Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Combo Fix Mistake


  • Please log in to reply
30 replies to this topic

#1 BXTALE14

BXTALE14

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:11:35 PM

Posted 20 July 2014 - 10:46 PM

I'm new here and I'm really frustrated with my labtop. Earlier today, I downloaded Comb Fix to remove a virus on my labtop and then after I completed that I used Malwarebytes program now I'm noticing alot of the files on my desktop are gone and I keep getting a pop-up box saying Microsoft.NET Framework...no endpoint ya yay ya crap. I know I shouldn't have downloaded that Combo Fix, now they've erased my bleep...wtf! Grr..Can someone help me?!?


Edited by Orange Blossom, 21 July 2014 - 10:57 PM.
Moved from Win 7 to Gen Security - Hamluis./ Moving to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:35 AM

Posted 21 July 2014 - 12:30 PM

Please post the exact NET Framework error you are getting or post a screenshot so we can provide more help. Also are you sure it was CF and not something Malwarebytes removed that caused the issue?

Finally, you state there are missing programs. Which programs are missing?

On your C:\ drive is a file called ComboFix.txt. Please post the contents of that file as a reply as well.

Thanks

#3 BXTALE14

BXTALE14
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:11:35 PM

Posted 21 July 2014 - 05:19 PM

Here'e the ComboFix.txt

 

