Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde infected my UAC/ Changing homepage


  • This topic is locked This topic is locked
4 replies to this topic

#1 MissMac

MissMac

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 25 January 2012 - 02:21 PM

Hello there!
Ever since I tried to upgrade my ESET Smart Security 4 to NOD32 and I was left unprotected for a while as I had lost my activation key, I've noticed some problems. First of all, whenever I had opened any .exe files that needed to be run as an administrator I would get a consent.exe hanging in my task manager and my start would be blocked, hence I'd have to force log off via crtl+alt+del and this would bring up the error:

"Too many other files are currently in use by 16-bit programs. Exit one or more 16-bit programs, or increase the value of the FILES command in your config.sys file."

If I disabled UAC it happened less often but still happened and deleting and creating new accounts didn't help. Then my computer started being very slow and I'd find my home page being changed and icons I hadn't saved appearing on my desktop. My internet and firewall were also getting disabled. So I ran malwarebytes and spybot and got rid of some virtumonde and trojan.bho viruses.

However, my computer was still slow, with my CPU jumping from 60-90% with hardly any processes running. The UAC issue was still going on.
I've scanned several times again with malwarebytes and spybot but nothing gets detected and the virus blocks the installation of some antivirus programmes as well!

Any help would be really appreciated!

Here are my DDS and GMER logs:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170 BrowserJavaVersion: 1.6.0_26
Run by Hospital at 20:07:37 on 2012-01-24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.963 [GMT 0:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\lxctcoms.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Bamboo Dock\BambooCore.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\consent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.club-vaio.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.club-vaio.com
mDefault_Page_URL = hxxp://www.club-vaio.com
mSearchAssistant =
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
BHO: {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No File
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - c:\progra~1\bearsh~1\mediabar\datamngr\IEBHO.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - c:\progra~1\bearsh~1\mediabar\toolbar\BearshareMediabarDx.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [DriverFinder] c:\program files\driverfinder\DriverFinder.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [AppMon Utility] "c:\program files\sony\appmonutil\AppMonUtility.exe" @@@Start
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DATAMNGR] c:\progra~1\bearsh~1\mediabar\datamngr\DATAMN~1.EXE
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [LXCTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCTtime.dll,_RunDLLEntry@16
mRun: [BambooCore] c:\program files\bamboo dock\BambooCore.exe
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{6DD0AAF6-E346-40D7-8EB0-2AB35A8F172F} : DhcpNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\bearsh~1\mediabar\datamngr\datamngr.dll c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll c:\progra~1\google\google~4\GOEC62~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\paulinka\appdata\roaming\mozilla\firefox\profiles\wuczyl5x.default\
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.bearshare.com/
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2010-9-25 21504]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-6-24 136120]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-6-24 810144]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-9-25 21504]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-2-11 35088]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2007-3-9 200704]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 TabletServicePen;TabletServicePen;c:\program files\tablet\pen\Pen_Tablet.exe [2011-7-29 5554552]
R2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\tablet\pen\Pen_TouchService.exe [2011-7-29 451960]
