Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple infections including MalwareCrush


  • This topic is locked This topic is locked
9 replies to this topic

#1 techmini

techmini

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 PM

Posted 06 June 2012 - 01:20 PM

A friend clicked on a link in a fake usps.com email. They started getting several rouge malware messages. After trying to reboot it would just go to a blank, black screen after POST. There was no XP splash screen. Using UBCD4Win I was able to boot into recovery console and run FixMBR to get going again. BTW this is Windows XP Home Edition Service Pack 3.

Now that the computer is up; it seems to be fine but I notice a couple items that make me think it might still be infected with some very nasty stuff. I currently have it running behind a pretty tight firewall and using OpenDNS with DHCP on a separate LAN. Hopefully that will stop most of the Malware from calling home.

First thing I noticed was while I had UBCD4Win DVD in the tray I ran a scan with Spybot-S&D. It found a couple minor things and MalwareCrush. Which, from the folder timestamp, looks like it has been on the computer since 2009.

Then, I booted into into the installed Windows and after logon it popped up with the security warning asking to run urlmon. Having not heard of a program called urlmon.exe I scanned it at VirusTotal.com and most of the detection engines identified a form of malware. I'll post the result URL as a reply to this shortly as I am currently booted in UBCD4Win and it is not allowing the HTTPS connection to get the scan result right now.

Finally, I noticed another program I didn't recognize in the Quick Launch bar called SMART_HDD. The shortcut pointed to "B:\UBCD4Win User Settings\Administrator\Application Data\XIHXODvsR5cF4Y.exe". Being a very suspicious location and name, I scanned that at Virus Total and most engines identified malware as well. I'll reply with result link to this as well.

I followed the Prep Guide but DDS locked up the computer so I only have the GMER ark.txt file attached.

Any advice on cleaning all the infections on this system are much appreciated.

Attached Files

  • Attached File  ark.txt   5.42KB   3 downloads


BC AdBot (Login to Remove)

 


#2 techmini

techmini
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 PM

Posted 06 June 2012 - 02:15 PM

URLMON result link.

SMART_HDD result link.


Thanks again for the assistance.

Edited by techmini, 06 June 2012 - 02:16 PM.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:12 PM

Posted 11 June 2012 - 07:45 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 techmini

techmini
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 PM

Posted 11 June 2012 - 09:56 AM

Myrti,

Thanks for the reply. Below are the OTL results.

The only thing that has changed since my original post is a strategy change. I suggested to my friend we wipe and reload the computer. Which they agreed.

This is a Sony VAIO VGC-V520G which comes with a VAIO Recovery Wizard. There is a 5.01GB partition at the start of the disk that has the factory images. I have created a Recovery Media Kit on DVD so I can reload windows. My biggest concern is that, as I understand this infection, Alureon is a bootkit that modified the MBR and created a 2MB partiton at the end of the disk. I assume the 2MB partion I see is from Alureon and not something Sony created. This model has special features such as built in television and remote control. I don't won't to break that functionality.

I have already run FixMBR (per my original post) which should have replaced the infected MBR. I suspect I can use Partition Magic to remove the 2MB partition and expand the C: partiton back to the end of the disk. I think I should then from a boot disk run FixMBR, just to make sure it is gone. Then without booting back into the corrupted partion, run the VAIO recovery from boot disc.

Please let me know how you think I should proceed.

OTL logfile created on: 6/11/2012 10:32:28 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\paula\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.79 Mb Total Physical Memory | 502.98 Mb Available Physical Memory | 49.18% Memory free
2.41 Gb Paging File | 1.98 Gb Available in Paging File | 82.37% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.87 Gb Total Space | 201.51 Gb Free Space | 88.43% Space Free | Partition Type: NTFS

