name = Cari-PC | Source = EventSystem | ID = 4609
Description =

Error - 1/14/2012 8:54:50 PM | Computer Name = Cari-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/14/2012 8:54:50 PM | Computer Name = Cari-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/14/2012 8:54:50 PM | Computer Name = Cari-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/14/2012 8:54:50 PM | Computer Name = Cari-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/14/2012 8:54:50 PM | Computer Name = Cari-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 1/14/2012 8:54:50 PM | Computer Name = Cari-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 1/14/2012 8:54:35 PM | Computer Name = Cari-PC | Source = DCOM | ID = 10005
Description =

Error - 1/14/2012 8:54:37 PM | Computer Name = Cari-PC | Source = DCOM | ID = 10005
Description =

Error - 1/14/2012 8:54:40 PM | Computer Name = Cari-PC | Source = DCOM | ID = 10005
Description =

Error - 1/14/2012 8:54:40 PM | Computer Name = Cari-PC | Source = DCOM | ID = 10005
Description =

Error - 1/14/2012 8:55:15 PM | Computer Name = Cari-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1/14/2012 8:55:15 PM | Computer Name = Cari-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/14/2012 8:55:15 PM | Computer Name = Cari-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/14/2012 8:55:15 PM | Computer Name = Cari-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 1/14/2012 8:55:15 PM | Computer Name = Cari-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 1/14/2012 8:55:15 PM | Computer Name = Cari-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >

#4 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 15 January 2012 - 04:27 PM

I am also providing a screenshot of my task manager processes running. I noticed multiple ' SvcHost.exe' is running multiple instances but no CPU usage is occuring. Any help is greatly appreciated.

Posted Image

EDIT: Topics merged ~Budapest

Edited by Budapest, 15 January 2012 - 05:19 PM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:22 AM

Posted 19 January 2012 - 02:41 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 20 January 2012 - 05:12 PM

HI Gringo, Thanks for helping me out.

I am currently running Combo fix on the infected computer. it's been running for about a little over 40 minutes. I have not clicked on anything while combo fix is running as instructed, I am noticing that even though the cursor on the combo fix screen is blinking The computer clock appears to be frozen.

Is this a normal occurrence while running this program?

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:22 AM

Posted 21 January 2012 - 05:24 AM

Hello

It can happen so lets try this

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
ComboFix /nombr
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 21 January 2012 - 01:35 PM

hello gringo,

I was able to run the combofix via your instructions. However now I find that I cannot connect to the internet on that computer not in regular or safe mode. The computer is still running slow and freezing upon regular booting.

The following is the combofix log:

ComboFix 12-01-21.01 - Cari 01/21/2012 12:15:53.4.2 - x86 NETWORK
MicrosoftĂ Windows Vista˘ Home Premium 6.0.6000.0.1252.1.1033.18.2038.1524 [GMT -5:00]
Running from: c:\users\Cari\Desktop\ComboFix.exe
Command switches used :: /nombr
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Cari\AppData\Roaming\55C2.E90
c:\windows\system32\CF19302.exe
c:\windows\system32\CF22075.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-12-21 to 2012-01-21 )))))))))))))))))))))))))))))))
.
.
2012-01-21 17:22 . 2012-01-21 17:22 -------- d-----w- c:\users\Cari\AppData\Local\temp
2012-01-21 17:22 . 2012-01-21 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-14 17:23 . 2012-01-14 17:23 -------- d-----w- c:\program files\Cobian Backup 8
2012-01-14 16:45 . 2012-01-14 16:45 -------- d-----w- c:\users\Cari\AppData\Local\Safe mirror
2012-01-14 16:44 . 2012-01-14 17:16 -------- d-----w- c:\program files\Cobian Backup 10
2012-01-13 22:28 . 2012-01-13 22:28 -------- d-----w- c:\program files\ESET
2012-01-13 21:15 . 2012-01-13 21:15 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-01-13 05:17 . 2012-01-13 05:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-13 05:17 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-10 17:31 . 2012-01-10 21:17 -------- d-----w- c:\users\Admin
2012-01-09 23:43 . 2012-01-10 00:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-09 23:43 . 2012-01-09 23:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-01-08 19:58 . 2012-01-10 17:13 -------- d-----w- c:\users\Cari\AppData\Local\Spotify
2012-01-08 19:54 . 2012-01-10 17:03 -------- d-----w- c:\users\Cari\AppData\Roaming\Spotify
2012-01-01 21:53 . 2012-01-01 21:53 -------- d-----w- C:\PFiles
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-09 18:01 . 2011-06-05 06:31 0 ----a-w- c:\users\Cari\AppData\Local\Nxoresebebeb.bin
.
.
((((((((((((((((((((((((((((( SnapShot@2011-06-05_04.50.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-18 04:22 . 2011-07-18 04:22 65536 c:\windows\winsxs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.5592_none_3b124bdfc9ac2eae\vcomp.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_03ce6e542058fb0d\mfc80KOR.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 49152 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_03ce6e542058fb0d\mfc80JPN.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_03ce6e542058fb0d\mfc80ITA.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_03ce6e542058fb0d\mfc80FRA.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 61440 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_03ce6e542058fb0d\mfc80ESP.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 57344 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_03ce6e542058fb0d\mfc80ENU.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 65536 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_03ce6e542058fb0d\mfc80DEU.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 45056 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_03ce6e542058fb0d\mfc80CHT.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 40960 c:\windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_03ce6e542058fb0d\mfc80CHS.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 57856 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_cbf62b764709d1c9\mfcm80u.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 69632 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_cbf62b764709d1c9\mfcm80.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 97280 c:\windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d1cb520e4353d918\ATL80.dll
+ 2007-11-22 22:11 . 2012-01-14 20:02 60090 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2012-01-20 23:44 71224 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-15 00:36 . 2012-01-20 23:44 17758 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2568416600-4111015234-3006906328-1000_UserData.bin