R3 AVerM115S;AVerM115S service;c:\windows\system32\drivers\AVerM115S.sys [2007-3-9 789504]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-7-26 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-7-26 43904]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-7-26 812544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-7-27 30192]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-3-9 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-3-9 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-3-9 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-3-9 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-3-9 79736]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-8-11 722288]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2011-7-29 16240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-01-24 19:53:43 -------- d-----w- c:\program files\DriverFinder
2012-01-24 19:53:18 -------- d-----w- c:\users\paulinka\appdata\roaming\DriverFinder
2012-01-24 19:41:09 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{15f4cfdc-fb5a-4512-92ce-64aa453f0141}\offreg.dll
2012-01-24 19:21:44 -------- d-----w- c:\users\paulinka\appdata\local\VirtualStore
2012-01-24 19:09:56 -------- d-----w- c:\users\paulinka\appdata\roaming\ESET
2012-01-24 19:09:56 -------- d-----w- c:\users\paulinka\appdata\local\ESET
2012-01-24 19:01:14 -------- d-----w- c:\users\paulinka\appdata\local\Mozilla
2012-01-24 18:58:11 -------- d-----w- c:\users\paulinka\appdata\roaming\Wacom
2012-01-24 18:54:48 -------- d-----w- c:\users\paulinka\appdata\local\Adobe
2012-01-24 18:12:31 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{15f4cfdc-fb5a-4512-92ce-64aa453f0141}\mpengine.dll
2012-01-23 20:51:51 -------- d-----w- C:\123123651
2012-01-22 22:30:23 -------- d-----w- C:\123
2012-01-22 02:49:33 -------- d--h--w- c:\programdata\Common Files
2012-01-22 02:48:25 -------- d-----w- c:\programdata\MFAData
2012-01-21 18:51:26 -------- d-----w- c:\program files\Uniblue
2012-01-21 18:20:25 -------- d-----w- c:\programdata\Malwarebytes
2012-01-21 17:12:33 -------- dc-h--w- c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-01-21 14:44:20 -------- d-----w- c:\program files\Intel Corporation
2012-01-21 14:14:32 -------- d-----w- c:\programdata\ESET(2)
2012-01-21 14:14:32 -------- d-----w- c:\program files\ESET(1)
2012-01-18 19:24:14 278528 ----a-w- c:\windows\system32\schannel.dll
2012-01-18 19:24:13 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-18 19:24:12 9728 ----a-w- c:\windows\system32\lsass.exe
2012-01-18 19:24:12 72704 ----a-w- c:\windows\system32\secur32.dll
2012-01-18 19:24:12 377344 ----a-w- c:\windows\system32\winhttp.dll
2012-01-18 19:24:12 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-12 17:15:17 -------- d-----w- c:\program files\BitTorrent
2012-01-11 07:32:36 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-11 07:32:34 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-11 07:32:31 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-11 07:32:30 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 07:32:27 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-11 07:32:25 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-01-11 07:32:03 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 07:32:03 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-12-29 23:35:57 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll
2011-12-29 23:35:57 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll
2011-12-29 23:35:57 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll
2011-12-29 23:35:57 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll
.
==================== Find3M ====================
.
2011-11-23 13:52:44 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-15 14:29:56 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-08 14:42:19 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-27 08:01:53 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01:53 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2007-09-17 08:10:42 24576 ----a-w- c:\program files\Lexmark 3500-4500 Series
.
============= FINISH: 20:08:35.20 ===============



Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:20 AM

Posted 29 January 2012 - 09:40 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 MissMac

MissMac
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:20 AM

Posted 29 January 2012 - 04:05 PM

Hello myrti! Thanks for helping.
The problem seems to be getting worse, CPU keeps jumping to 100%.
I ran a spybot scan since my first post and multiple virtumonde entries were found.

Unfortunetaly, after performing the OTL scan, no Extra.txt appeared. I scanned a second time but it was still not popping up.
Here's the OTL.txt:

OTL logfile created on: 29/01/2012 20:53:17 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Paulina\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 47.38% Memory free
4.23 Gb Paging File | 2.74 Gb Available in Paging File | 64.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.17 Gb Total Space | 207.97 Gb Free Space | 72.17% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Paulina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/29 20:14:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paulina\Desktop\OTL.exe
PRC - [2011/12/29 23:35:56 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Paulina\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Paulina\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/09/28 15:07:31 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
PRC - [2011/09/08 16:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2011/09/08 16:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2011/09/08 16:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2011/09/08 16:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2010/06/24 08:27:12 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010/06/24 08:27:06 | 002,202,704 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010/04/09 12:37:34 | 001,459,568 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2010/03/06 03:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Users\Paulina\Desktop\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/19 07:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/25 02:26:38 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/07/25 02:26:38 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/07/12 23:39:56 | 000,534,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe
PRC - [2007/07/04 09:05:10 | 000,098,304 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/06/29 21:38:46 | 000,258,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2007/06/29 21:38:46 | 000,200,704 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/06/28 16:53:02 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/06/28 16:53:00 | 000,188,416 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/06/28 16:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/22 09:11:36 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxctcoms.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/29 23:35:56 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/14 16:17:33 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/28 15:07:32 | 000,060,504 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooWinTab.dll
MOD - [2011/09/28 15:07:31 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/08 16:48:36 | 000,962,936 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll
MOD - [2009/08/16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Users\Paulina\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 20:28:10 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/09/08 16:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011/09/08 16:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2010/06/24 08:27:54 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/06/24 08:27:12 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/04/09 12:37:34 | 000,722,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Users\Paulina\Desktop\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/25 02:26:38 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/07/06 03:12:52 | 000,292,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/07/06 01:43:04 | 000,079,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/07/04 09:05:10 | 000,098,304 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/06/29 21:38:46 | 000,200,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/06/28 16:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 16:53:02 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/06/28 16:53:00 | 000,188,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/06/28 16:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/20 23:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/06/20 23:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/06/20 23:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/06/20 23:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/06/20 23:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/06/20 23:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/01/11 00:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 10:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 10:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 09:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/11/22 09:11:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxctcoms.exe -- (lxct_device)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2012/01/27 16:23:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/02/11 21:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2010/10/11 19:19:36 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/10/11 19:19:26 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010/06/24 08:27:22 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010/06/24 08:04:14 | 000,136,120 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/04/28 07:17:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010/04/28 07:17:46 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/04/28 07:17:46 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2008/08/18 05:15:48 | 000,921,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/07/16 21:15:18 | 000,789,504 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2007/07/04 09:05:16 | 000,328,704 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/07/03 00:34:38 | 007,563,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/06/28 02:29:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/06/06 00:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/04/24 00:16:00 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/20 00:00:55 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/04/20 00:00:55 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/02/16 19:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/14 02:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/06 08:29:32 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&mntrId=522f9eab000000000000001c2652b761&tlver=1.4.23.10&affID=100607
IE - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - No CLSID value found
IE - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\..\URLSearchHook: {f92a9fe4-2850-4198-b9d5-279880e49b16} - No CLSID value found
IE - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "BearShare Web Search"
FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com/?p=us"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: ClickPotatoLite@ClickPotatoLite.com:10.0.632.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/29 23:35:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/24 17:39:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/01/24 17:39:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\internetengine
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e641e573-5f45-49f4-a2b6-986c6a89d4ad}: C:\Program Files\Object\searchtoolbar