Computer Name: 26DFCF9B362147C | User Name: paula | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/11 10:31:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\paula\Desktop\OTL.exe
PRC - [2012/04/09 17:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2010/09/02 08:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2010/08/09 15:25:36 | 000,885,216 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2009/06/24 14:38:28 | 000,107,816 | ---- | M] () -- C:\Program Files\Common Files\Search Protection\spHost.exe
PRC - [2009/01/30 22:57:05 | 000,261,120 | ---- | M] () -- C:\Program Files\Adobe Media Player\Adobe Media Player.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/19 15:14:42 | 000,258,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe
PRC - [2004/11/19 15:07:00 | 000,335,872 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe
PRC - [2004/11/19 14:12:14 | 000,139,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
PRC - [2004/11/11 20:42:58 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2004/11/11 20:42:58 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2004/11/11 20:42:58 | 000,073,728 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
PRC - [2004/11/11 20:42:56 | 000,278,528 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2004/10/21 20:25:52 | 000,192,512 | ---- | M] () -- C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe
PRC - [2004/10/17 01:48:34 | 000,122,880 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKServ.exe
PRC - [2004/10/15 23:49:34 | 000,401,408 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\HotKey Utility\HKWnd.exe
PRC - [2004/09/21 22:54:20 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 10:26:30 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\832196527f0497078f085eaf9189265f\System.Deployment.ni.dll
MOD - [2012/06/07 10:26:20 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/06/07 09:36:15 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/06/07 09:36:08 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\995fcf39ead2c2a53e084505c2c67d49\System.Windows.Forms.ni.dll
MOD - [2012/06/07 09:31:50 | 001,591,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\8ca00132a08c69697adf1cda32ebd835\System.Drawing.ni.dll
MOD - [2012/06/07 09:28:58 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/06/07 09:28:42 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/06/07 09:27:21 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/17 20:06:59 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_948752bb\mscorlib.dll
MOD - [2011/03/16 11:55:44 | 000,067,072 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Inkjet.Utilities\5.4.6.4__5cc7ad8abd921325\Inkjet.Utilities.dll
MOD - [2011/03/16 11:55:44 | 000,031,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Inkjet.Statistics\5.4.6.4__5cc7ad8abd921325\Inkjet.Statistics.dll
MOD - [2011/03/16 11:55:43 | 000,153,088 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Inkjet.Hardware\5.4.6.4__5cc7ad8abd921325\Inkjet.Hardware.dll
MOD - [2011/03/16 11:55:43 | 000,121,856 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.Localization\5.4.6.4__5cc7ad8abd921325\Inkjet.Localization.dll
MOD - [2011/03/16 11:55:43 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.Diagnostics\5.4.6.4__5cc7ad8abd921325\Inkjet.Diagnostics.dll
MOD - [2011/03/16 11:55:43 | 000,034,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.DeviceSettings\5.4.6.4__5cc7ad8abd921325\Inkjet.DeviceSettings.dll
MOD - [2011/03/16 11:55:41 | 000,058,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Inkjet.Automation\5.4.6.4__5cc7ad8abd921325\Inkjet.Automation.dll
MOD - [2011/02/28 18:37:32 | 000,180,624 | ---- | M] () -- C:\WINDOWS\system32\Primomonnt.dll
MOD - [2010/08/09 15:25:36 | 000,885,216 | ---- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
MOD - [2010/08/09 15:25:36 | 000,177,616 | ---- | M] () -- C:\Program Files\SelectRebates\SRebates.dll
MOD - [2009/06/24 14:38:28 | 000,107,816 | ---- | M] () -- C:\Program Files\Common Files\Search Protection\spHost.exe
MOD - [2009/01/30 22:57:05 | 000,261,120 | ---- | M] () -- C:\Program Files\Adobe Media Player\Adobe Media Player.exe
MOD - [2008/03/25 00:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005/06/28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
MOD - [2004/11/19 15:15:12 | 000,007,680 | ---- | M] () -- C:\Program Files\Sony\vaio entertainment\VzTaskSchedulerRsEventPs.dll
MOD - [2004/10/21 20:25:52 | 000,192,512 | ---- | M] () -- C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/04/12 15:37:59 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2010/09/13 17:18:32 | 000,308,656 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/06/24 14:38:28 | 000,107,816 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Search Protection\spHost.exe -- (SPHost)
SRV - [2004/11/19 15:07:00 | 000,335,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\vaio entertainment\VzTaskScheduler.exe -- (VAIO Entertainment Task Scheduler)
SRV - [2004/11/19 14:12:14 | 000,139,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe -- (VAIO Entertainment Aggregation and Control Service)
SRV - [2004/11/11 20:42:58 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2004/11/11 20:42:58 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2004/11/11 20:42:58 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2004/11/11 20:42:56 | 000,278,528 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2004/11/02 19:42:42 | 001,826,816 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2004/06/22 15:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2004/06/22 15:58:14 | 000,733,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2004/06/16 07:42:34 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2004/06/16 07:41:06 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2003/10/30 16:48:10 | 001,286,144 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2009/09/30 22:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/11/11 17:02:54 | 000,504,832 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\same.sys -- (same)