+ 2011-06-05 18:03 . 2010-08-21 03:59 26600 c:\windows\System32\DRVSTORE\GEARAspiWD_F922651AD36DADE59756BB9CB900A74834B0879B\x86\GEARAspiWDM.sys
+ 2011-06-05 18:02 . 2011-03-31 03:00 50168 c:\windows\System32\drivers\N360\0501000.01D\srtspx.sys
+ 2011-06-05 18:03 . 2011-07-06 16:44 27888 c:\windows\System32\drivers\GEARAspiWDM.sys
+ 2012-01-12 01:06 . 2012-01-20 23:41 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-09 02:23 . 2012-01-09 03:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012010820120109\index.dat
+ 2010-08-09 00:31 . 2010-08-09 00:31 70656 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\MSN Suite\Packages\uiengine3.Msi
- 2010-07-07 20:51 . 2011-06-05 04:24 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2010-07-07 20:51 . 2011-11-15 21:57 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
+ 2010-06-17 21:01 . 2012-01-20 23:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-17 21:01 . 2011-06-05 04:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-17 21:01 . 2012-01-20 23:41 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-06-17 21:01 . 2011-06-05 04:31 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-19 21:36 . 2011-02-19 21:36 28160 c:\windows\Installer\7b69a1.msi
+ 2010-06-15 23:57 . 2010-06-15 23:57 49664 c:\windows\Installer\72ec78.msi
+ 2010-06-15 23:53 . 2010-06-15 23:53 27136 c:\windows\Installer\72ec58.msi
+ 2010-06-15 23:52 . 2010-06-15 23:52 58880 c:\windows\Installer\72ec44.msi
+ 2010-09-08 02:50 . 2010-09-08 02:50 66048 c:\windows\Installer\1143d66.msi
+ 2011-08-15 16:23 . 2011-08-15 16:23 15086 c:\windows\Installer\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\_D7E8D82F3BE9F1F18E4412.exe
+ 2011-05-28 23:34 . 2011-12-20 23:46 15086 c:\windows\Installer\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\_6FEFF9B68218417F98F549.exe
- 2011-05-28 23:34 . 2011-05-28 23:34 15086 c:\windows\Installer\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\_6FEFF9B68218417F98F549.exe
+ 2011-12-20 23:46 . 2011-12-20 23:46 15086 c:\windows\Installer\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\_6A79E360A4FCF19A3B906D.exe
+ 2011-12-20 23:46 . 2011-12-20 23:46 15086 c:\windows\Installer\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\_5F1A424D0982EC09DBA6DD.exe
+ 2011-08-15 16:23 . 2011-08-15 16:23 15086 c:\windows\Installer\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\_047C6392F58A370C14D276.exe
+ 2011-10-13 23:49 . 2011-10-13 23:49 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2011-01-18 03:12 . 2011-01-18 03:12 49936 c:\windows\Installer\{95120000-00AF-0409-0000-0000000FF1CE}\ppvwicon.exe
- 2010-06-16 22:41 . 2011-05-12 19:44 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-16 22:41 . 2011-11-12 02:23 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2010-06-19 23:05 . 2011-12-20 03:56 4684 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2011-11-26 21:28 . 2011-11-26 21:28 9560 c:\windows\System32\networklist\icons\{A39C17AE-6AF8-4667-9916-516BBB07445E}_48.bin
+ 2011-11-26 21:28 . 2011-11-26 21:28 4280 c:\windows\System32\networklist\icons\{A39C17AE-6AF8-4667-9916-516BBB07445E}_32.bin
+ 2011-11-26 21:28 . 2011-11-26 21:28 2456 c:\windows\System32\networklist\icons\{A39C17AE-6AF8-4667-9916-516BBB07445E}_24.bin
+ 2010-07-20 20:26 . 2012-01-03 04:13 2828 c:\windows\System32\KGyGaAvL.sys
- 2010-07-20 20:26 . 2011-05-16 02:21 2828 c:\windows\System32\KGyGaAvL.sys
+ 2012-01-20 21:08 . 2012-01-21 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-20 21:08 . 2012-01-21 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-18 04:22 . 2011-07-18 04:22 632656 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcr80.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 554832 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcp80.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 479232 c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.5592_none_d09196c24426e2d4\msvcm80.dll
+ 2010-06-21 22:56 . 2011-07-18 04:22 150839 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