[2010/12/17 19:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paulina\AppData\Roaming\Mozilla\Extensions
[2010/08/13 08:24:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paulina\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/01/27 19:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Paulina\AppData\Roaming\Mozilla\Firefox\Profiles\4xdozxaz.default\extensions
[2010/12/17 22:53:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Paulina\AppData\Roaming\Mozilla\Firefox\Profiles\4xdozxaz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/02 05:30:38 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\Paulina\AppData\Roaming\Mozilla\Firefox\Profiles\4xdozxaz.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2012/01/22 03:45:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/22 03:45:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\PAULINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4XDOZXAZ.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\PAULINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4XDOZXAZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\PAULINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4XDOZXAZ.DEFAULT\EXTENSIONS\TRANSLATOR@ZOLI.BOD.XPI
[2011/12/29 23:35:57 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/10 18:03:57 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/19 10:41:07 | 000,002,424 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/23 01:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/08 23:14:24 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/27 16:39:52 | 000,442,074 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 15181 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {66D8FBA6-D90F-40A9-AC55-84896F79CA69} - No CLSID value found.
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll File not found
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll File not found
O3 - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\..\Toolbar\WebBrowser: (no name) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No CLSID value found.
O3 - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\..\Toolbar\WebBrowser: (no name) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - No CLSID value found.
O3 - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\..\Toolbar\WebBrowser: (no name) - {F8E689F4-E66C-41BE-8497-AD9556FBE439} - No CLSID value found.
O3 - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\..\Toolbar\WebBrowser: (no name) - {F92A9FE4-2850-4198-B9D5-279880E49B16} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppMon Utility] C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe (Sony Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [LXCTCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCTtime.DLL (Lexmark International Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Users\Paulina\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3480324843-968583205-3887086015-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3480324843-968583205-3887086015-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-21-3480324843-968583205-3887086015-1000..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3480324843-968583205-3887086015-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DD0AAF6-E346-40D7-8EB0-2AB35A8F172F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\datamngr.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Paulina\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Paulina\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2f3ac70a-cdfb-11db-a53c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{2f3ac70a-cdfb-11db-a53c-806e6f6e6963}\Shell\AutoRun\command - "" = ImagineFX11-5.exe
O33 - MountPoints2\{db5871b9-1cce-11e0-8835-001a8016dffe}\Shell\AutoRun\command - "" = H:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Users^Paulina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^fliptoast.lnk - - File not found
MsConfig - StartUpFolder: C:^Users^Paulina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe - (Thong Nguyen)
MsConfig - StartUpReg: BitTorrent - hkey= - key= - File not found
MsConfig - StartUpReg: iLike - hkey= - key= - File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/01/29 20:14:24 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Paulina\Desktop\OTL.exe
[2012/01/27 20:10:33 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Paulina\Desktop\dds.scr
[2012/01/27 19:41:52 | 000,185,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/01/27 19:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012/01/27 19:41:47 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012/01/27 19:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/27 19:40:46 | 000,000,000 | ---D | C] -- C:\Users\Paulina\AppData\Roaming\TestApp
[2012/01/27 19:39:51 | 003,834,832 | ---- | C] (PC Tools) -- C:\Users\Paulina\Desktop\romcake.exe
[2012/01/27 16:35:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/27 16:35:04 | 000,000,000 | ---D | C] -- C:\Users\Paulina\Desktop\Spybot - Search & Destroy
[2012/01/27 16:26:30 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Paulina\Desktop\romcom.exe