DRV - [2004/08/05 05:27:02 | 000,392,544 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ExpasAG.sys -- (LEX_AS_NIC_SERVICE_YNOS)
DRV - [2004/05/21 16:46:50 | 000,065,024 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2003/10/14 19:08:00 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/10/14 19:05:00 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/10/14 19:04:00 | 001,043,072 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/06/13 15:37:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2000/12/05 20:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {17712359-13c1-4fc3-bcd9-1201af814ef0} - C:\Program Files\AOL Search Toolbar\aolsearchtb.dll (AOL LLC)
IE - HKLM\..\URLSearchHook: {98572e47-b5fe-43de-9aea-492a1d3064cd} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&query={SearchTerms}&invocationType=tb50-ie-aolmailtb-chromesbox-en-us
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{F2788332-24A4-42A1-9746-626A3447C106}: "URL" = http://www.dogpile.com/rescuefctb/ws/redir?_iceUrl=true&qsrc=freecause&ourmark=1&qkw={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aol.com/?ncid=customie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=acm50mtmhpunauthgreeting
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=843&query={SearchTerms}&invocationType=tb50-ie-aolmailtb-chromesbox-en-us
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=62B46E9001CB77E13F286DCC&install_time=2010-10-30T03:20:23Z&src_id=11009&camp_id=861&tb_version=2.5.15000.521
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9D9CE7FC-A43F-4A81-AE25-3343D2480E7C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYF_en
IE - HKCU\..\SearchScopes\{9FCB2E71-A786-4843-8F16-EA0E74BEBBCD}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ222YYUS&apn_uid=32AD9672-1ADF-48BF-91D1-B711C83D87BD&apn_sauid=048899B9-5F92-4EFC-A69E-E4556DD4C887
IE - HKCU\..\SearchScopes\{E838D848-CB4E-4E4B-B328-B9B1A5687F66}: "URL" = http://www.yourfind.net/search.php?keyword={searchTerms}
IE - HKCU\..\SearchScopes\{F2788332-24A4-42A1-9746-626A3447C106}: "URL" = http://www.dogpile.com/rescuefctb/ws/redir?_iceUrl=true&qsrc=freecause&ourmark=1&qkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Search Protection Class) - {DEE1F01A-E6A8-4740-B420-3C521F234F74} - C:\Program Files\Common Files\Search Protection\sp.dll (AOL LLC ®)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O2 - BHO: (AOL Search Toolbar Loader) - {edf92137-1dfd-46e0-9c24-99abc0ae7be1} - C:\Program Files\AOL Search Toolbar\aolsearchtb.dll (AOL LLC)
O2 - BHO: (AOL Email Toolbar Loader) - {fbea8524-8c72-4208-9d12-7fb73e9926eb} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (ShopAtHome Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKLM\..\Toolbar: (AOL Email Toolbar) - {a3704fa3-dbf6-46b5-b95e-0677dfd39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (AOL Search Toolbar) - {d6050929-7dfc-44c9-a2f3-f12f57d779d6} - C:\Program Files\AOL Search Toolbar\aolsearchtb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome Toolbar) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Email Toolbar) - {A3704FA3-DBF6-46B5-B95E-0677DFD39577} - C:\Program Files\AOL Email Toolbar\aolmailtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Search Toolbar) - {D6050929-7DFC-44C9-A2F3-F12F57D779D6} - C:\Program Files\AOL Search Toolbar\aolsearchtb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKServ.exe (Sony Corporation)
O4 - HKLM..\Run: [huSDrJOAFErqkPM.exe] C:\Documents and Settings\All Users\Application Data\huSDrJOAFErqkPM.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VZRemoteCommander] C:\Program Files\Sony\VAIO Zone Remote Commander\AvRmtCtr.exe ()
O4 - HKCU..\Run: [AROReminder] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Recording Status.lnk = C:\Program Files\Sony\vaio entertainment\VzTrayIcon.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\paula\Start Menu\Programs\Startup\Adobe Media Player.lnk = C:\Program Files\Adobe Media Player\Adobe Media Player.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: &AOL Email Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL Email Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Manage Search Protection... - {B1C5B118-8240-47a6-AE84-103B05FB5AEF} - C:\Program Files\Common Files\Search Protection\spControl.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1202305881078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0B9D68A1-1B3F-4B04-ACB5-EE4FBC9A1423}: DhcpNameServer = 192.168.3.1
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\paula\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\paula\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {03A80B1D-5C6A-42c2-9DFB-81B6005D8023} - C:\Program Files\Trend Micro\Tmas\sshook.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{047ea2a9-62d6-11de-85ab-0011d8372574}\Shell - "" = AutoRun
O33 - MountPoints2\{047ea2a9-62d6-11de-85ab-0011d8372574}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{047ea2a9-62d6-11de-85ab-0011d8372574}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7759B395-8A2F-4A4D-9F7D-A9E8D64A3C22} - AOL Search Toolbar
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - AOL Toolbar
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{A90ECF75-1A37-4984-820B-2886290316F4} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/06/11 10:31:44 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\paula\Desktop\OTL.exe