ComboFix 14-07-20.02 - pawnmart 02/15/2014   5:40.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3758.2970 [GMT -5:00]
Running from: c:\users\pawnmart\Downloads\ComboFix.exe
AV: Norton AntiVirus *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Norton AntiVirus *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FilmFanatic
c:\program files (x86)\FilmFanatic\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\FilmFanatic\bar\1.bin\chrome\paffxtbr.jar
c:\program files (x86)\FilmFanatic\bar\1.bin\INSTALL.RDF
c:\program files (x86)\FilmFanatic\bar\1.bin\LOGO.BMP
c:\program files (x86)\FilmFanatic\bar\1.bin\NPpaStub.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\paauxstb.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\pabar.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\pabarsvc.exe
c:\program files (x86)\FilmFanatic\bar\1.bin\pabrmon.exe
c:\program files (x86)\FilmFanatic\bar\1.bin\pabrstub.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\padatact.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\padlghk.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\padyn.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\pafeedmg.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\pahighin.exe
c:\program files (x86)\FilmFanatic\bar\1.bin\pahtml.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\pahtmlmu.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\pahttpct.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\paidle.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\paieovr.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\paimpipe.exe
c:\program files (x86)\FilmFanatic\bar\1.bin\pamedint.exe
c:\program files (x86)\FilmFanatic\bar\1.bin\pamlbtn.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\pamsg.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\paPlugin.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\paradio.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\paregfft.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\paregiet.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\pascript.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\paskin.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\paskplay.exe
c:\program files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\patpinst.dll
c:\program files (x86)\FilmFanatic\bar\1.bin\pauabtn.dll
c:\program files (x86)\FilmFanatic\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\FilmFanatic\bar\Message\COMMON.T8S
c:\program files (x86)\FilmFanatic\bar\Settings\s_pid.dat
c:\program files (x86)\FilmFanaticEI
c:\program files (x86)\FunWebProducts
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\program files (x86)\Shop to Win
c:\program files (x86)\Shop to Win\InstallNotifier.exe
c:\program files (x86)\Shop to Win\unins000.dat
c:\program files (x86)\Shop to Win\unins000.exe
c:\program files (x86)\StartNow Toolbar
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_images.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_news.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files (x86)\StartNow Toolbar\Resources\images\engine_web.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_games.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files (x86)\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files (x86)\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files (x86)\StartNow Toolbar\Resources\installer.xml
c:\program files (x86)\StartNow Toolbar\Resources\protect\index.html
c:\program files (x86)\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.css
c:\program files (x86)\StartNow Toolbar\Resources\protect\window.js
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\index.html
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.css
c:\program files (x86)\StartNow Toolbar\Resources\reactivate\window.js
c:\program files (x86)\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\separator.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\splitter.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files (x86)\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files (x86)\StartNow Toolbar\Resources\toolbar.xml
c:\program files (x86)\StartNow Toolbar\Resources\update.xml
c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
c:\program files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files (x86)\StartNow Toolbar\uninstall.dat
c:\program files (x86)\TelevisionFanatic
c:\program files (x86)\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64auxstb.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64bar.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64barsvc.exe
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64brmon.exe
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64brstub.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64datact.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64dlghk.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64dyn.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64feedmg.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64highin.exe
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64html.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64htmlmu.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64httpct.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64idle.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64impipe.exe
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64medint.exe
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64mlbtn.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64msg.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64Plugin.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64radio.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64regfft.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64regiet.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64script.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64skin.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64skplay.exe
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64SrcAs.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64tpinst.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\64uabtn.dll
c:\program files (x86)\TelevisionFanatic\bar\2.bin\CHROME.MANIFEST
c:\program files (x86)\TelevisionFanatic\bar\2.bin\chrome\64ffxtbr.jar
c:\program files (x86)\TelevisionFanatic\bar\2.bin\INSTALL.RDF
c:\program files (x86)\TelevisionFanatic\bar\2.bin\LOGO.BMP
c:\program files (x86)\TelevisionFanatic\bar\2.bin\NP64Stub.dll
c:\program files (x86)\TelevisionFanatic\bar\Message\COMMON.T8S
c:\program files (x86)\TelevisionFanatic\bar\Settings\s_pid.dat
c:\program files (x86)\TelevisionFanaticEI
c:\programdata\JFTBGnQNMMjUDXg.exe
c:\programdata\Roaming
c:\programdata\SPL1D44.tmp
c:\programdata\SPL44F9.tmp
c:\programdata\SPL61F.tmp
c:\programdata\SPL85F1.tmp
c:\programdata\SPLCAAC.tmp
c:\users\ladyE\AppData\Local\CrashDumps\Broadcom\sezaspxj.dll
c:\users\ladyE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
c:\users\ladyE\AppData\Roaming\result.db
c:\users\ladyE\Desktop\System Repair.lnk
c:\users\ladyE\Documents\~WRL0003.tmp
c:\users\ladyE\Documents\~WRL0004.tmp
c:\users\ladyE\Documents\~WRL3849.tmp
c:\users\ladyE\Favorites\_favdata.dat
c:\users\ladyE\Uninstall.exe
c:\users\pawnmart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Repair.lnk
c:\users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
c:\users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair\System Repair.lnk
c:\users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair\Uninstall System Repair.lnk
c:\users\pawnmart\Desktop\System Repair.lnk
c:\windows\security\Database\tmp.edb
c:\windows\svchost.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_FilmFanaticService
-------\Service_TelevisionFanaticService
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
(((((((((((((((((((((((((   Files Created from 2014-01-15 to 2014-02-15  )))))))))))))))))))))))))))))))
.
.
2014-02-15 11:08 . 2014-02-15 11:08 -------- d-----w- c:\users\pawnmart\AppData\Local\Eastman_Kodak_Company
2014-02-15 11:08 . 2014-02-15 11:08 -------- d-----w- c:\users\pawnmart\AppData\Local\Eastman Kodak Company
2014-02-15 11:03 . 2014-02-15 11:03 -------- d-----w- c:\users\ladyE\AppData\Local\temp
2014-02-15 11:03 . 2014-02-15 11:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-15 11:03 . 2014-02-15 11:03 -------- d-----w- c:\users\boinc_master\AppData\Local\temp
2014-02-15 10:29 . 2014-02-15 10:29 -------- d-----w- c:\users\pawnmart\AppData\Local\Google
2014-02-15 10:28 . 2014-02-15 10:28 -------- d-----w- c:\users\pawnmart\AppData\Local\ElevatedDiagnostics
2014-02-15 10:10 . 2014-02-15 10:10 -------- d-----w- c:\users\pawnmart\AppData\Local\Apple
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-01 21:36 . 2013-06-01 21:36 4167680 ---ha-w- c:\program files (x86)\GUTFC87.tmp
2013-06-01 21:34 . 2013-06-01 21:34 4167680 ---ha-w- c:\program files (x86)\GUT2AA9.tmp
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0095C290-A428-4BDD-B98C-E0A116F1C702}]
2010-12-29 18:20 14432 ---ha-w- c:\program files (x86)\Shop to Win 9\Shop to Win 9.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1e91a655-bb4b-4693-a05e-2edebc4c9d89}]
2012-01-03 19:20 693648 ---ha-w- c:\progra~2\MAPSGA~2\bar\1.bin\39bar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{574be437-25ae-4010-a53e-8c63b6ae02ff}]
2011-06-24 11:24 81920 ---ha-w- c:\program files (x86)\oovootoolbar\vmntemplateX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{71c1d63a-c944-428a-a5bd-ba513190e5d2}]
2012-01-03 19:20 62864 ---ha-w- c:\program files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
2011-10-05 02:30 832680 ---ha-w- c:\progra~2\REBATE~1\RebateI.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2013-01-24 19:18 1521800 ---ha-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{574be437-25ae-4010-a53e-8c63b6ae02ff}"= "c:\program files (x86)\oovootoolbar\vmntemplateX.dll" [2011-06-24 81920]
"{364ea597-e728-4ce4-bb4a-ed846ef47970}"= "c:\program files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll" [2012-01-03 693648]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2013-01-24 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{574be437-25ae-4010-a53e-8c63b6ae02ff}]
.
[HKEY_CLASSES_ROOT\clsid\{364ea597-e728-4ce4-bb4a-ed846ef47970}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"boincmgr"="c:\program files (x86)\BOINC\boincmgr.exe" [2010-05-27 4543232]