[2012/01/27 16:23:01 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/27 15:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/27 15:49:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/27 15:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/27 15:49:20 | 003,968,544 | ---- | C] (AVG Technologies) -- C:\Users\Paulina\Desktop\cake.exe
[2012/01/27 15:48:53 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Paulina\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/23 22:07:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/23 22:07:02 | 000,000,000 | ---D | C] -- C:\Users\Paulina\AppData\Local\Temp(153)
[2012/01/23 20:51:51 | 000,000,000 | ---D | C] -- C:\123123651
[2012/01/23 20:51:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/22 22:30:23 | 000,000,000 | ---D | C] -- C:\123
[2012/01/22 22:13:57 | 000,000,000 | ---D | C] -- C:\Users\Paulina\Desktop\RegGenie
[2012/01/22 02:49:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/01/22 02:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/01/21 22:03:40 | 000,000,000 | ---D | C] -- C:\Users\Paulina\Desktop\Malwarebytes' Anti-Malware
[2012/01/21 18:51:28 | 000,000,000 | ---D | C] -- C:\Users\Paulina\AppData\Roaming\Uniblue
[2012/01/21 18:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012/01/21 18:20:25 | 000,000,000 | ---D | C] -- C:\Users\Paulina\AppData\Roaming\Malwarebytes
[2012/01/21 18:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/21 17:17:40 | 000,000,000 | ---D | C] -- C:\Users\Paulina\Desktop\RK_Quarantine
[2012/01/21 17:12:33 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/01/21 14:44:20 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Corporation
[2012/01/21 14:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET(2)
[2012/01/21 14:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET(1)
[2012/01/19 00:41:25 | 000,000,000 | ---D | C] -- C:\Users\Paulina\Desktop\russia
[2012/01/14 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Paulina\Desktop\New Folder (2)
[2012/01/12 17:14:38 | 000,000,000 | ---D | C] -- C:\Users\Paulina\AppData\Roaming\BitTorrent
[2012/01/12 17:06:37 | 006,053,744 | ---- | C] (BitTorrent, Inc.) -- C:\Users\Paulina\Desktop\BitTorrent-7.6.exe
[2012/01/11 07:32:34 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012/01/11 07:32:31 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012/01/11 07:32:27 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012/01/11 07:32:03 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012/01/11 07:32:03 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012/01/09 01:21:40 | 000,000,000 | ---D | C] -- C:\Users\Paulina\Desktop\New Folder
[2012/01/02 01:13:47 | 000,000,000 | ---D | C] -- C:\Users\Paulina\Desktop\Vista Anti-Lag
[2012/01/02 01:13:47 | 000,000,000 | ---D | C] -- C:\Users\Paulina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vista Anti-Lag
[2012/01/02 01:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vista Anti-Lag
[2011/05/26 18:14:16 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2006/11/22 09:11:38 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxctih.exe
[2006/11/22 09:11:36 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxctcoms.exe
[2006/11/22 09:11:34 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxctcfg.exe
[2006/11/06 16:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll
[2006/11/06 16:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll
[2006/11/06 16:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll
[2006/11/06 16:26:14 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll
[2006/11/06 16:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll
[2006/11/06 16:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll
[2006/11/06 16:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll
[2006/11/06 16:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll
[2006/11/06 16:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll
[2006/11/06 16:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll
[2006/11/06 16:07:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/29 20:54:02 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BBD23F9F-20D7-4A4E-A368-7FF2BDD169E2}.job
[2012/01/29 20:44:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/29 20:44:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/29 20:14:32 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Paulina\Desktop\OTL.exe
[2012/01/29 19:52:05 | 000,608,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/29 19:52:05 | 000,108,268 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/29 19:50:27 | 001,270,973 | ---- | M] () -- C:\Users\Paulina\Desktop\C2.6_7c isotopes.pdf
[2012/01/29 03:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\RegSERVO.job
[2012/01/28 18:51:38 | 000,049,077 | ---- | M] () -- C:\Users\Paulina\AppData\Roaming\nvModes.001
[2012/01/28 18:43:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/28 18:43:51 | 221,067,714 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/28 16:32:50 | 000,049,077 | ---- | M] () -- C:\Users\Paulina\AppData\Roaming\nvModes.dat