[2012/06/08 23:13:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft Antimalware
[2012/06/08 04:31:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temporary Internet Files
[2012/06/08 04:31:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/06/07 16:16:20 | 000,000,000 | ---D | C] -- C:\WET
[2012/06/07 16:14:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\paula\Local Settings\Application Data\MigWiz
[2012/06/07 16:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Easy Transfer 7
[2012/06/07 10:48:39 | 000,000,000 | ---D | C] -- C:\FSTW
[2012/06/05 12:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\paula\Desktop\gmer
[2012/06/05 12:06:42 | 000,000,000 | ---D | C] -- C:\af6d7744964dd68f0ac0dea893fbedd8
[2012/06/05 05:51:01 | 000,000,000 | ---D | C] -- C:\TM_Files
[2012/06/04 10:00:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\paula\Recent
[2012/06/04 07:21:11 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/05/21 16:40:50 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\paula\Desktop\TDSSKiller.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/11 10:35:04 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DA11A304-7B88-412C-94BD-5B4AC2B269C9}.job
[2012/06/11 10:33:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/11 10:33:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{099CC86A-CDB0-40FE-BC49-05E74E072D05}.job
[2012/06/11 10:32:01 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/06/11 10:31:45 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\paula\Desktop\OTL.exe
[2012/06/11 10:29:01 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/06/11 10:19:37 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\paula\Start Menu\Programs\Startup\Adobe Media Player.lnk
[2012/06/11 10:19:25 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/06/11 10:19:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/11 10:19:22 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/11 10:19:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/11 10:19:06 | 1072,549,888 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/09 06:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/08 04:44:16 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2012/06/07 18:01:21 | 000,002,391 | ---- | M] () -- C:\Documents and Settings\paula\Desktop\InstalledPrograms.zip
[2012/06/07 15:41:11 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\paula\Local Settings\Application Data\FASTWiz.html
[2012/06/07 15:41:11 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\paula\Local Settings\Application Data\FASTApp.html
[2012/06/07 15:24:33 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\paula\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/07 09:35:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\VAIOUpdt.INI
[2012/06/07 09:32:35 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/07 09:31:34 | 000,000,217 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2012/06/07 09:27:59 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/07 09:27:59 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/05 12:15:46 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/05 10:17:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\paula\defogger_reenable
[2012/06/05 05:57:42 | 000,294,216 | ---- | M] () -- C:\Documents and Settings\paula\Desktop\gmer.zip
[2012/06/02 15:19:44 | 000,022,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/06/02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/06/02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/06/02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdm.dll
[2012/06/02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cdm.dll
[2012/06/02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/06/02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/06/02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/06/02 15:19:34 | 000,015,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/06/02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/06/02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/06/02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012/06/02 15:18:58 | 000,017,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\paula\Desktop\TDSSKiller.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/09 01:25:05 | 1072,549,888 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/07 18:02:23 | 000,002,391 | ---- | C] () -- C:\Documents and Settings\paula\Desktop\InstalledPrograms.zip
[2012/06/07 16:09:54 | 000,001,673 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Easy Transfer for Windows 7.lnk
[2012/06/07 15:41:00 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\paula\Local Settings\Application Data\FASTWiz.html
[2012/06/07 15:24:18 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\paula\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/07 10:49:23 | 000,000,728 | ---- | C] () -- C:\Documents and Settings\paula\Local Settings\Application Data\FASTApp.html
[2012/06/07 09:35:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2012/06/05 12:26:22 | 000,294,216 | ---- | C] () -- C:\Documents and Settings\paula\Desktop\gmer.zip
[2012/06/05 10:17:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\paula\defogger_reenable
[2012/04/22 22:12:06 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-XIHXODvsR5cF4Yr
[2012/04/22 22:12:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\-XIHXODvsR5cF4Y
[2012/04/22 22:11:59 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\XIHXODvsR5cF4Y
[2012/02/17 00:22:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/13 18:10:25 | 000,180,624 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/11/10 19:46:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/10 00:03:48 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