+ 2010-06-15 01:34 . 2012-01-13 13:45 263816 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2012-01-21 17:14 642090 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2012-01-21 17:14 111476 c:\windows\System32\perfc009.dat
+ 2011-06-22 20:25 . 2011-06-22 20:25 240288 c:\windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe
+ 2011-06-22 20:25 . 2011-06-22 20:25 321184 c:\windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.dll
+ 2010-06-19 23:08 . 2010-08-21 03:59 106928 c:\windows\System32\GEARAspi.dll
+ 2010-06-19 23:08 . 2011-06-05 18:03 126584 c:\windows\System32\drivers\SYMEVENT.SYS
+ 2011-06-05 18:02 . 2011-03-22 00:39 331384 c:\windows\System32\drivers\N360\0501000.01D\symtdiv.sys
+ 2011-06-05 18:02 . 2011-03-22 00:39 296568 c:\windows\System32\drivers\N360\0501000.01D\symnets.sys
+ 2011-06-05 18:02 . 2011-03-15 02:31 744568 c:\windows\System32\drivers\N360\0501000.01D\SymEFA.sys
+ 2011-06-05 18:02 . 2011-01-27 06:47 340088 c:\windows\System32\drivers\N360\0501000.01D\SymDS.sys
+ 2011-06-05 18:02 . 2011-03-31 03:00 516216 c:\windows\System32\drivers\N360\0501000.01D\srtsp.sys
+ 2011-06-05 18:02 . 2011-01-27 05:07 136312 c:\windows\System32\drivers\N360\0501000.01D\Ironx86.sys
+ 2010-06-14 17:00 . 2012-01-20 23:41 212992 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-14 17:00 . 2012-01-20 23:41 491520 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-09 00:31 . 2010-08-09 00:36 897613 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\MSN Suite\Packages\msntlb40.msp
+ 2010-08-09 00:31 . 2010-08-09 00:31 207360 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\MSN Suite\Packages\msntlb40.Msi
+ 2010-06-15 02:54 . 2011-09-11 21:34 693568 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-07-30 03:44 . 2008-07-30 03:44 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2010-09-08 02:09 . 2010-09-08 02:09 169472 c:\windows\Installer\ee7c39.msi
+ 2010-06-16 21:05 . 2010-06-16 21:05 432640 c:\windows\Installer\e9ed8.msi
+ 2010-06-16 21:02 . 2010-06-16 21:03 429568 c:\windows\Installer\e9ed3.msi
+ 2010-06-12 00:07 . 2010-06-12 00:07 168960 c:\windows\Installer\bdfbb4.msp
+ 2012-01-01 21:53 . 2012-01-01 21:53 836096 c:\windows\Installer\a7b69.msi
+ 2009-02-12 16:58 . 2009-02-12 16:58 549888 c:\windows\Installer\909781.msp
+ 2011-01-18 03:12 . 2011-01-18 03:12 200192 c:\windows\Installer\891f16.msi
+ 2011-03-27 16:37 . 2011-03-27 16:37 228352 c:\windows\Installer\822580.msi
+ 2010-06-14 18:01 . 2010-06-14 18:01 314880 c:\windows\Installer\7f66f.msi
+ 2010-06-14 17:55 . 2010-06-14 17:55 200704 c:\windows\Installer\7f669.msi
+ 2010-06-14 17:54 . 2010-06-14 17:54 200704 c:\windows\Installer\7f65c.msi
+ 2010-06-14 17:49 . 2010-06-14 17:49 194048 c:\windows\Installer\7f656.msi
+ 2010-06-14 17:28 . 2010-06-14 17:28 355840 c:\windows\Installer\7f5c1.msi
+ 2010-06-14 17:28 . 2010-06-14 17:28 360448 c:\windows\Installer\7f5bc.msi
+ 2010-06-14 17:18 . 2010-06-14 17:18 746496 c:\windows\Installer\7f5a9.msi
+ 2010-06-14 17:16 . 2010-06-14 17:16 264192 c:\windows\Installer\7f5a4.msi
+ 2010-06-14 17:05 . 2010-06-14 17:05 316928 c:\windows\Installer\7f577.msi
+ 2010-06-14 17:03 . 2010-06-14 17:03 390656 c:\windows\Installer\7f56a.msi
+ 2009-03-20 15:48 . 2009-03-20 15:48 183808 c:\windows\Installer\7d3ba.msp
+ 2011-02-27 17:39 . 2011-02-27 17:39 180224 c:\windows\Installer\752ee6.msi
+ 2010-06-15 23:56 . 2010-06-15 23:56 778752 c:\windows\Installer\72ec72.msi
+ 2010-06-15 23:56 . 2010-06-15 23:56 463872 c:\windows\Installer\72ec6d.msi
+ 2010-06-15 23:55 . 2010-06-15 23:55 891904 c:\windows\Installer\72ec68.msi
+ 2010-06-15 23:53 . 2010-06-15 23:53 429056 c:\windows\Installer\72ec63.msi
+ 2010-06-15 23:53 . 2010-06-15 23:53 155648 c:\windows\Installer\72ec5d.msi
+ 2010-06-15 23:52 . 2010-06-15 23:52 202752 c:\windows\Installer\72ec4e.msi
+ 2010-06-15 23:52 . 2010-06-15 23:52 149504 c:\windows\Installer\72ec49.msi
+ 2010-06-15 23:52 . 2010-06-15 23:52 107008 c:\windows\Installer\72ec3f.msi
