Solved Infected with Sirefef

Sohee

Posts: 24   +0
One Google search later, and here I am. Apparently, there's been a lot of cases of this virus lately. I see a lot of Sirefef.B and Sirefef.Y here, but mine is Sirefef.R (virus) and Sirefef.AH (Trojan).

Like many before me, I saw that WSE stopped working. Unfortunately, I ignored it until I found an unknown program running in my system. I reinstalled WSE, intending to scan said program to see if it was malware, and WSE detected Sirefef instead. Now Windows fails and forces a restart after a minute whenever I try to start Windows normally or tell WSE to remove it in Safe Mode.

I have no logs or anything like that right now, but if it helps, I'm running Windows Vista 32-bit SP2.

Help would be appreciated, since I'd like to get this PC up and running again for a huge game update I'm looking forward to and an art project I'm working on, and I'd prefer not to follow Microsoft's advice of reinstalling Windows.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================================

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Ah, thanks for replying, Broni!
Unfortunately my computer doesn't have System Recovery Options in the Advanced Boot menu, nor do I have a Windows installation disk.
 
Okay, I got it.
--

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 27-06-2012 21:01:22
Running from F:\
Windows Vista (TM) Home Premium (X86) OS Language: English(US)
The current controlset is ControlSet002
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2007-09-19] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [154136 2007-09-19] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [137752 2007-09-19] (Intel Corporation)
HKLM\...\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [311296 2007-09-19] (Sony Corporation)
HKLM\...\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1 [53248 2007-09-06] (Sony Electronics, Inc.)
HKLM\...\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [290816 2007-08-27] ()
HKLM\...\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe" [20480 2007-10-17] (Sony Electronics, Inc.)
HKLM\...\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [45056 2007-10-12] (Sony Electronics, Inc.)
HKLM\...\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe" [577536 2007-07-20] ()
HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [115816 2007-01-09] (Symantec Corporation)
HKLM\...\Run: [TP CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config [820872 2007-02-08] (Symantec Corporation)
HKLM\...\Run: [Skytel] Skytel.exe [x]
HKLM\...\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun [68592 2009-06-19] (Google Inc.)
HKLM\...\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run [156672 2009-03-09] (Applian Technologies, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)
HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [202256 2010-07-24] (RealNetworks, Inc.)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1164584 2010-08-31] ()
HKLM\...\Run: [NPSStartup] [x]
HKLM\...\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe [646232 2011-09-30] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [PRISMSVR.EXE] "C:\Windows\system32\PRISMSVR.EXE" /APPLY [x]
HKLM\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [217256 2011-07-29] (Visicom Media Inc. (Powered by Panda Security))
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
HKU\Eric Yu\...\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun [1233920 2009-04-10] (Microsoft Corporation)
HKU\Eric Yu\...\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter [x]
HKU\Eric Yu\...\Policies\system: [LogonHoursAction] 2
HKU\Eric Yu\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Ivana\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-04-19] (Google Inc.)
HKU\Ivana\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
HKU\Ivana\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-07-26] ()
HKU\Ivana\...\Run: [Akamai NetSession Interface] "C:\Users\Ivana\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
HKU\Ivana\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Ivana\...\Policies\system: [LogonHoursAction] 2
HKU\Ivana\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Startup: C:\Users\All Users\Start Menu\Programs\Startup\AOL DDI.lnk
ShortcutTarget: AOL DDI.lnk -> C:\DDI\AOLICON.exe (No File)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Ivana\Start Menu\Programs\Startup\VirtualExpander.lnk
ShortcutTarget: VirtualExpander.lnk -> (No File)
================================ Services (Whitelisted) ==================
2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108648 2007-01-09] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108648 2007-01-09] (Symantec Corporation)
2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108648 2007-01-09] (Symantec Corporation)
3 comHost; "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" [49248 2007-01-12] (Symantec Corporation)
3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [292352 2008-01-18] (Microsoft Corporation)
3 ehSched; C:\Windows\ehome\ehsched.exe [131072 2006-11-02] (Microsoft Corporation)
2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2975352 2007-01-31] (Symantec Corporation)
3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
2 QBCFMonitorService; "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [20480 2007-09-05] (Intuit)
3 QBFCService; "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2007-05-24] (Intuit Inc.)
2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)
3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
3 Symantec Core LC; "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" [1174664 2008-03-21] (Symantec Corporation)
2 TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [5554552 2011-09-08] (Wacom Technology, Corp.)
2 TouchServicePen; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [451960 2011-09-08] (Wacom Technology, Corp.)
2 uCamMonitor; C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe [125440 2007-10-31] (ArcSoft, Inc.)