"boinctray"="c:\program files (x86)\BOINC\boinctray.exe" [2010-05-27 58112]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408]
"Lexmark Pro800-Pro900 Series"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\fm3032.exe" [2011-01-23 316072]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-11-01 593920]
"MapsGalaxy Search Scope Monitor"="c:\progra~2\MAPSGA~2\bar\1.bin\39srchmn.exe" [2012-01-03 42536]
"MapsGalaxy_39 Browser Plugin Loader"="c:\progra~2\MAPSGA~2\bar\1.bin\39brmon.exe" [2012-01-03 30096]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2013-01-24 1646216]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"NACAgentUI"="c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe" [2010-07-09 487680]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys;c:\windows\SYSNATIVE\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys;c:\windows\SYSNATIVE\DRIVERS\htcnprot.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [x]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAVx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1309010.00E\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAVx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1309010.00E\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.1.8\Definitions\BASHDefs\20120413.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.1.8\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [x]
S1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NAVx64\1309010.00E\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.1.8\Definitions\IPSDefs\20120426.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.6.1.8\Definitions\IPSDefs\20120426.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAVx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NAVx64\1309010.00E\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NAVx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NAVx64\1309010.00E\SYMNETS.SYS [x]
S2 BOINC;WORLDC~1|World Community Grid;c:\program files (x86)\BOINC\boinc.exe;c:\program files (x86)\BOINC\boinc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [x]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe;c:\windows\SYSNATIVE\lxeccoms.exe [x]
S2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\\lxecserv.exe [x]
S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~2\MAPSGA~2\bar\1.bin\39barsvc.exe;c:\progra~2\MAPSGA~2\bar\1.bin\39barsvc.exe [x]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [x]
S2 NAV;Norton AntiVirus;c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys;c:\windows\SYSNATIVE\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys;c:\windows\SYSNATIVE\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe;c:\program files\Sony\VAIO Power Management\SPMService.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys;c:\windows\SYSNATIVE\drivers\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RASACD
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-03 20:18 1607120 ---ha-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-24 04:05]
.
2013-02-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-457658412-4022283623-3167705424-1005Core.job
- c:\users\ladyE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 22:39]
.
2013-09-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-457658412-4022283623-3167705424-1005UA.job
- c:\users\ladyE\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-18 22:39]
.
2014-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 11:27]
.
2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 11:27]
.
2013-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-457658412-4022283623-3167705424-1005Core.job
- c:\users\ladyE\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 17:08]
.
2013-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-457658412-4022283623-3167705424-1005UA.job
- c:\users\ladyE\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-02 17:08]
.
2013-02-08 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\Registry Mechanic\RegMech.exe [2011-01-20 13:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-23 148280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-01 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-01 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-01 417560]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezGOSvc
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80197&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80197
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - c:\progra~2\REBATE~1\RebateI.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{56E4076B-A42B-4745-BA35-34DA8AC4C2F2} - c:\program files (x86)\EpicPlay\epicPlayGames.dll
BHO-{5d79f641-c168-40df-a32f-bacea7509e75} - c:\program files (x86)\TelevisionFanatic\bar\2.bin\64SrcAs.dll
BHO-{631acb68-57c3-48af-9cc5-fcec0837ffd3} - c:\progra~2\FILMFA~2\bar\1.bin\pabar.dll
BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-{cb41fc95-f1b3-4797-8bb6-1012ff62abba} - c:\progra~2\TELEVI~2\bar\2.bin\64bar.dll
BHO-{d5e9b421-c309-41de-9014-800a2adcdeb0} - c:\program files (x86)\FilmFanatic\bar\1.bin\paSrcAs.dll
Toolbar-{c98d5b61-b0ea-4d48-9839-1079d352d880} - c:\program files (x86)\TelevisionFanatic\bar\2.bin\64bar.dll
Toolbar-{0b84b4b4-8af8-4f1f-91fe-074a666f6425} - c:\program files (x86)\FilmFanatic\bar\1.bin\pabar.dll
Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F} - c:\program files (x86)\StartNow Toolbar\Toolbar32.dll
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Wow6432Node-HKLM-Run-TelevisionFanatic Browser Plugin Loader - c:\progra~2\TELEVI~2\bar\2.bin\64brmon.exe
Wow6432Node-HKLM-Run-FilmFanatic Browser Plugin Loader - c:\progra~2\FILMFA~2\bar\1.bin\pabrmon.exe
Wow6432Node-HKLM-Run-StartNowToolbarHelper - c:\program files (x86)\StartNow Toolbar\ToolbarHelper.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-JFTBGnQNMMjUDXg.exe - c:\programdata\JFTBGnQNMMjUDXg.exe
Wow6432Node-HKU-Default-Run-Broadcom - c:\users\ladyE\AppData\Local\CrashDumps\Broadcom\sezaspxj.dll
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Amazon MP3 Downloader - c:\users\ladyE\Uninstall.exe
AddRemove-StartNow Toolbar - c:\program files (x86)\StartNow Toolbar\StartNowToolbarUninstall.exe
AddRemove-{F5FB599D-2C5C-4A5F-B8CD-9B7AAD13F80A}_is1 - c:\program files (x86)\Shop To Win\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAV]
"ImagePath"="\"c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files (x86)\Norton AntiVirus\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{C98D5B61-B0EA-4D48-9839-1079D352D880}"=hex:51,66,7a,6c,4c,1d,38,12,0f,58,9e,
   cd,d8,fe,26,08,e7,2f,53,39,d6,0c,9c,94
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}"=hex:51,66,7a,6c,4c,1d,38,12,62,ab,04,
   14,3b,21,26,00,d7,5b,ae,96,a9,cb,61,e4
"{D7E97865-918F-41E4-9CD0-25AB1C574CE8}"=hex:51,66,7a,6c,4c,1d,38,12,0b,7b,fa,
   d3,bd,df,8a,04,e3,c6,66,eb,19,09,08,fc
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=hex:51,66,7a,6c,4c,1d,38,12,84,00,2b,
   4f,02,1c,ad,08,d8,ea,70,23,8a,63,71,56
"{0B84B4B4-8AF8-4F1F-91FE-074A666F6425}"=hex:51,66,7a,6c,4c,1d,38,12,da,b7,97,
   0f,ca,c4,71,0a,ee,e8,44,0a,63,31,20,31
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
   eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{574BE437-25AE-4010-A53E-8C63B6AE02FF}"=hex:51,66,7a,6c,4c,1d,38,12,59,e7,58,
   53,9c,6b,7e,05,da,28,cf,23,b3,f0,46,eb
"{5911488E-9D1E-40EC-8CBB-06B231CC153F}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4b,02,
   5d,2c,d3,82,05,f3,ad,45,f2,34,92,51,2b
"{364EA597-E728-4CE4-BB4A-ED846EF47970}"=hex:51,66,7a,6c,4c,1d,38,12,f9,a6,5d,
   32,1a,a9,8a,09,c4,5c,ae,c4,6b,aa,3d,64
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
   27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
   d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{0095C290-A428-4BDD-B98C-E0A116F1C702}"=hex:51,66,7a,6c,4c,1d,38,12,fe,c1,86,
   04,1a,ea,b3,0e,c6,9a,a3,e1,13,af,83,16
"{02478D38-C3F9-4EFB-9B51-7695ECA05670}"=hex:51,66,7a,6c,4c,1d,38,12,56,8e,54,
   06,cb,8d,95,0b,e4,47,35,d5,e9,fe,12,64
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}"=hex:51,66,7a,6c,4c,1d,38,12,9e,08,a1,
   18,9c,f5,c9,05,ec,e2,27,75,fa,63,40,05
"{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}"=hex:51,66,7a,6c,4c,1d,38,12,3b,a5,82,
   1a,79,f5,fd,03,df,48,6d,9e,b9,12,d9,9d
"{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}"=hex:51,66,7a,6c,4c,1d,38,12,05,04,f7,
   52,19,ea,2b,02,c5,23,77,9a,8f,9a,86,e6
"{5D79F641-C168-40DF-A32F-BACEA7509E75}"=hex:51,66,7a,6c,4c,1d,38,12,2f,f5,6a,
   59,5a,8f,b1,05,dc,39,f9,8e,a2,0e,da,61
"{631ACB68-57C3-48AF-9CC5-FCEC0837FFD3}"=hex:51,66,7a,6c,4c,1d,38,12,06,c8,09,
   67,f1,19,c1,0d,e3,d3,bf,ac,0d,69,bb,c7
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
   69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{6E13D095-45C3-4271-9475-F3B48227DD9F}"=hex:51,66,7a,6c,4c,1d,38,12,fb,d3,00,
   6a,f1,0b,1f,07,eb,63,b0,f4,87,79,99,8b
"{71C1D63A-C944-428A-A5BD-BA513190E5D2}"=hex:51,66,7a,6c,4c,1d,38,12,54,d5,d2,
   75,76,87,e4,07,da,ab,f9,11,34,ce,a1,c6
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
   72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
   ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{CB41FC95-F1B3-4797-8BB6-1012FF62ABBA}"=hex:51,66,7a,6c,4c,1d,38,12,fb,ff,52,
   cf,81,bf,f9,02,f4,a0,53,52,fa,3c,ef,ae
"{CCB69577-088B-4004-9ED8-FF5BCC83A039}"=hex:51,66,7a,6c,4c,1d,38,12,19,96,a5,
   c8,b9,46,6a,05,e1,ce,bc,1b,c9,dd,e4,2d
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}"=hex:51,66,7a,6c,4c,1d,38,12,7e,e6,d6,
   d6,5f,f0,a2,07,e0,77,a7,b9,3c,59,c0,60
"{D3D233D5-9F6D-436C-B6C7-E63F77503B30}"=hex:51,66,7a,6c,4c,1d,38,12,bb,30,c1,
   d7,5f,d1,02,06,c9,d1,a5,7f,72,0e,7f,24
"{D5E9B421-C309-41DE-9014-800A2ADCDEB0}"=hex:51,66,7a,6c,4c,1d,38,12,4f,b7,fa,
   d1,3b,8d,b0,04,ef,02,c3,4a,2f,82,9a,a4
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}"=hex:51,66,7a,6c,4c,1d,38,12,cf,4e,be,
   f9,90,2f,b6,0a,e3,01,c5,b7,a9,7a,14,95
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:4c,f6,eb,35,9f,7a,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\DDNi\Oasis\VAIO Messenger.exe
.
**************************************************************************
.
Completion time: 2014-02-15  06:34:55 - machine was rebooted
ComboFix-quarantined-files.txt  2014-02-15 11:34
.
Pre-Run: 192,782,774,272 bytes free
Post-Run: 200,313,163,776 bytes free
.
- - End Of File - - D81F3737A0B0974B3487912C90C5CBE3