+ 2010-06-15 23:52 . 2010-06-15 23:52 301056 c:\windows\Installer\72ec3a.msi
+ 2011-12-20 23:46 . 2011-12-20 23:46 225280 c:\windows\Installer\69a20d.msi
+ 2011-02-02 19:38 . 2011-02-02 19:38 677376 c:\windows\Installer\5678d5.msi
+ 2011-02-02 19:35 . 2011-02-02 19:35 219648 c:\windows\Installer\5678cd.msi
+ 2010-06-16 22:30 . 2010-06-16 22:30 181248 c:\windows\Installer\490b4f.msi
+ 2010-06-16 22:29 . 2010-06-16 22:29 727040 c:\windows\Installer\490b4a.msi
+ 2010-06-16 22:28 . 2010-06-16 22:28 483328 c:\windows\Installer\490b45.msi
+ 2010-06-14 18:19 . 2010-06-14 18:19 251392 c:\windows\Installer\485bef.msi
+ 2007-11-22 21:59 . 2007-11-22 21:59 428544 c:\windows\Installer\42e229.msi
+ 2008-12-13 13:58 . 2008-12-13 13:58 754688 c:\windows\Installer\3ef787.msp
+ 2010-06-17 22:09 . 2010-06-17 22:09 648192 c:\windows\Installer\3ef77d.msi
+ 2010-06-17 00:58 . 2010-06-17 00:58 441856 c:\windows\Installer\3d8224.msi
+ 2010-06-15 22:49 . 2010-06-15 22:49 424960 c:\windows\Installer\38df01.msi
+ 2007-11-22 21:33 . 2007-11-22 21:33 431104 c:\windows\Installer\2b2ec2.msi
+ 2010-08-09 00:04 . 2010-08-09 00:04 676352 c:\windows\Installer\282ade.msi
+ 2011-11-14 20:35 . 2011-11-14 20:35 115200 c:\windows\Installer\269d1.msi
+ 2011-07-18 04:22 . 2011-07-18 04:22 459264 c:\windows\Installer\1e0488.msi
+ 2007-11-22 23:22 . 2007-11-22 23:22 261120 c:\windows\Installer\1b9db6.msi
+ 2007-11-22 23:21 . 2007-11-22 23:21 320512 c:\windows\Installer\1b9db1.msi
+ 2007-11-22 23:21 . 2007-11-22 23:21 226304 c:\windows\Installer\1b9dac.msi
+ 2007-11-22 23:21 . 2007-11-22 23:21 257024 c:\windows\Installer\1b9da7.msi
+ 2007-11-22 23:19 . 2007-11-22 23:19 873472 c:\windows\Installer\1b9da2.msi
+ 2007-11-22 23:19 . 2007-11-22 23:19 953344 c:\windows\Installer\1b9cf9.msi
+ 2007-11-22 23:18 . 2007-11-22 23:18 648192 c:\windows\Installer\1b9ceb.msi
+ 2010-09-08 03:17 . 2010-09-08 03:17 686080 c:\windows\Installer\1143e3f.msi
+ 2010-09-08 03:17 . 2010-09-08 03:17 337920 c:\windows\Installer\1143e3a.msi
+ 2010-09-08 03:16 . 2010-09-08 03:16 376320 c:\windows\Installer\1143e34.msi
+ 2010-09-08 03:02 . 2010-09-08 03:02 699392 c:\windows\Installer\1143dfb.msi
+ 2010-09-08 03:02 . 2010-09-08 03:02 767488 c:\windows\Installer\1143df4.msi
+ 2010-09-08 03:01 . 2010-09-08 03:01 459264 c:\windows\Installer\1143dd8.msi
+ 2010-09-08 03:01 . 2010-09-08 03:01 585728 c:\windows\Installer\1143dd3.msi
+ 2010-09-08 03:01 . 2010-09-08 03:01 678400 c:\windows\Installer\1143dce.msi
+ 2010-09-08 03:00 . 2010-09-08 03:00 629760 c:\windows\Installer\1143dc3.msi
+ 2010-09-08 03:00 . 2010-09-08 03:00 491008 c:\windows\Installer\1143dbd.msi
+ 2010-09-08 02:59 . 2010-09-08 02:59 572928 c:\windows\Installer\1143db8.msi
+ 2010-09-08 02:59 . 2010-09-08 02:59 274432 c:\windows\Installer\1143db3.msi
+ 2010-09-08 02:59 . 2010-09-08 02:59 828928 c:\windows\Installer\1143dae.msi
+ 2010-09-08 02:58 . 2010-09-08 02:58 822784 c:\windows\Installer\1143da6.msi
+ 2010-09-08 02:58 . 2010-09-08 02:58 483328 c:\windows\Installer\1143da0.msi
+ 2010-09-08 02:57 . 2010-09-08 02:57 303616 c:\windows\Installer\1143d9b.msi
+ 2010-09-08 02:57 . 2010-09-08 02:57 306688 c:\windows\Installer\1143d96.msi
+ 2010-09-08 02:57 . 2010-09-08 02:57 311808 c:\windows\Installer\1143d91.msi
+ 2010-09-08 02:56 . 2010-09-08 02:56 946688 c:\windows\Installer\1143d87.msi
+ 2010-09-08 02:56 . 2010-09-08 02:56 396288 c:\windows\Installer\1143d82.msi
+ 2010-09-08 02:55 . 2010-09-08 02:55 820736 c:\windows\Installer\1143d7d.msi
+ 2010-09-08 02:55 . 2010-09-08 02:55 313344 c:\windows\Installer\1143d74.msi
+ 2010-09-08 02:54 . 2010-09-08 02:54 458240 c:\windows\Installer\1143d6b.msi
+ 2011-12-20 23:47 . 2011-12-20 23:47 102400 c:\windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\ARPPRODUCTICON.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 16:55 . 2011-06-06 16:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 1093120 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_cbf62b764709d1c9\mfc80u.dll