3 usprserv; C:\Windows\System32\svchost.exe -k netsvcs [21504 2008-01-18] (Microsoft Corporation)
3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe" [73728 2007-06-28] (Sony Corporation)
2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-14] (Sony Corporation)
3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2818048 2007-09-23] (Sony Corporation)
3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-08-08] (Sony Corporation)
3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-08-08] (Sony Corporation)
3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [292128 2007-09-28] (Sony Corporation)
3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [274432 2007-06-28] (Sony Corporation)
2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
2 VzCdbSvc; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [192512 2007-08-28] (Sony Corporation)
2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [131072 2007-08-28] (Sony Corporation)
2 WebrootSpySweeperService; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3572592 2008-01-04] (Webroot Software, Inc.)
2 Akamai; c:\program files\common files\akamai/netsession_win_80c2ffa.dll [x]
2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
3 VAIOMediaPlatform-UCLS-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [x]
 
========================== Drivers (Whitelisted) =============
3 apf001; \??\C:\Windows\system32\apf001.sys [10872 2011-12-19] ()
3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2007-10-29] (ArcSoft, Inc.)
3 IDSvix86; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [212280 2006-12-27] (Symantec Corporation)
2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2004-04-13] (Meetinghouse Data Communications)
0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070515.033\NAVENG.SYS [77688 2007-05-15] (Symantec Corporation)
3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070515.033\NAVEX15.SYS [852824 2007-05-15] (Symantec Corporation)
3 NCHSSVAD; C:\Windows\System32\drivers\nchssvad.sys [26112 2008-05-08] (NCH Swift Sound)
3 NETw4v32; C:\Windows\System32\DRIVERS\NETw4v32.sys [2251776 2007-09-26] (Intel Corporation)
3 R5U870FLx86; C:\Windows\System32\Drivers\R5U870FLx86.sys [73472 2007-10-16] (Ricoh)
3 R5U870FUx86; C:\Windows\System32\Drivers\R5U870FUx86.sys [43904 2007-10-16] (Ricoh)
3 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [417592 2007-02-01] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [247608 2007-01-11] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [276792 2007-01-11] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [25400 2007-01-11] (Symantec Corporation)
3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [90240 2009-05-13] (MCCI Corporation)
3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [14976 2009-05-13] (MCCI Corporation)
3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [121856 2009-05-13] (MCCI Corporation)
0 SSFS0BB9; C:\Windows\System32\Drivers\SSFS0BB9.SYS [20336 2008-01-04] (Webroot Software Inc (www.webroot.com))
0 SSHRMD; C:\Windows\System32\Drivers\SSHRMD.SYS [21872 2008-01-04] (Webroot Software Inc (www.webroot.com))
0 SSIDRV; C:\Windows\System32\Drivers\SSIDRV.SYS [163696 2008-01-04] (Webroot Software Inc (www.webroot.com))
3 SSKBFD; C:\Windows\System32\Drivers\sskbfd.sys [23920 2008-01-04] (Webroot Software Inc (www.webroot.com))
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [115000 2008-03-21] (Symantec Corporation)
3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27576 2007-01-09] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191544 2007-01-09] (Symantec Corporation)
3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [818688 2007-11-15] (Texas Instruments)
3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2008-05-01] (Texas Instruments Incorporated)
4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