[2012/01/27 20:10:55 | 000,294,216 | ---- | M] () -- C:\Users\Paulina\Desktop\gmer.zip
[2012/01/27 20:10:42 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Paulina\Desktop\dds.scr
[2012/01/27 19:45:41 | 002,051,207 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2012/01/27 19:40:47 | 003,834,832 | ---- | M] (PC Tools) -- C:\Users\Paulina\Desktop\romcake.exe
[2012/01/27 16:39:52 | 000,442,074 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/27 16:27:20 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Paulina\Desktop\romcom.exe
[2012/01/27 16:23:01 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2012/01/27 16:18:59 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/27 15:49:38 | 003,968,544 | ---- | M] (AVG Technologies) -- C:\Users\Paulina\Desktop\cake.exe
[2012/01/27 15:49:08 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Paulina\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/25 21:38:11 | 000,000,938 | ---- | M] () -- C:\Users\Paulina\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/24 18:37:11 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/24 16:58:43 | 000,000,552 | ---- | M] () -- C:\Users\Paulina\AppData\Local\d3d8caps.dat
[2012/01/22 03:02:13 | 004,521,984 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2012/01/21 18:51:21 | 000,001,356 | ---- | M] () -- C:\Users\Paulina\AppData\Local\d3d9caps.dat
[2012/01/21 16:34:47 | 000,001,993 | ---- | M] () -- C:\Users\Paulina\Desktop\Fix.zip
[2012/01/21 14:07:14 | 000,392,004 | ---- | M] () -- C:\Users\Paulina\Desktop\Leatrix Latency Fix_2.0.2.0.zip
[2012/01/19 16:43:05 | 000,061,472 | ---- | M] () -- C:\Users\Paulina\Desktop\dual.jpg
[2012/01/19 00:41:19 | 006,580,487 | ---- | M] () -- C:\Users\Paulina\Desktop\russia.zip
[2012/01/18 23:04:53 | 000,578,142 | ---- | M] () -- C:\Users\Paulina\Desktop\491019.jpg
[2012/01/18 00:50:24 | 000,442,094 | ---- | M] () -- C:\Users\Paulina\Desktop\gg.jpg
[2012/01/18 00:41:37 | 002,529,626 | ---- | M] () -- C:\Users\Paulina\Desktop\551764.jpg
[2012/01/18 00:41:08 | 000,124,335 | ---- | M] () -- C:\Users\Paulina\Desktop\Untitled.jpg
[2012/01/12 18:01:07 | 019,202,048 | ---- | M] () -- C:\Users\Paulina\Documents\noob.sai
[2012/01/12 17:56:16 | 021,073,936 | ---- | M] () -- C:\Users\Paulina\Desktop\vlc-1.1.11-win32.exe
[2012/01/12 17:07:10 | 006,053,744 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Paulina\Desktop\BitTorrent-7.6.exe
[2012/01/11 18:23:22 | 068,739,072 | ---- | M] () -- C:\Users\Paulina\Documents\OVER THERE!.sai
[2012/01/11 16:19:02 | 000,185,560 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTSD.sys
[2012/01/07 21:04:18 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2012/01/07 21:03:50 | 127,691,975 | ---- | M] () -- C:\Users\Paulina\Desktop\Windows6.0-KB947821-v15-x86.msu
[2012/01/02 14:31:27 | 047,032,527 | ---- | M] () -- C:\Users\Paulina\Desktop\glitter_and_bokeh_textures_by_eliseenchanted-d4kxfga.zip
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/29 19:50:17 | 001,270,973 | ---- | C] () -- C:\Users\Paulina\Desktop\C2.6_7c isotopes.pdf
[2012/01/27 20:11:20 | 000,302,592 | ---- | C] () -- C:\Users\Paulina\Desktop\gmer.exe
[2012/01/27 20:10:51 | 000,294,216 | ---- | C] () -- C:\Users\Paulina\Desktop\gmer.zip
[2012/01/27 19:42:24 | 002,051,207 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2012/01/27 15:49:55 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/24 18:37:11 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/24 16:58:43 | 000,000,552 | ---- | C] () -- C:\Users\Paulina\AppData\Local\d3d8caps.dat
[2012/01/21 16:34:44 | 000,001,993 | ---- | C] () -- C:\Users\Paulina\Desktop\Fix.zip
[2012/01/21 14:07:13 | 000,392,004 | ---- | C] () -- C:\Users\Paulina\Desktop\Leatrix Latency Fix_2.0.2.0.zip
[2012/01/19 16:43:05 | 000,061,472 | ---- | C] () -- C:\Users\Paulina\Desktop\dual.jpg
[2012/01/19 00:40:57 | 006,580,487 | ---- | C] () -- C:\Users\Paulina\Desktop\russia.zip
[2012/01/18 23:02:01 | 000,578,142 | ---- | C] () -- C:\Users\Paulina\Desktop\491019.jpg
[2012/01/18 00:46:05 | 000,442,094 | ---- | C] () -- C:\Users\Paulina\Desktop\gg.jpg
[2012/01/18 00:41:37 | 002,529,626 | ---- | C] () -- C:\Users\Paulina\Desktop\551764.jpg
[2012/01/18 00:37:15 | 000,124,335 | ---- | C] () -- C:\Users\Paulina\Desktop\Untitled.jpg
[2012/01/12 18:01:02 | 019,202,048 | ---- | C] () -- C:\Users\Paulina\Documents\noob.sai
[2012/01/12 17:55:21 | 021,073,936 | ---- | C] () -- C:\Users\Paulina\Desktop\vlc-1.1.11-win32.exe
[2012/01/10 01:17:44 | 068,739,072 | ---- | C] () -- C:\Users\Paulina\Documents\OVER THERE!.sai
[2012/01/08 04:00:51 | 221,067,714 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/07 21:04:18 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2012/01/07 20:55:30 | 127,691,975 | ---- | C] () -- C:\Users\Paulina\Desktop\Windows6.0-KB947821-v15-x86.msu
[2012/01/02 14:28:51 | 047,032,527 | ---- | C] () -- C:\Users\Paulina\Desktop\glitter_and_bokeh_textures_by_eliseenchanted-d4kxfga.zip
[2011/05/31 12:58:54 | 000,001,807 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2011/05/26 17:44:24 | 000,024,576 | ---- | C] () -- C:\Program Files\Lexmark 3500-4500 Series