+ 2011-07-18 04:22 . 2011-07-18 04:22 1101824 c:\windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.5592_none_cbf62b764709d1c9\mfc80.dll
+ 2006-11-02 10:22 . 2011-07-18 04:38 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2006-11-02 10:22 . 2011-03-28 03:57 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-08-09 00:25 . 2010-08-09 00:31 4649472 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\MSN Suite\Packages\wllogin_32.Msi
+ 2009-04-24 16:31 . 2009-04-24 16:31 1425920 c:\windows\Installer\fad60.msp
+ 2009-04-24 16:30 . 2009-04-24 16:30 2583552 c:\windows\Installer\fad3e.msp
+ 2009-04-24 16:38 . 2009-04-24 16:38 1229312 c:\windows\Installer\fad2b.msp
+ 2009-07-27 08:31 . 2009-07-27 08:31 3738624 c:\windows\Installer\facea.msp
+ 2010-04-24 21:10 . 2010-04-24 21:10 8486400 c:\windows\Installer\fac7b.msp
+ 2010-09-17 11:04 . 2010-09-17 11:04 9401856 c:\windows\Installer\891f1d.msp
+ 2010-08-13 22:59 . 2010-08-13 22:59 8182272 c:\windows\Installer\891ed4.msp
+ 2010-08-13 23:02 . 2010-08-13 23:02 2545664 c:\windows\Installer\891ebd.msp
+ 2010-10-07 23:43 . 2010-10-07 23:43 1980416 c:\windows\Installer\891e9e.msp
+ 2010-11-24 15:51 . 2010-11-24 15:51 2190336 c:\windows\Installer\891e7c.msp
+ 2007-03-21 21:46 . 2007-03-21 21:46 8198656 c:\windows\Installer\7f62f.msp
+ 2010-06-14 17:27 . 2010-06-14 17:27 8562688 c:\windows\Installer\7f5b7.msi
+ 2010-06-14 17:24 . 2010-06-14 17:24 1978368 c:\windows\Installer\7f5b2.msi
+ 2011-06-05 15:40 . 2011-06-05 15:40 1094656 c:\windows\Installer\7e8fa.msi
+ 2011-06-18 23:19 . 2011-06-18 23:19 2295808 c:\windows\Installer\786bcf.msi
+ 2011-12-20 23:47 . 2011-12-20 23:48 2097152 c:\windows\Installer\69a214.msi
+ 2010-06-15 23:30 . 2010-06-15 23:30 1473024 c:\windows\Installer\5d4caa.msi
+ 2010-06-15 23:30 . 2010-06-15 23:30 2981376 c:\windows\Installer\5d4ca5.msi
+ 2011-02-02 19:47 . 2011-02-02 19:47 2991104 c:\windows\Installer\5678dc.msi
+ 2010-06-14 18:15 . 2010-06-14 18:15 8735744 c:\windows\Installer\485bd1.msi
+ 2007-11-22 23:19 . 2007-11-22 23:19 1259520 c:\windows\Installer\1b9cfd.msi
+ 2007-11-22 23:19 . 2007-11-22 23:19 1261056 c:\windows\Installer\1b9cfb.msi
+ 2007-11-22 23:18 . 2007-11-22 23:18 1262080 c:\windows\Installer\1b9ced.msi
+ 2007-11-22 23:18 . 2007-11-22 23:18 1221120 c:\windows\Installer\1b9cea.msi
+ 2007-11-22 23:16 . 2007-11-22 23:16 1419264 c:\windows\Installer\1b9cae.msi
+ 2007-11-22 22:22 . 2007-11-22 22:22 3506176 c:\windows\Installer\16de9.msi
+ 2010-09-08 03:10 . 2010-09-08 03:10 2317312 c:\windows\Installer\1143e0d.msi
+ 2010-09-08 03:00 . 2010-09-08 03:00 1060352 c:\windows\Installer\1143dc8.msi
+ 2010-09-08 02:57 . 2010-09-08 02:57 1013760 c:\windows\Installer\1143d8c.msi
+ 2010-07-09 21:28 . 2010-07-09 21:28 2151424 c:\windows\Installer\10f277.msp
+ 2010-07-11 00:14 . 2010-07-11 00:14 2850816 c:\windows\Installer\10f252.msp
+ 2011-06-06 16:55 . 2011-06-06 16:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 16:55 . 2011-06-06 16:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2007-11-22 19:59 . 2007-11-15 00:02 4660224 c:\windows\DRIVERS\Bluetooth Driver (Broadcom) 6.1S2Q108 - 6.1.0.2200_logo\Win64\BTW.msi
+ 2007-11-22 19:59 . 2007-11-15 00:01 3507712 c:\windows\DRIVERS\Bluetooth Driver (Broadcom) 6.1S2Q108 - 6.1.0.2200_logo\Win32\BTW.msi
+ 2010-04-24 21:09 . 2010-04-24 21:09 11750912 c:\windows\Installer\fad85.msp
+ 2011-05-01 19:34 . 2011-05-01 19:34 20308992 c:\windows\Installer\bcb14.msp
+ 2009-04-04 11:35 . 2009-04-04 11:35 36977152 c:\windows\Installer\7f63c0.msp
+ 2008-08-11 15:49 . 2008-08-11 15:49 22457344 c:\windows\Installer\7f63b9.msp
+ 2009-04-04 11:35 . 2009-04-04 11:35 38325760 c:\windows\Installer\73b7c5.msp
+ 2010-06-15 23:57 . 2010-06-15 23:57 15706112 c:\windows\Installer\72ec7e.msp
+ 2010-06-16 22:39 . 2010-06-16 22:39 20242432 c:\windows\Installer\490b66.msp
+ 2011-05-12 19:42 . 2011-05-12 19:42 20314624 c:\windows\Installer\434e96.msp
+ 2011-09-05 22:01 . 2011-09-05 22:01 13135872 c:\windows\Installer\36553.msp