1 jbedpbxqwyridrvi; C:\Windows\system32\drivers\jbedpbxqwyridrvi.sys [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
1 yqmpixviuxhltppx; C:\Windows\system32\drivers\yqmpixviuxhltppx.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-06-27 19:23 - 2012-06-27 19:48 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\ImgBurn
2012-06-27 19:22 - 2012-06-27 19:39 - 126310400 ____A C:\Users\Ivana\Downloads\Vista_Recovery_Disc.iso
2012-06-27 19:21 - 2012-06-27 19:21 - 00000000 ____D C:\Program Files\ImgBurn
2012-06-27 19:12 - 2012-06-27 19:12 - 00003958 ____A C:\Windows\PFRO.log
2012-06-27 18:17 - 2012-06-27 18:29 - 00003478 ____A C:\Windows\WindowsUpdate.log
2012-06-27 17:51 - 2012-06-27 17:51 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Malwarebytes
2012-06-27 17:51 - 2012-06-27 17:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-27 17:51 - 2012-06-27 17:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-27 17:51 - 2012-04-04 14:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-27 13:26 - 2012-06-27 13:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-27 09:57 - 2012-06-27 09:58 - 00000000 ____D C:\Users\Ivana\AppData\Local\{EFFC308C-1641-44F8-91C9-9D1036730AD1}
2012-06-27 09:57 - 2012-06-27 09:57 - 00000000 ____D C:\Users\Ivana\AppData\Local\{4335F55D-F831-46D6-87A2-E87E69A4ABB2}
2012-06-26 19:12 - 2012-06-26 19:12 - 00059136 ____A C:\Users\Ivana\Desktop\Doom (2) (48000 Hz).mp3
2012-06-26 16:05 - 2012-06-26 16:05 - 00018563 ____A C:\Users\Ivana\.recently-used.xbel
2012-06-26 16:02 - 2012-06-26 16:02 - 00001276 ____A C:\Users\Ivana\Desktop\pkjp.txt
2012-06-26 10:27 - 2012-06-26 10:27 - 00000000 ____D C:\Users\Ivana\AppData\Local\{05E95ED0-B361-46AF-8670-E409257F17E8}
2012-06-25 16:23 - 2012-06-25 16:24 - 00000175 ____A C:\Users\Ivana\Desktop\Kaitou R sheets.txt
2012-06-25 10:43 - 2012-06-25 10:43 - 00000000 ____D C:\Users\Ivana\AppData\Local\{23007D4A-7938-4BD3-9D4F-17EF5ACC580E}
2012-06-24 10:45 - 2012-06-24 10:45 - 00000000 ____D C:\Users\Ivana\AppData\Local\{C8E8E48E-8E4F-48C1-BD54-55C10DFA418C}
2012-06-23 22:44 - 2012-06-23 22:45 - 00000000 ____D C:\Users\Ivana\AppData\Local\{7214CC9D-F196-488E-8D09-A50209E412C6}
2012-06-23 10:44 - 2012-06-26 10:27 - 00000000 ____D C:\Users\Ivana\AppData\Local\{708631C6-0727-4A3E-B45E-45A7C4867CB6}
2012-06-22 11:35 - 2012-06-22 11:35 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-22 09:38 - 2012-06-22 09:38 - 00000000 ____D C:\Users\Ivana\AppData\Local\{C2C48BDD-827A-4238-996C-C9595583BC28}
2012-06-22 09:38 - 2012-06-22 09:38 - 00000000 ____D C:\Users\Ivana\AppData\Local\{6C120788-9F69-4447-B9A2-E93432FC55DE}
2012-06-21 18:09 - 2012-06-21 18:09 - 00000000 ____D C:\Users\Ivana\Documents\My Received Files
2012-06-21 17:02 - 2012-06-27 16:35 - 00000000 ____D C:\Users\Ivana\Tracing
2012-06-21 17:02 - 2012-06-21 17:03 - 00000000 ____D C:\Users\Ivana\AppData\Local\{BFEBE2A7-19C1-4F00-9B04-26F8C0D9B085}
2012-06-21 17:02 - 2012-06-21 17:02 - 00000000 ____D C:\Users\Ivana\AppData\Local\{F8DDE8B3-92A0-468D-9B4D-827CC33C0CB7}
2012-06-21 16:40 - 2012-06-23 10:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-06-21 15:19 - 2012-06-21 15:19 - 00000000 ____D C:\Users\Ivana\AppData\Local\FireAlpaca
2012-06-21 14:58 - 2012-06-21 14:58 - 00000974 ____A C:\Users\Public\Desktop\FireAlpaca.lnk
2012-06-21 14:58 - 2012-06-21 14:58 - 00000000 ____D C:\Program Files\FireAlpaca
2012-06-21 09:26 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 09:26 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 09:26 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 09:26 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 09:25 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 09:25 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 09:25 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 09:25 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 09:25 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-18 12:18 - 2012-06-04 20:54 - 00000000 ____D C:\Users\Ivana\Desktop\Appsheets