#4 BXTALE14

BXTALE14
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:11:35 PM

Posted 21 July 2014 - 05:32 PM

I'm not sure what took it off but I started ComboFix first then Malware. Like when I don't see anything like control panel etc. I just see Computer and then when I click all programs most of the programs are empty.

 

Here's the picture of NET Framework

 

photo3_zps7a30a7df.jpg

 

Programs 

 

photo5_zps98c4e4fb.jpg



#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:35 AM

Posted 22 July 2014 - 09:36 AM

I do not see anything deleted by CF that you would have wanted to keep. If you go into Malwarebytes are any of the missing programs listed in the quarantine?



#6 BXTALE14

BXTALE14
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:11:35 PM

Posted 22 July 2014 - 11:02 AM

Oh okay well this is what the Malware Quarantine 

 

photo1_zps1d75b26f.jpg



#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:35 AM

Posted 22 July 2014 - 11:08 AM

That is fine as well.  Are you sure there were icons under the Microsoft Office start menu folders? Do you have the icons for Word, Excel, etc listed under your start menu in another location?



#8 BXTALE14

BXTALE14
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:11:35 PM

Posted 23 July 2014 - 09:53 AM

They're were icons before but now its just empty folders.



#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:35 AM

Posted 23 July 2014 - 10:53 AM

Do you have the icons for Word, Excel, etc listed under your start menu in another location?



#10 BXTALE14

BXTALE14
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:11:35 PM

Posted 23 July 2014 - 11:32 AM

No, no icons just empty folders



#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:35 AM

Posted 23 July 2014 - 03:03 PM

Please download and run this batch file:

 

http://download.bleepingcomputer.com/bats/getinfo.bat

 

When it is done, it will open a Notepad window. Please post the contents of that notepad window as a reply to this topic.



#12 BXTALE14

BXTALE14
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:11:35 PM

Posted 24 July 2014 - 05:24 PM

All Users Start Menu 
 
 
 Volume in drive C has no label.
 Volume Serial Number is 2E8D-3DF0
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
02/15/2013  05:41 PM    <DIR>          Accessories
02/15/2013  05:41 PM    <DIR>          Administrative Tools
07/06/2011  03:45 PM               154 desktop.ini
02/15/2013  05:41 PM    <DIR>          Games
02/15/2013  05:41 PM    <DIR>          Intel
07/20/2014  10:18 PM    <DIR>          Main
02/15/2013  05:41 PM    <DIR>          Maintenance
07/24/2014  05:12 PM    <DIR>          Malwarebytes Anti-Malware
02/15/2013  05:41 PM    <DIR>          Norton AntiVirus
07/24/2014  05:12 PM    <DIR>          Skype
02/15/2013  05:41 PM    <DIR>          Startup
07/13/2010  02:20 PM    <DIR>          Tablet PC
07/20/2014  09:08 PM             1,141 VAIO Update.lnk
02/15/2013  05:41 PM    <DIR>          Windows Live
               2 File(s)          1,295 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
 
02/15/2013  05:41 PM    <DIR>          .
02/15/2013  05:41 PM    <DIR>          ..
02/15/2013  05:41 PM    <DIR>          Accessibility
02/15/2013  05:41 PM    <DIR>          System Tools
02/15/2013  05:41 PM    <DIR>          Tablet PC
02/15/2013  05:41 PM    <DIR>          Windows PowerShell
               0 File(s)              0 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
 
02/15/2013  05:41 PM    <DIR>          .
02/15/2013  05:41 PM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
 
02/15/2013  05:41 PM    <DIR>          .
02/15/2013  05:41 PM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC
 
02/15/2013  05:41 PM    <DIR>          .
02/15/2013  05:41 PM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell
 
02/15/2013  05:41 PM    <DIR>          .
02/15/2013  05:41 PM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
 
02/15/2013  05:41 PM    <DIR>          .
02/15/2013  05:41 PM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
 
02/15/2013  05:41 PM    <DIR>          .
02/15/2013  05:41 PM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
 
02/15/2013  05:41 PM    <DIR>          .
02/15/2013  05:41 PM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Main
 
07/20/2014  10:18 PM    <DIR>          .
07/20/2014  10:18 PM    <DIR>          ..
07/24/2014  05:12 PM    <DIR>          Bravia
07/20/2014  10:18 PM               316 desktop.ini
07/24/2014  05:12 PM    <DIR>          Other
07/24/2014  05:12 PM    <DIR>          PlayStation Tools
               1 File(s)            316 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Main\Bravia
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
07/20/2014  10:18 PM               668 desktop.ini
07/20/2014  10:18 PM             2,281 MusicSearch.lnk
07/20/2014  10:18 PM             1,347 Remote Keyboard.lnk
               3 File(s)          4,296 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Main\Other
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
07/20/2014  10:18 PM               518 desktop.ini
07/20/2014  10:18 PM             1,347 Remote Keyboard.lnk
               2 File(s)          1,865 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Main\PlayStation Tools
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
07/20/2014  10:18 PM               556 desktop.ini
07/20/2014  10:18 PM             1,316 Remote Keyboard with PlayStation 3.lnk
               2 File(s)          1,872 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
 
02/15/2013  05:41 PM    <DIR>          .
02/15/2013  05:41 PM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
02/15/2014  07:43 AM             1,080 Malwarebytes Anti-Malware.lnk
07/24/2014  05:12 PM    <DIR>          Tools
02/15/2014  07:43 AM             1,104 Uninstall Malwarebytes Anti-Malware.lnk
               2 File(s)          2,184 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
02/15/2014  07:43 AM             1,375 Malwarebytes Anti-Malware Chameleon.lnk
               1 File(s)          1,375 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
 
02/15/2013  05:41 PM    <DIR>          .
02/15/2013  05:41 PM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
07/20/2014  09:31 PM             2,097 Skype.lnk
               1 File(s)          2,097 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
 
02/15/2013  05:41 PM    <DIR>          .
02/15/2013  05:41 PM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
 