+ 2007-11-22 23:18 . 2007-11-22 23:18 27146240 c:\windows\Installer\1b9ce9.msi
+ 2011-11-12 02:22 . 2011-11-12 02:22 20333568 c:\windows\Installer\1a89483.msp
+ 2010-10-28 03:01 . 2010-10-28 03:01 20303872 c:\windows\Installer\17e8259.msp
+ 2010-06-14 17:23 . 2010-06-14 17:23 16521728 c:\windows\Downloaded Installations\{1A1C1F6B-8A08-4A75-A28E-0E6519B72BD2}\LocationFree Player.msi
+ 2010-06-14 17:43 . 2010-06-14 17:43 138830848 c:\windows\Installer\7f650.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-03-16 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-18 00:29 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{574be437-25ae-4010-a53e-8c63b6ae02ff}"= "c:\program files\oovootoolbar\vmntemplateX.dll" [2011-04-21 81920]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{574be437-25ae-4010-a53e-8c63b6ae02ff}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-12-01 00:06 303104 ----a-w- c:\ddi\OverIcon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"Facebook Update"="c:\users\Cari\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-08 4423680]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-13 45056]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-11-18 901800]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-24 460872]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2009-12-01 6373376]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOL DDI.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AOL DDI.lnk
backup=c:\windows\pss\AOL DDI.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Cari^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
path=c:\users\Cari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FrostWire On Startup.lnk
backup=c:\windows\pss\FrostWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Cari^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Cari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Cari^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Cari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 18:56 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2011-06-16 11:55 6276408 ----a-w- c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-17 02:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
2009-12-01 19:11 6373376 ----a-w- c:\program files\MySpace\IM\MySpaceIM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2011-12-12 23:21 22459984 ----a-w- c:\program files\ooVoo\ooVoo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify]
2012-01-08 19:58 4016816 ----a-w- c:\users\Cari\AppData\Roaming\Spotify\spotify.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Help and Support Demo]
2007-08-28 00:54 290816 ----a-w- c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2007-07-20 22:30 577536 ----a-w- c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YMailAdvisor]
2009-05-08 10:53 174424 ----a-w- c:\program files\Yahoo!\Common\YMailAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2568416600-4111015234-3006906328-1000Core.job
- c:\users\Cari\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 15:46]
.
2012-01-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2568416600-4111015234-3006906328-1000UA.job
- c:\users\Cari\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-06 15:46]
.
2012-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568416600-4111015234-3006906328-1000Core.job
- c:\users\Cari\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24 21:56]
.
2012-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2568416600-4111015234-3006906328-1000UA.job
- c:\users\Cari\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-24 21:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-21 12:22
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-21 12:24:57
ComboFix-quarantined-files.txt 2012-01-21 17:24
ComboFix2.txt 2011-06-05 04:53
.
Pre-Run: 128,817,881,088 bytes free
Post-Run: 128,722,079,744 bytes free
.
- - End Of File - - 91C6FF58D30042561E66707B3DF02923