2012-06-16 11:26 - 2012-06-16 11:26 - 00000000 ____D C:\Program Files\Vectorian Inc
2012-06-16 11:02 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-16 11:02 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-16 11:02 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-16 11:02 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-16 11:02 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-16 11:02 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-16 11:02 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-16 11:02 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-16 11:02 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-16 11:02 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-16 11:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-16 11:01 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-16 11:01 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-16 11:01 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 10:59 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 10:59 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 10:58 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 10:58 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 10:58 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 09:59 - 2012-06-27 14:24 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Skype
2012-06-13 09:59 - 2012-06-13 09:59 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-13 09:59 - 2012-06-13 09:59 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-06-13 09:58 - 2012-06-13 09:59 - 00000000 ___RD C:\Program Files\Skype
2012-06-13 09:58 - 2012-06-13 09:59 - 00000000 ____D C:\Users\All Users\Skype
2012-06-13 09:13 - 2012-06-13 09:13 - 00000000 ____D C:\Users\Ivana\AppData\Local\Macromedia
2012-06-12 13:06 - 2012-06-12 13:06 - 00000014 ____A C:\Users\Ivana\Desktop\yukarins friend code.txt
2012-06-08 11:25 - 2012-06-08 16:14 - 2433958760 ____A (Nexon) C:\Users\Ivana\Desktop\DragonNestSetupV140.exe
2012-06-04 17:03 - 2012-06-12 11:47 - 00000000 ____D C:\Users\Ivana\AppData\Local\Procaster
2012-06-04 17:03 - 2012-06-06 09:54 - 00000900 ____A C:\Users\Public\Desktop\Livestream Procaster.lnk
2012-06-04 17:03 - 2012-06-06 09:54 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
2012-06-04 17:03 - 2012-06-06 09:54 - 00000000 ____D C:\Program Files\Livestream Procaster
2012-06-04 11:31 - 2012-06-04 11:31 - 00000000 ____D C:\Users\Ivana\AppData\Local\Unity
2012-05-29 10:51 - 2012-05-29 10:51 - 00000000 ____D C:\Users\Guest\Documents\Bluetooth Exchange Folder
2012-05-29 10:51 - 2012-05-29 10:51 - 00000000 ____D C:\Users\Guest\Bluetooth Software
2012-05-29 10:50 - 2012-06-27 14:39 - 00121328 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\Documents\Ask and Record Toolbar
2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Wacom
2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Real
2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Local\FLVService
2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-05-29 10:48 - 2012-05-29 10:51 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2012-05-29 10:48 - 2012-05-29 10:48 - 00000000 ____D C:\Users\Guest\AppData\Roaming\WTablet
2012-05-29 10:48 - 2012-05-29 10:48 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Sony Corporation
2012-05-29 10:47 - 2012-05-29 10:51 - 00000000 ____D C:\users\Guest
2012-05-29 10:47 - 2012-05-29 10:47 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2012-05-29 10:47 - 2010-01-04 18:32 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
2012-05-29 10:47 - 2008-04-29 15:37 - 00000000 ____D C:\Users\Guest\AppData\Local\Microsoft Help
 