< End of report >



OTL Extras logfile created on: 6/11/2012 10:32:28 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\paula\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.79 Mb Total Physical Memory | 502.98 Mb Available Physical Memory | 49.18% Memory free
2.41 Gb Paging File | 1.98 Gb Available in Paging File | 82.37% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 227.87 Gb Total Space | 201.51 Gb Free Space | 88.43% Space Free | Partition Type: NTFS

Computer Name: 26DFCF9B362147C | User Name: paula | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"5353:UDP" = 5353:UDP:*:Enabled:Bonjour Port 5353

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\1128713438\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1128713438\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\1128713438\ee\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1128713438\ee\AOLServiceHost.exe:*:Enabled:AOL Services
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe" = C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe:*:Enabled:Vcsw -- (Sony Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless Utility
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{169C78C0-8C32-4CA1-9602-D8E998ECE96A}" = VAIO Original Screen Saver VAIO Scene HD Wide Contents
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A91D1FA-B9B3-4556-9878-5C61059A19B2}" = InterVideo WinDVDX
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1CA2E5E4-F4FE-44B4-95E9-77523FB95838}" = EPSON Stylus Photo RX580 Scanner Driver Update
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 3.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 29
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{48B41C3A-9A92-4B81-B653-C97FEB85C910}" = C4USelfUpdater
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5A9AA2C0-972F-4239-AA41-E409434194D5}" = MobileMe Control Panel
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari
"{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 3.1
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 2.1.02
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 3.1
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.02 Menu Data
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A43F939E-A863-433D-AC78-0897E44CFEB2}" = VAIO Launcher
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{BB311F54-39D6-4A03-8E18-053D1B2833D7}" = HotKey Utility
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 1.4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CABCF31E-3FC7-4087-B35E-1CF868BF1EE5}" = VAIO Lithograph Wallpaper
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D36B1F7D-3B51-4DBC-A4AE-F25B06DF2AD1}" = VAIO Control Center
"{D433ABC3-0CD8-4BB0-B6A9-84501B4B47B7}" = ArcSoft PhotoImpression 5
"{D917FD82-6CE5-489A-AAF8-C701AAC85C4D}" = VAIO Entertainment Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DA7ECDA9-C6DD-4E4A-8EB8-9899E08C6740}" = SonicStage MP3 Add-on program
"{DC6E3CD5-A93D-44EA-85AE-894C1603B7E2}" = VAIO TV Tuner Library 1.3
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E09E82C3-6C4D-45B0-8790-BBBEE39F1A3C}" = VAIO Zone Remote Commander
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.3.01
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED8D39F2-7FFA-45EC-B148-EF2472955BB4}" = VAIO Zone
"{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FCCB0B43-7A6D-49A4-A5B3-B10F592F4EB6}" = LAN-Express AS IEEE 802.11 Wireless LAN
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"alotToolbar" = ALOT Toolbar
"AOL Email Toolbar" = AOL Email Toolbar
"AOL Search Toolbar" = AOL Search Toolbar
"AOL Toolbar" = AOL Toolbar
"ARO 2012_is1" = ARO 2012
"CNXT_MODEM_PCI_VEN_8086&DEV_24D6&SUBSYS_816F104D" = SoftV92 Data Fax Modem
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"EasyCleaner" = EasyCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{6F1974D6-4249-43B6-88B0-9A9B8A33956C}" = OpenMG Secure Module 4.0.00
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.0-04-06-21-01" = OpenMG Limited Patch 4.0-04-08-02-01
"PCFriendly" = PCFriendly
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Search Protection" = Search Protection
"SelectRebatesUninstall" = ShopAtHome SelectRebates
"Silent Package Run-Time Sample" = EPSON Stylus Photo RX580 User's Guide
"Snapshot Viewer" = Snapshot Viewer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Welcome to VAIO life" = Welcome to VAIO life
"WET7Cable" = Windows Easy Transfer for Windows 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"AOL Toolbar" = AOL Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/7/2012 9:23:00 AM | Computer Name = 26DFCF9B362147C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/7/2012 9:23:00 AM | Computer Name = 26DFCF9B362147C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 52467672

Error - 6/7/2012 9:23:00 AM | Computer Name = 26DFCF9B362147C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 52467672

Error - 6/7/2012 2:24:11 PM | Computer Name = 26DFCF9B362147C | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft Office 2000 Premium -- Error 1706. No valid source
could be found for product Microsoft Office 2000 Premium. The Windows installer
cannot continue.