07/13/2010  02:20 PM    <DIR>          .
07/13/2010  02:20 PM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
 
02/15/2013  05:41 PM    <DIR>          .
02/15/2013  05:41 PM    <DIR>          ..
               0 File(s)              0 bytes
 
     Total Files Listed:
              14 File(s)         15,300 bytes
              62 Dir(s)  197,304,643,584 bytes free
 
 
User's Start Menu 
 
 
 Volume in drive C has no label.
 Volume Serial Number is 2E8D-3DF0
 
 Directory of C:\Users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
07/24/2014  05:12 PM    <DIR>          Accessories
09/03/2013  08:01 AM    <DIR>          Administrative Tools
09/03/2013  08:01 AM               476 desktop.ini
07/24/2014  05:12 PM    <DIR>          Google Chrome
09/03/2013  08:01 AM             1,409 Internet Explorer (64-bit).lnk
09/03/2013  08:01 AM             1,403 Internet Explorer.lnk
07/24/2014  05:12 PM    <DIR>          Maintenance
09/03/2013  08:01 AM    <DIR>          Startup
07/24/2014  05:12 PM    <DIR>          VAIO Health Report
               3 File(s)          3,288 bytes
 
 Directory of C:\Users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
07/24/2014  05:12 PM    <DIR>          Accessibility
07/14/2009  12:54 AM             1,280 Command Prompt.lnk
07/14/2009  12:54 AM               678 Desktop.ini
07/14/2009  12:54 AM             1,304 Notepad.lnk
07/14/2009  12:49 AM               262 Run.lnk
07/24/2014  05:12 PM    <DIR>          System Tools
07/14/2009  12:49 AM             1,228 Windows Explorer.lnk
               5 File(s)          4,752 bytes
 
 Directory of C:\Users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
07/14/2009  12:54 AM               704 Desktop.ini
07/14/2009  12:54 AM             1,358 Ease of Access.lnk
07/14/2009  12:54 AM             1,258 Magnify.lnk
07/14/2009  12:54 AM             1,262 Narrator.lnk
07/14/2009  12:54 AM             1,250 On-Screen Keyboard.lnk
               5 File(s)          5,832 bytes
 
 Directory of C:\Users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
07/14/2009  12:49 AM               262 computer.lnk
07/14/2009  12:49 AM               262 Control Panel.lnk
09/03/2013  08:01 AM               738 Desktop.ini
09/03/2013  08:01 AM             1,453 Internet Explorer (No Add-ons).lnk
07/14/2009  12:54 AM             1,306 Private Character Editor.lnk
               5 File(s)          4,021 bytes
 
 Directory of C:\Users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
 
09/03/2013  08:01 AM    <DIR>          .
09/03/2013  08:01 AM    <DIR>          ..
09/03/2013  08:01 AM               174 desktop.ini
               1 File(s)            174 bytes
 
 Directory of C:\Users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
02/15/2014  06:30 AM             2,268 Google Chrome.lnk
               1 File(s)          2,268 bytes
 
 Directory of C:\Users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
07/14/2009  12:49 AM               318 Desktop.ini
07/14/2009  12:49 AM               262 Help.lnk
               2 File(s)            580 bytes
 
 Directory of C:\Users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
 
09/03/2013  08:01 AM    <DIR>          .
09/03/2013  08:01 AM    <DIR>          ..
09/03/2013  08:01 AM               174 desktop.ini
               1 File(s)            174 bytes
 
 Directory of C:\Users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VAIO Health Report
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
07/20/2014  09:48 PM             2,136 VAIO Health Report.lnk
               1 File(s)          2,136 bytes
 
     Total Files Listed:
              24 File(s)         23,225 bytes
              26 Dir(s)  197,304,639,488 bytes free
 
 
ComboFix Quarantine 
 
 
 Volume in drive C has no label.
 Volume Serial Number is 2E8D-3DF0
 
 Directory of C:\Qoobox
 
07/24/2014  05:12 PM    <DIR>          .
07/24/2014  05:12 PM    <DIR>          ..
02/15/2014  07:19 AM             8,157 Add-Remove Programs.txt
07/24/2014  05:12 PM    <DIR>          BackEnv
02/15/2014  07:34 AM            26,559 ComboFix-quarantined-files.txt
02/15/2014  07:34 AM            44,451 ComboFix2.txt
07/21/2014  06:39 PM    <DIR>          LastRun
02/15/2014  07:34 AM    <DIR>          Quarantine
07/21/2014  06:35 PM    <DIR>          Test
07/21/2014  06:35 PM    <DIR>          TestC
               3 File(s)         79,167 bytes
 
 Directory of C:\Qoobox\LastRun
 
07/21/2014  06:39 PM    <DIR>          .
07/21/2014  06:39 PM    <DIR>          ..
07/21/2014  06:39 PM                10 Gateway
               1 File(s)             10 bytes
 
 Directory of C:\Qoobox\Quarantine
 
02/15/2014  07:34 AM    <DIR>          .
02/15/2014  07:34 AM    <DIR>          ..
02/15/2014  07:02 AM    <DIR>          C
07/21/2014  06:35 PM               102 catchme.log
02/15/2014  07:34 AM                 0 MBR_HardDisk0.mbr
02/15/2014  07:18 AM    <DIR>          Registry_backups
               2 File(s)            102 bytes
 
 Directory of C:\Qoobox\Quarantine\C
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:02 AM    <DIR>          Program Files (x86)
02/15/2014  07:02 AM    <DIR>          ProgramData
02/15/2014  07:02 AM    <DIR>          Users
02/15/2014  07:02 AM    <DIR>          Windows
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:00 AM    <DIR>          FilmFanatic
02/15/2014  07:02 AM    <DIR>          FilmFanaticEI
02/15/2014  07:02 AM    <DIR>          FunWebProducts
02/15/2014  07:01 AM    <DIR>          MyWebSearch
02/15/2014  07:01 AM    <DIR>          Shop To Win
02/15/2014  07:01 AM    <DIR>          StartNow Toolbar
02/15/2014  07:01 AM    <DIR>          TelevisionFanatic
02/15/2014  07:02 AM    <DIR>          TelevisionFanaticEI
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\FilmFanatic
 