============ 3 Months Modified Files and Folders ===============
2012-06-27 21:01 - 2012-06-27 21:01 - 00000000 ____D C:\FRST
2012-06-27 19:55 - 2011-07-16 13:43 - 00000000 ____D C:\Program Files\Common Files\Akamai
2012-06-27 19:55 - 2007-11-22 14:12 - 00001842 ____A C:\Windows\bthservsdp.dat
2012-06-27 19:55 - 2006-11-02 05:01 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-27 19:55 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-27 19:54 - 2006-11-02 04:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-27 19:54 - 2006-11-02 04:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-27 19:48 - 2012-06-27 19:23 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\ImgBurn
2012-06-27 19:39 - 2012-06-27 19:22 - 126310400 ____A C:\Users\Ivana\Downloads\Vista_Recovery_Disc.iso
2012-06-27 19:21 - 2012-06-27 19:21 - 00000000 ____D C:\Program Files\ImgBurn
2012-06-27 19:12 - 2012-06-27 19:12 - 00003958 ____A C:\Windows\PFRO.log
2012-06-27 19:12 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\IME
2012-06-27 18:29 - 2012-06-27 18:17 - 00003478 ____A C:\Windows\WindowsUpdate.log
2012-06-27 18:14 - 2010-02-04 21:39 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-27 17:54 - 2009-03-16 20:18 - 00001356 ____A C:\Users\Ivana\AppData\Local\d3d9caps.dat
2012-06-27 17:51 - 2012-06-27 17:51 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Malwarebytes
2012-06-27 17:51 - 2012-06-27 17:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-06-27 17:51 - 2012-06-27 17:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-06-27 16:42 - 2009-09-24 17:35 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-27 16:36 - 2009-09-17 20:15 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Winamp
2012-06-27 16:36 - 2007-12-09 20:16 - 00000000 ___RD C:\Users\Ivana\Documents\Setups
2012-06-27 16:35 - 2012-06-21 17:02 - 00000000 ____D C:\Users\Ivana\Tracing
2012-06-27 16:35 - 2008-05-08 17:51 - 00000000 ____D C:\Windows\Minidump
2012-06-27 14:49 - 2011-07-26 17:10 - 00000000 ____D C:\Users\Ivana\AppData\Local\PMB Files
2012-06-27 14:45 - 2012-05-14 17:49 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
2012-06-27 14:45 - 2008-04-19 16:26 - 00000000 ____D C:\users\Ivana
2012-06-27 14:44 - 2012-03-08 17:47 - 00000000 __SHD C:\Users\Ivana\AppData\Local\{98089a1f-1d93-dc65-6426-c6b07349cac9}
2012-06-27 14:39 - 2012-05-29 10:50 - 00121328 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-27 14:36 - 2012-04-21 16:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-27 14:24 - 2012-06-13 09:59 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Skype
2012-06-27 14:08 - 2010-02-04 21:39 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-27 13:27 - 2012-06-27 13:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-06-27 13:27 - 2011-01-28 17:54 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-27 13:26 - 2006-11-02 02:33 - 00713158 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-27 12:16 - 2009-03-25 14:55 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
2012-06-27 09:58 - 2012-06-27 09:57 - 00000000 ____D C:\Users\Ivana\AppData\Local\{EFFC308C-1641-44F8-91C9-9D1036730AD1}
2012-06-27 09:58 - 2011-05-05 16:03 - 00000000 ____D C:\Users\Ivana\AppData\Local\Windows Live
2012-06-27 09:57 - 2012-06-27 09:57 - 00000000 ____D C:\Users\Ivana\AppData\Local\{4335F55D-F831-46D6-87A2-E87E69A4ABB2}
2012-06-26 19:12 - 2012-06-26 19:12 - 00059136 ____A C:\Users\Ivana\Desktop\Doom (2) (48000 Hz).mp3
2012-06-26 16:05 - 2012-06-26 16:05 - 00018563 ____A C:\Users\Ivana\.recently-used.xbel
2012-06-26 16:05 - 2008-11-30 19:33 - 00000000 ____D C:\Users\Ivana\.gimp-2.6
2012-06-26 16:02 - 2012-06-26 16:02 - 00001276 ____A C:\Users\Ivana\Desktop\pkjp.txt
2012-06-26 10:27 - 2012-06-26 10:27 - 00000000 ____D C:\Users\Ivana\AppData\Local\{05E95ED0-B361-46AF-8670-E409257F17E8}