Error - 6/9/2012 5:41:46 AM | Computer Name = 26DFCF9B362147C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/9/2012 5:41:46 AM | Computer Name = 26DFCF9B362147C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 13265594

Error - 6/9/2012 5:41:46 AM | Computer Name = 26DFCF9B362147C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13265594

Error - 6/9/2012 11:35:12 AM | Computer Name = 26DFCF9B362147C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 6/9/2012 11:35:12 AM | Computer Name = 26DFCF9B362147C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 19841750

Error - 6/9/2012 11:35:12 AM | Computer Name = 26DFCF9B362147C | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 19841750

[ System Events ]
Error - 4/20/2012 10:06:22 AM | Computer Name = 26DFCF9B362147C | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.5 on
the Network Card with network address 0011D8372574.

Error - 6/4/2012 9:54:20 AM | Computer Name = 26DFCF9B362147C | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.5 on
the Network Card with network address 0011D8372574.

Error - 6/4/2012 9:54:29 AM | Computer Name = 26DFCF9B362147C | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/4/2012 9:54:29 AM | Computer Name = 26DFCF9B362147C | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/4/2012 9:56:57 AM | Computer Name = 26DFCF9B362147C | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 6/4/2012 9:57:11 AM | Computer Name = 26DFCF9B362147C | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 6/5/2012 12:00:50 PM | Computer Name = 26DFCF9B362147C | Source = DCOM | ID = 10010
Description = The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register
with DCOM within the required timeout.

Error - 6/7/2012 10:43:02 AM | Computer Name = 26DFCF9B362147C | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC000000D'
while processing the file 'minint' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.

Error - 6/8/2012 11:45:30 PM | Computer Name = 26DFCF9B362147C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/8/2012 11:45:59 PM | Computer Name = 26DFCF9B362147C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >




#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:12 PM

Posted 11 June 2012 - 10:32 AM

Hi,

where are you seeing that partition? If you did a factory reset, you should be good and no longer infected.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 techmini

techmini
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 PM

Posted 12 June 2012 - 12:42 AM

Myrti,

See if this helps.


DISKPART> list disk

  Disk ###  Status      Size     Free     Dyn  Gpt
  --------  ----------  -------  -------  ---  ---
  Disk 0    Online       233 GB      0 B

DISKPART> select disk 0

Disk 0 is now the selected disk.

DISKPART> list partition

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    OEM               5130 MB    32 KB
  Partition 2    Primary            228 GB  5130 MB
  Partition 3    Unknown           2544 KB   233 GB



#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:12 PM

Posted 12 June 2012 - 08:38 AM

Hi,

yes that looks like TDL4. Since it is not the active partition, i think you should be able to simply delete it. You don't need to delete it though, since it's already deactivated and can't reactivate itself.

You can, after you delete it, expand the primary partition. However this as well is not necessary and will only have you gain 2MB. TDL4 does not shrink your current partition, but simply installs itself into unused/unpartitioned space, wich is what you had at the end of your drive before the infection.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 techmini

techmini
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 PM

Posted 13 June 2012 - 12:24 PM

Myrti,

So here is my plan.

  • Run partition magic
    • Delete the 2MB partition at the end
    • Delete the current C: partition
    • Create new partition for clean windows install
  • From Recovery Console run FixMBR to make sure infected boot record is gone
  • Run Sony Recover
After all that is done, what is the best way to ensure there is nothing left behind?

Edited by techmini, 13 June 2012 - 12:25 PM.


#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:12 PM

Posted 14 June 2012 - 11:14 AM

Hi,

you should be safe then. The infection right now is not active so you should not have any interference. If you don't get the small partition recreated, then the infection isn't there.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:10:12 PM

Posted 25 July 2012 - 05:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users