02/15/2014  07:00 AM    <DIR>          .
02/15/2014  07:00 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          bar
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\FilmFanatic\bar
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          1.bin
02/15/2014  07:01 AM    <DIR>          IE9Mesg
02/15/2014  07:01 AM    <DIR>          Message
02/15/2014  07:01 AM    <DIR>          Settings
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\FilmFanatic\bar\1.bin
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:00 AM    <DIR>          chrome
06/02/2011  01:43 AM               265 CHROME.MANIFEST.vir
06/02/2011  01:43 AM               903 INSTALL.RDF.vir
06/02/2011  01:43 AM            10,054 LOGO.BMP.vir
06/02/2011  01:43 AM            30,648 NPpaStub.dll.vir
06/02/2011  01:43 AM            34,856 paauxstb.dll.vir
06/02/2011  01:43 AM           706,488 pabar.dll.vir
06/02/2011  01:43 AM            34,840 pabarsvc.exe.vir
06/02/2011  01:43 AM            26,552 pabrmon.exe.vir
06/02/2011  01:43 AM            30,648 pabrstub.dll.vir
06/02/2011  01:43 AM            92,176 padatact.dll.vir
06/02/2011  01:43 AM            43,048 padlghk.dll.vir
06/02/2011  01:43 AM            55,224 padyn.dll.vir
06/02/2011  01:43 AM            92,184 pafeedmg.dll.vir
06/02/2011  01:43 AM            26,672 pahighin.exe.vir
06/02/2011  01:43 AM           104,456 pahtml.dll.vir
06/02/2011  01:43 AM           165,896 pahtmlmu.dll.vir
06/02/2011  01:43 AM            83,984 pahttpct.dll.vir
06/02/2011  01:43 AM            38,840 paidle.dll.vir
06/02/2011  01:43 AM            38,840 paieovr.dll.vir
06/02/2011  01:43 AM            30,752 paimpipe.exe.vir
06/02/2011  01:43 AM            26,672 pamedint.exe.vir
06/02/2011  01:43 AM            47,032 pamlbtn.dll.vir
06/02/2011  01:43 AM           153,624 pamsg.dll.vir
06/02/2011  01:43 AM            55,224 paPlugin.dll.vir
06/02/2011  01:43 AM           120,760 paradio.dll.vir
06/02/2011  01:43 AM            43,048 paregfft.dll.vir
06/02/2011  01:43 AM            43,048 paregiet.dll.vir
06/02/2011  01:43 AM            42,936 pascript.dll.vir
06/02/2011  01:43 AM           137,232 paskin.dll.vir
06/02/2011  01:43 AM            30,648 paskplay.exe.vir
06/02/2011  01:43 AM            59,320 paSrcAs.dll.vir
06/02/2011  01:43 AM            92,184 patpinst.dll.vir
06/02/2011  01:43 AM            42,936 pauabtn.dll.vir
              33 File(s)      2,541,990 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\FilmFanatic\bar\1.bin\chrome
 