2012-06-26 10:27 - 2012-06-23 10:44 - 00000000 ____D C:\Users\Ivana\AppData\Local\{708631C6-0727-4A3E-B45E-45A7C4867CB6}
2012-06-25 16:24 - 2012-06-25 16:23 - 00000175 ____A C:\Users\Ivana\Desktop\Kaitou R sheets.txt
2012-06-25 10:43 - 2012-06-25 10:43 - 00000000 ____D C:\Users\Ivana\AppData\Local\{23007D4A-7938-4BD3-9D4F-17EF5ACC580E}
2012-06-24 10:45 - 2012-06-24 10:45 - 00000000 ____D C:\Users\Ivana\AppData\Local\{C8E8E48E-8E4F-48C1-BD54-55C10DFA418C}
2012-06-23 22:45 - 2012-06-23 22:44 - 00000000 ____D C:\Users\Ivana\AppData\Local\{7214CC9D-F196-488E-8D09-A50209E412C6}
2012-06-23 11:35 - 2012-04-21 16:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-06-23 11:35 - 2011-05-25 13:53 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-06-23 10:38 - 2012-06-21 16:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2012-06-22 18:05 - 2008-11-30 20:04 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\gtk-2.0
2012-06-22 11:35 - 2012-06-22 11:35 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-22 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2012-06-22 09:38 - 2012-06-22 09:38 - 00000000 ____D C:\Users\Ivana\AppData\Local\{C2C48BDD-827A-4238-996C-C9595583BC28}
2012-06-22 09:38 - 2012-06-22 09:38 - 00000000 ____D C:\Users\Ivana\AppData\Local\{6C120788-9F69-4447-B9A2-E93432FC55DE}
2012-06-21 18:09 - 2012-06-21 18:09 - 00000000 ____D C:\Users\Ivana\Documents\My Received Files
2012-06-21 17:03 - 2012-06-21 17:02 - 00000000 ____D C:\Users\Ivana\AppData\Local\{BFEBE2A7-19C1-4F00-9B04-26F8C0D9B085}
2012-06-21 17:02 - 2012-06-21 17:02 - 00000000 ____D C:\Users\Ivana\AppData\Local\{F8DDE8B3-92A0-468D-9B4D-827CC33C0CB7}
2012-06-21 16:50 - 2009-11-04 17:45 - 00000000 ____D C:\Program Files\Windows Live
2012-06-21 16:48 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2012-06-21 15:19 - 2012-06-21 15:19 - 00000000 ____D C:\Users\Ivana\AppData\Local\FireAlpaca
2012-06-21 14:58 - 2012-06-21 14:58 - 00000974 ____A C:\Users\Public\Desktop\FireAlpaca.lnk
2012-06-21 14:58 - 2012-06-21 14:58 - 00000000 ____D C:\Program Files\FireAlpaca
2012-06-21 10:32 - 2009-06-29 16:55 - 00000000 ____D C:\Users\Ivana\AppData\Local\FLVService
2012-06-19 17:23 - 2011-10-26 17:05 - 00000000 ____D C:\Users\Ivana\AppData\Local\Akamai
2012-06-16 22:10 - 2012-04-24 22:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-06-16 18:39 - 2008-04-19 18:27 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-06-16 16:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2012-06-16 16:16 - 2006-11-02 04:47 - 00668760 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-16 15:28 - 2011-05-26 10:55 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Audacity
2012-06-16 15:04 - 2009-12-07 20:17 - 00000000 ____D C:\Users\Ivana\Documents\Any Video Converter
2012-06-16 11:26 - 2012-06-16 11:26 - 00000000 ____D C:\Program Files\Vectorian Inc
2012-06-16 11:11 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-06-13 09:59 - 2012-06-13 09:59 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
2012-06-13 09:59 - 2012-06-13 09:59 - 00000000 ____D C:\Program Files\Common Files\Skype
2012-06-13 09:59 - 2012-06-13 09:58 - 00000000 ___RD C:\Program Files\Skype
2012-06-13 09:59 - 2012-06-13 09:58 - 00000000 ____D C:\Users\All Users\Skype
2012-06-13 09:14 - 2010-01-04 18:32 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
2012-06-13 09:13 - 2012-06-13 09:13 - 00000000 ____D C:\Users\Ivana\AppData\Local\Macromedia
2012-06-12 13:06 - 2012-06-12 13:06 - 00000014 ____A C:\Users\Ivana\Desktop\yukarins friend code.txt
2012-06-12 11:47 - 2012-06-04 17:03 - 00000000 ____D C:\Users\Ivana\AppData\Local\Procaster
2012-06-08 16:21 - 2011-07-27 10:07 - 00000175 ____A C:\Users\Public\Desktop\DragonNest.url
2012-06-08 16:15 - 2008-11-28 17:30 - 00000000 ____D C:\Nexon