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:22 AM

Posted 21 January 2012 - 03:21 PM

Hello

Lets check your internet connection

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure all the boxes are checked
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 21 January 2012 - 06:42 PM

Hi,

Here is the FSS Log:


Farbar Service Scanner Version: 18-01-2012 01
Ran by Cari (administrator) on 21-01-2012 at 18:39:42
MicrosoftĂ Windows Vista˘ Home Premium (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:22 AM

Posted 21 January 2012 - 08:44 PM

Hello


I would like you to run this for me - http://download.bleepingcomputer.com/sUBs/MiniFixes/RestoreBFE.exe

check the internet and run FSS again and send me the new report
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 21 January 2012 - 09:22 PM

Hi,

Farbar Service Scanner Version: 18-01-2012 01
Ran by Cari (administrator) on 21-01-2012 at 21:20:09
MicrosoftĂ Windows Vista˘ Home Premium (X86)
Boot Mode: Nerwork
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is OK.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.
Checking LEGACY_SDRSVC: Attention! Unable to open LEGACY_SDRSVC\0000 registry key. The key does not exist.

VSS Service is not running. Checking service configuration:
The start type of VSS service is OK.
The ImagePath of VSS service is OK.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: Attention! Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
===========
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is OK.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.
Checking LEGACY_BITS: Attention! Unable to open LEGACY_BITS\0000 registry key. The key does not exist.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is OK.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:22 AM

Posted 21 January 2012 - 09:25 PM

Make sure, your settings are correct.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol version 4 (TCP/IPv4), make sure it is checked, and then click Properties
6. Make sure Obtain an IP Address Automatically and Obtain DNS server address Automatically are checked.
7. Click on "Advanced" button and make sure "IP Settings" tab looks like this:
Posted Image
Make sure "DNS" tab looks like this:
Posted Image
Make sure "WINS" tab looks like this:
Posted Image
8. Still in Control Panel double click on "Internet options" then "Connections" tab then "LAN Settings" button. Make sure "Automatically detect settings" is checked.
If you made any changes OK your way out.
Restart computer.

------------------------------------------------

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

------------------------------------------

If that doesn't work, bypass router, and connect computer straight to the modem.

---------------------------------------------

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

-------------------------------------------------------

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Caribx

Caribx
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:03:22 AM

Posted 21 January 2012 - 11:12 PM

Ok great, I got my connection back. Everything appears to be running smoothly now. Any other steps to take to ensure my system will not give me any problems?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:22 AM

Posted 21 January 2012 - 11:22 PM

Hello

I would ike to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users