02/15/2014  07:00 AM    <DIR>          .
02/15/2014  07:00 AM    <DIR>          ..
06/02/2011  01:43 AM            15,922 paffxtbr.jar.vir
               1 File(s)         15,922 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\FilmFanatic\bar\IE9Mesg
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
06/02/2011  01:43 AM           447,767 COMMON.T8S.vir
               1 File(s)        447,767 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\FilmFanatic\bar\Message
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
06/02/2011  01:43 AM            18,793 COMMON.T8S.vir
               1 File(s)         18,793 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\FilmFanatic\bar\Settings
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
06/02/2011  01:43 AM                24 s_pid.dat.vir
               1 File(s)             24 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\FilmFanaticEI
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\FunWebProducts
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          bar
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          Settings
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\Settings
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
09/13/2011  03:49 PM                24 s_pid.dat.vir
               1 File(s)             24 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\Shop To Win
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
08/17/2011  05:23 PM           358,400 InstallNotifier.exe.vir
11/20/2011  01:03 PM             4,211 unins000.dat.vir
11/20/2011  01:03 PM         1,174,083 unins000.exe.vir
               3 File(s)      1,536,694 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          Resources
07/27/2011  06:36 AM           183,394 StartNowToolbarUninstall.exe.vir
07/27/2011  11:15 AM           502,272 Toolbar32.dll.vir
07/27/2011  07:06 AM           267,488 ToolbarUpdaterService.exe.vir
11/20/2011  01:03 PM               241 uninstall.dat.vir
               4 File(s)        953,395 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Resources
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          images
11/20/2011  01:03 PM             1,064 installer.xml.vir
02/15/2014  07:01 AM    <DIR>          protect
02/15/2014  07:01 AM    <DIR>          reactivate
02/15/2014  07:01 AM    <DIR>          skin
07/27/2011  11:14 AM             5,682 toolbar.xml.vir
09/08/2012  08:42 PM             2,384 update.xml.vir
               3 File(s)          9,130 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Resources\images
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
06/09/2011  08:28 AM               566 engine_images.png.vir
06/09/2011  08:28 AM               804 engine_maps.png.vir
06/09/2011  08:28 AM               374 engine_news.png.vir
06/09/2011  08:28 AM               688 engine_videos.png.vir
06/09/2011  08:28 AM               845 engine_web.png.vir
06/09/2011  08:28 AM               537 icon_amazon.png.vir
06/09/2011  08:28 AM               248 icon_ebay.png.vir
06/09/2011  08:28 AM             1,224 icon_facebook.png.vir
06/09/2011  08:28 AM             1,370 icon_games.png.vir
06/09/2011  08:28 AM             1,467 icon_msn.png.vir
06/09/2011  08:28 AM             1,280 icon_shopping.png.vir
06/09/2011  08:28 AM             1,262 icon_travel.png.vir
06/09/2011  08:28 AM             1,420 icon_twitter.png.vir
06/09/2011  08:28 AM             2,674 startnow_logo.png.vir
              14 File(s)         14,759 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Resources\protect
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
04/07/2011  03:19 AM             1,606 index.html.vir
04/07/2011  03:19 AM               278 NotIE6.css.vir
04/07/2011  03:19 AM               309 OnlyIE6.css.vir
04/07/2011  03:19 AM             4,503 SearchProtectIcon.png.vir
04/07/2011  03:19 AM             1,009 window.css.vir
04/07/2011  03:19 AM             3,344 window.js.vir
               6 File(s)         11,049 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Resources\reactivate
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
04/07/2011  03:19 AM             1,582 index.html.vir
04/07/2011  03:19 AM            16,534 LeftImage.png.vir
04/07/2011  03:19 AM               269 NotIE6.css.vir
04/07/2011  03:19 AM               300 OnlyIE6.css.vir
04/07/2011  03:19 AM             1,009 window.css.vir
06/09/2011  08:28 AM             3,191 window.js.vir
               6 File(s)         22,885 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\StartNow Toolbar\Resources\skin
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
04/07/2011  03:19 AM               497 chevron_button.png.vir
04/07/2011  03:19 AM             2,023 searchbox_button_hover.png.vir
04/07/2011  03:19 AM             4,653 searchbox_button_normal.png.vir
04/07/2011  03:19 AM             2,885 searchbox_dropdown_button_normal.png.vir
04/07/2011  03:19 AM               168 searchbox_input_background.png.vir
04/07/2011  03:19 AM               177 searchbox_input_left.png.vir
04/07/2011  03:19 AM               158 searchbox_input_middle.png.vir
04/07/2011  03:19 AM               270 separator.png.vir
04/07/2011  03:19 AM               339 splitter.png.vir
04/07/2011  03:19 AM               206 toolbarbutton_ff_hover_c.png.vir
04/07/2011  03:19 AM             2,829 toolbarbutton_ie_hover_c.png.vir
04/07/2011  03:19 AM             2,838 toolbarbutton_ie_hover_l.png.vir
04/07/2011  03:19 AM             2,863 toolbarbutton_ie_hover_r.png.vir
04/07/2011  03:19 AM             2,828 toolbarbutton_ie_normal_c.png.vir
04/07/2011  03:19 AM             2,842 toolbarbutton_ie_normal_l.png.vir
04/07/2011  03:19 AM             2,880 toolbarbutton_ie_normal_r.png.vir
              16 File(s)         28,456 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanatic
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          bar
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          1.bin
02/15/2014  07:01 AM    <DIR>          2.bin
02/15/2014  07:01 AM    <DIR>          Message
02/15/2014  07:01 AM    <DIR>          Settings
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          chrome
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\1.bin\chrome
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
03/20/2011  06:14 AM            15,471 64ffxtbr.jar.vir
               1 File(s)         15,471 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\2.bin
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
03/24/2011  06:12 AM            36,864 64auxstb.dll.vir
03/24/2011  06:12 AM           702,464 64bar.dll.vir
03/24/2011  06:12 AM            36,864 64barsvc.exe.vir
03/24/2011  06:12 AM            27,648 64brmon.exe.vir
03/24/2011  06:12 AM            31,744 64brstub.dll.vir
03/24/2011  06:12 AM            94,208 64datact.dll.vir
03/24/2011  06:12 AM            45,056 64dlghk.dll.vir
03/24/2011  06:12 AM            56,320 64dyn.dll.vir
03/24/2011  06:12 AM            94,208 64feedmg.dll.vir
03/24/2011  06:12 AM            28,672 64highin.exe.vir
03/24/2011  06:12 AM            98,304 64html.dll.vir
03/24/2011  06:12 AM           167,936 64htmlmu.dll.vir
03/24/2011  06:12 AM            86,016 64httpct.dll.vir
03/24/2011  06:12 AM            39,936 64idle.dll.vir
03/24/2011  06:12 AM            32,768 64impipe.exe.vir
03/24/2011  06:12 AM            28,672 64medint.exe.vir
03/24/2011  06:12 AM            48,128 64mlbtn.dll.vir
03/24/2011  06:12 AM           155,648 64msg.dll.vir
03/24/2011  06:12 AM            56,320 64Plugin.dll.vir
03/24/2011  06:12 AM           121,856 64radio.dll.vir
03/24/2011  06:12 AM            45,056 64regfft.dll.vir
03/24/2011  06:12 AM            45,056 64regiet.dll.vir
03/24/2011  06:12 AM            44,032 64script.dll.vir
03/24/2011  06:12 AM           139,264 64skin.dll.vir
03/24/2011  06:12 AM            31,744 64skplay.exe.vir
03/24/2011  06:12 AM            60,416 64SrcAs.dll.vir
03/24/2011  06:12 AM            94,208 64tpinst.dll.vir
03/24/2011  06:12 AM            44,032 64uabtn.dll.vir
02/15/2014  07:01 AM    <DIR>          chrome
03/24/2011  06:12 AM               265 CHROME.MANIFEST.vir
03/24/2011  06:12 AM               903 INSTALL.RDF.vir
03/24/2011  06:12 AM            10,054 LOGO.BMP.vir
03/24/2011  06:12 AM            31,744 NP64Stub.dll.vir
              32 File(s)      2,536,406 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\2.bin\chrome
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
03/24/2011  06:12 AM            15,471 64ffxtbr.jar.vir
               1 File(s)         15,471 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\Message
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
03/24/2011  06:12 AM            18,793 COMMON.T8S.vir
               1 File(s)         18,793 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanatic\bar\Settings
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
03/24/2011  06:12 AM                24 s_pid.dat.vir
               1 File(s)             24 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Program Files (x86)\TelevisionFanaticEI
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\ProgramData
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2013  05:21 PM           294,912 JFTBGnQNMMjUDXg.exe.vir
02/15/2014  07:02 AM    <DIR>          Roaming
12/20/2011  11:51 AM         5,607,509 SPL1D44.tmp.vir
01/06/2012  05:32 PM           325,968 SPL44F9.tmp.vir
02/06/2012  12:38 AM           419,666 SPL61F.tmp.vir
02/04/2012  10:04 AM           848,890 SPL85F1.tmp.vir
01/06/2012  05:32 PM           325,968 SPLCAAC.tmp.vir
               6 File(s)      7,822,913 bytes
 
 Directory of C:\Qoobox\Quarantine\C\ProgramData\Roaming
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:02 AM    <DIR>          ladyE
02/15/2014  07:02 AM    <DIR>          pawnmart
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\ladyE
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          AppData
02/15/2014  07:02 AM    <DIR>          Desktop
02/15/2014  07:02 AM    <DIR>          Documents
02/15/2014  07:02 AM    <DIR>          Favorites
05/26/2011  07:53 AM            77,086 Uninstall.exe.vir
               1 File(s)         77,086 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\ladyE\AppData
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          Local
02/15/2014  07:02 AM    <DIR>          Roaming
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\ladyE\AppData\Local
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          CrashDumps
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\ladyE\AppData\Local\CrashDumps
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          Broadcom
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\ladyE\AppData\Local\CrashDumps\Broadcom
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
07/27/2012  12:59 PM           425,984 sezaspxj.dll.vir
               1 File(s)        425,984 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\ladyE\AppData\Roaming
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          Microsoft
03/28/2012  02:43 PM             1,725 result.db.vir
               1 File(s)          1,725 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\ladyE\AppData\Roaming\Microsoft
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          Internet Explorer
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\ladyE\AppData\Roaming\Microsoft\Internet Explorer
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
02/15/2014  07:01 AM    <DIR>          Quick Launch
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\ladyE\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
 