2012-06-08 16:14 - 2012-06-08 11:25 - 2433958760 ____A (Nexon) C:\Users\Ivana\Desktop\DragonNestSetupV140.exe
2012-06-06 09:54 - 2012-06-04 17:03 - 00000900 ____A C:\Users\Public\Desktop\Livestream Procaster.lnk
2012-06-06 09:54 - 2012-06-04 17:03 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
2012-06-06 09:54 - 2012-06-04 17:03 - 00000000 ____D C:\Program Files\Livestream Procaster
2012-06-04 20:54 - 2012-06-18 12:18 - 00000000 ____D C:\Users\Ivana\Desktop\Appsheets
2012-06-04 11:31 - 2012-06-04 11:31 - 00000000 ____D C:\Users\Ivana\AppData\Local\Unity
2012-06-02 14:19 - 2012-06-21 09:26 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 09:26 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 09:26 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 09:25 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 09:25 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 14:19 - 2012-06-21 09:25 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-21 09:26 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-21 09:25 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 14:12 - 2012-06-21 09:25 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 16:49 - 2012-05-14 18:00 - 00000000 ____D C:\Users\Ivana\AppData\Local\Paint.NET
2012-05-30 11:18 - 2008-04-23 16:03 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Corel
2012-05-30 09:50 - 2008-04-19 16:26 - 00121328 ____A C:\Users\Ivana\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-29 11:07 - 2008-03-21 11:21 - 00000000 ____D C:\Users\All Users\Corel
2012-05-29 11:07 - 2008-03-21 11:20 - 00000000 ____D C:\Program Files\Corel
2012-05-29 10:51 - 2012-05-29 10:51 - 00000000 ____D C:\Users\Guest\Documents\Bluetooth Exchange Folder
2012-05-29 10:51 - 2012-05-29 10:51 - 00000000 ____D C:\Users\Guest\Bluetooth Software
2012-05-29 10:51 - 2012-05-29 10:48 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2012-05-29 10:51 - 2012-05-29 10:47 - 00000000 ____D C:\users\Guest
2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\Documents\Ask and Record Toolbar
2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Wacom
2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Real
2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Local\FLVService
2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-05-29 10:48 - 2012-05-29 10:48 - 00000000 ____D C:\Users\Guest\AppData\Roaming\WTablet
2012-05-29 10:48 - 2012-05-29 10:48 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Sony Corporation
2012-05-29 10:47 - 2012-05-29 10:47 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2012-05-20 13:18 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-20 09:02 - 2008-03-21 11:16 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-19 23:15 - 2006-11-02 02:23 - 00000240 ____A C:\Windows\win.ini
2012-05-19 22:55 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2012-05-17 15:11 - 2012-06-16 11:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-16 11:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-16 11:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-16 11:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-16 11:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:35 - 2012-06-16 11:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:33 - 2012-06-16 11:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-16 11:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-16 11:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-16 11:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-16 11:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-16 11:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-16 11:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-16 11:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-16 22:15 - 2012-05-16 22:15 - 00001701 ____A C:\Users\Public\Desktop\AIM.lnk