[2011/03/27 18:19:28 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2011/02/11 21:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2011/02/03 11:15:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/02/03 11:15:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/01/24 03:16:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/09/24 20:04:18 | 000,001,264 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/09/24 20:04:18 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\E71EF0C823.sys
[2010/09/24 17:44:04 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/09/24 17:44:04 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5A9145D01A.sys
[2010/09/20 18:10:00 | 000,000,132 | ---- | C] () -- C:\Users\Paulina\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2010/09/20 18:09:05 | 000,000,132 | ---- | C] () -- C:\Users\Paulina\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010/08/29 11:50:03 | 000,000,132 | ---- | C] () -- C:\Users\Paulina\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/08/27 19:33:59 | 000,001,456 | ---- | C] () -- C:\Users\Paulina\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010/08/24 17:01:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/10 15:43:21 | 000,141,612 | ---- | C] () -- C:\Windows\System32\drivers\dump_wmimmc.sys
[2010/08/10 15:17:37 | 000,215,144 | R--- | C] () -- C:\Windows\patchw32.dll
[2010/08/10 15:16:02 | 000,215,144 | R--- | C] () -- C:\Windows\pw32a.dll
[2010/08/10 10:57:06 | 000,000,048 | ---- | C] () -- C:\Windows\WinInit.ini
[2010/08/10 09:30:27 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010/08/10 09:14:34 | 000,032,256 | ---- | C] () -- C:\Users\Paulina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/10 09:14:34 | 000,001,356 | ---- | C] () -- C:\Users\Paulina\AppData\Local\d3d9caps.dat
[2010/08/10 09:14:26 | 000,049,077 | ---- | C] () -- C:\Users\Paulina\AppData\Roaming\nvModes.dat
[2010/08/10 09:14:26 | 000,049,077 | ---- | C] () -- C:\Users\Paulina\AppData\Roaming\nvModes.001
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2007/07/26 19:13:01 | 000,000,031 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/07/12 20:02:46 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/07/12 19:59:38 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/03/09 05:38:06 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/03/09 05:31:35 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/03/09 05:29:41 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007/03/09 05:18:06 | 000,003,072 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006/11/13 09:30:54 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll
[2006/11/07 11:30:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll
[2006/11/02 19:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 003,685,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,608,760 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,108,268 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/06/20 13:40:14 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll
[2006/05/18 11:01:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll
[2006/05/03 14:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll
[2006/04/25 02:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2010/08/11 09:18:01 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/08/11 09:18:00 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/08/11 09:17:59 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/08/11 09:49:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/08/11 09:49:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/08/11 09:18:00 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 07:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/19 07:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 07:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 09:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 06:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Users\Paulina\Desktop\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 07:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Files - Unicode (All) ==========
[2011/11/27 00:27:07 | 000,000,000 | ---D | M](C:\Users\Paulina\Documents\?SHINee?) -- C:\Users\Paulina\Documents\♥SHINee♥
[2011/10/22 18:27:03 | 000,000,000 | ---D | C](C:\Users\Paulina\Documents\?SHINee?) -- C:\Users\Paulina\Documents\♥SHINee♥

========== Alternate Data Streams ==========

@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:DB803F20
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:C8B517A2
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1E01DE50
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:9D6EAEC3
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:8A26C97F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8C35AEA7
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:20 AM

Posted 29 January 2012 - 04:31 PM

Hi,

I'm not seeing any indication of malware either. Have you tried uninstalling and reinstalling Eset to see if that solves the issue?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:20 AM

Posted 06 February 2012 - 09:53 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users