02/15/2014  07:01 AM    <DIR>          .
02/15/2014  07:01 AM    <DIR>          ..
09/03/2013  07:47 AM             1,542 System Repair.lnk.vir
               1 File(s)          1,542 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\ladyE\Desktop
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
09/03/2013  07:47 AM             1,518 System Repair.lnk.vir
               1 File(s)          1,518 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\ladyE\Documents
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
10/13/2010  04:47 PM            15,164 ~WRL0003.tmp.vir
11/12/2011  07:26 AM            43,008 ~WRL0004.tmp.vir
05/01/2012  07:40 PM            27,056 ~WRL3849.tmp.vir
               3 File(s)         85,228 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\ladyE\Favorites
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
04/26/2011  07:45 AM                 8 _favdata.dat.vir
               1 File(s)              8 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\pawnmart
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:02 AM    <DIR>          AppData
02/15/2014  07:02 AM    <DIR>          Desktop
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\pawnmart\AppData
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:02 AM    <DIR>          Roaming
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\pawnmart\AppData\Roaming
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:02 AM    <DIR>          Microsoft
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\pawnmart\AppData\Roaming\Microsoft
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:02 AM    <DIR>          Internet Explorer
02/15/2014  07:02 AM    <DIR>          Windows
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\pawnmart\AppData\Roaming\Microsoft\Internet Explorer
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:02 AM    <DIR>          Quick Launch
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\pawnmart\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  06:05 AM             1,542 System Repair.lnk.vir
               1 File(s)          1,542 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\pawnmart\AppData\Roaming\Microsoft\Windows
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:02 AM    <DIR>          Start Menu
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:02 AM    <DIR>          Programs
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:02 AM    <DIR>          System Repair
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\pawnmart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Repair
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  06:05 AM             1,554 System Repair.lnk.vir
09/03/2013  08:13 AM               768 Uninstall System Repair.lnk.vir
               2 File(s)          2,322 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Users\pawnmart\Desktop
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  06:05 AM             1,518 System Repair.lnk.vir
               1 File(s)          1,518 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Windows
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:02 AM    <DIR>          security
07/13/2009  09:14 PM            20,480 svchost.exe.vir
               1 File(s)         20,480 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Windows\security
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
02/15/2014  07:02 AM    <DIR>          database
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\Quarantine\C\Windows\security\database
 
02/15/2014  07:02 AM    <DIR>          .
02/15/2014  07:02 AM    <DIR>          ..
06/19/2011  12:25 PM         1,056,768 tmp.edb.vir
               1 File(s)      1,056,768 bytes
 
 Directory of C:\Qoobox\Quarantine\Registry_backups
 
02/15/2014  07:18 AM    <DIR>          .
02/15/2014  07:18 AM    <DIR>          ..
02/15/2014  07:18 AM                80 HKLM-Run-SynTPEnh.reg.dat
02/15/2014  06:57 AM             1,160 Service_FilmFanaticService.reg.dat
02/15/2014  06:57 AM             1,184 Service_TelevisionFanaticService.reg.dat
02/15/2014  07:00 AM               264 Service_Updater Service for StartNow Toolbar.reg.dat
02/15/2014  06:56 AM            19,115 tcpip.reg
02/15/2014  07:16 AM               896 Wow6432Node-BHO-{56E4076B-A42B-4745-BA35-34DA8AC4C2F2}.reg.dat
02/15/2014  07:16 AM               536 Wow6432Node-BHO-{5d79f641-c168-40df-a32f-bacea7509e75}.reg.dat
02/15/2014  07:16 AM               424 Wow6432Node-BHO-{631acb68-57c3-48af-9cc5-fcec0837ffd3}.reg.dat
02/15/2014  07:16 AM               738 Wow6432Node-BHO-{6E13D095-45C3-4271-9475-F3B48227DD9F}.reg.dat
02/15/2014  07:16 AM               424 Wow6432Node-BHO-{cb41fc95-f1b3-4797-8bb6-1012ff62abba}.reg.dat
02/15/2014  07:16 AM               530 Wow6432Node-BHO-{d5e9b421-c309-41de-9014-800a2adcdeb0}.reg.dat
02/15/2014  07:17 AM               135 Wow6432Node-HKLM-Run-Conime.reg.dat
02/15/2014  07:17 AM               179 Wow6432Node-HKLM-Run-FilmFanatic Browser Plugin Loader.reg.dat
02/15/2014  07:17 AM               154 Wow6432Node-HKLM-Run-JFTBGnQNMMjUDXg.exe.reg.dat
02/15/2014  07:17 AM               184 Wow6432Node-HKLM-Run-StartNowToolbarHelper.reg.dat
02/15/2014  07:17 AM               185 Wow6432Node-HKLM-Run-TelevisionFanatic Browser Plugin Loader.reg.dat
02/15/2014  07:17 AM               196 Wow6432Node-HKU-Default-Run-Broadcom.reg.dat
02/15/2014  07:17 AM               201 Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate.reg.dat
02/15/2014  07:16 AM               397 Wow6432Node-Toolbar-{0b84b4b4-8af8-4f1f-91fe-074a666f6425}.reg.dat
02/15/2014  07:17 AM               636 Wow6432Node-Toolbar-{5911488E-9D1E-40ec-8CBB-06B231CC153F}.reg.dat
02/15/2014  07:16 AM               409 Wow6432Node-Toolbar-{c98d5b61-b0ea-4d48-9839-1079d352d880}.reg.dat
              21 File(s)         28,027 bytes
 
 Directory of C:\Qoobox\Test
 
07/21/2014  06:35 PM    <DIR>          .
07/21/2014  06:35 PM    <DIR>          ..
               0 File(s)              0 bytes
 
 Directory of C:\Qoobox\TestC
 
07/21/2014  06:35 PM    <DIR>          .
07/21/2014  06:35 PM    <DIR>          ..
               0 File(s)              0 bytes
 
     Total Files Listed:
             174 File(s)     17,792,993 bytes
             195 Dir(s)  197,304,602,624 bytes free


#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:35 AM

Posted 24 July 2014 - 05:28 PM

Is that the whole file? Seem to be missing your user profile's start menu listing.



#14 BXTALE14

BXTALE14
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Atlanta
  • Local time:11:35 PM

Posted 24 July 2014 - 06:56 PM

That's the whole file I got once I downloaded what you told and copied and pasted all of the contents in the Notepad!



#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,540 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:35 AM

Posted 24 July 2014 - 09:42 PM

Unfortunately, I am not seeing any of the missing shortcuts in the CF quarantine so we wont be able to restore it from there and it doesnt look like CF removed them.

 

With that said, I am still curious as to why the empty folders didn't show in output you posted.

 

Can you click on the start menu and right click on the Microsoft Office in your start menu and then select open.

It should open an explorer window associated with that start menu folder.  If you click on the path in the top, please copy the whole path and paste it here as a reply.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users