2012-05-16 22:15 - 2009-10-12 21:19 - 00000000 ____D C:\Users\Ivana\AppData\Local\AIM
2012-05-16 22:15 - 2008-03-21 11:00 - 00001110 ___AH C:\IPH.PH
2012-05-16 22:14 - 2012-05-16 22:14 - 00000000 ____D C:\Program Files\Common Files\Software Update Utility
2012-05-16 22:14 - 2009-10-13 18:09 - 00000000 ____D C:\Program Files\AIM
2012-05-16 00:05 - 2008-10-26 11:33 - 00000000 ____D C:\Users\Ivana\Documents\DVDVideoSoft
2012-05-15 17:14 - 2007-11-24 11:49 - 00000000 ____D C:\Users\Ivana\Desktop\Unused Desktop Shortcuts
2012-05-15 15:34 - 2007-11-22 15:14 - 00000000 ____D C:\Program Files\Common Files\Java
2012-05-15 15:32 - 2012-05-15 15:32 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-05-15 15:32 - 2012-05-15 15:32 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-05-15 15:32 - 2012-05-15 15:32 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-05-15 15:32 - 2012-05-15 15:32 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-05-15 15:32 - 2010-05-05 17:51 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-05-15 11:51 - 2012-06-14 10:58 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-14 18:04 - 2012-05-14 18:04 - 00000939 ____A C:\Users\Public\Desktop\Paint.NET.lnk
2012-05-14 18:03 - 2012-05-14 18:01 - 00000000 ____D C:\Program Files\Paint.NET
2012-05-14 17:49 - 2012-05-14 17:49 - 00000000 ____D C:\Users\Ivana\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-05-14 17:48 - 2008-04-19 19:06 - 00000000 ____D C:\Users\Ivana\AppData\Local\Google
2012-05-14 17:44 - 2012-05-14 17:44 - 00809288 ____A (AirInstaller Inc.) C:\Users\Ivana\Downloads\setup.exe
2012-05-01 06:03 - 2012-06-14 10:58 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-29 16:20 - 2012-04-29 16:20 - 00000000 ____D C:\Program Files\Kap.SATc
2012-04-24 22:18 - 2012-04-24 22:18 - 00000000 ____D C:\Users\All Users\Mozilla
2012-04-23 08:00 - 2012-06-14 10:59 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 08:00 - 2012-06-14 10:59 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 08:00 - 2012-06-14 10:58 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-22 00:30 - 2012-03-12 21:59 - 00000000 ____D C:\Users\Ivana\Documents\THOCC Concept Contest
2012-04-07 00:43 - 2012-04-07 00:43 - 00000684 ____A C:\Users\Ivana\Desktop\dark pit.txt
2012-04-04 14:56 - 2012-06-27 17:51 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 01:53 - 2012-04-04 01:53 - 00001978 ____A C:\Users\Ivana\Desktop\redo question.txt
2012-04-04 01:12 - 2012-03-16 04:38 - 00002450 ____A C:\Users\Ivana\Desktop\description.txt
2012-04-04 01:08 - 2012-03-25 23:24 - 00002108 ____A C:\Users\Ivana\Desktop\commissions.txt
2012-04-04 00:52 - 2012-04-04 00:52 - 00001021 ____A C:\Users\Ivana\Desktop\concepts.txt
2012-04-03 00:16 - 2012-05-14 15:47 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-04-03 00:16 - 2012-05-14 15:47 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-31 21:02 - 2012-03-31 21:02 - 00008986 ____A C:\Users\Ivana\Desktop\BannedStory_Project.bsproj
2012-03-31 20:59 - 2012-03-31 20:59 - 06688541 ____A C:\Users\Ivana\Desktop\BannedStory_SpriteSheet.zip
2012-03-30 04:39 - 2012-05-14 16:08 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
ZeroAccess:
C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}
C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\@
C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\L
C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\n
C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U
C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U\00000001.@
C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U\80000000.@
C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U\800000cb.@
ZeroAccess:
C:\Users\Ivana\AppData\Local\{98089a1f-1d93-dc65-6426-c6b07349cac9}
C:\Users\Ivana\AppData\Local\{98089a1f-1d93-dc65-6426-c6b07349cac9}\@
C:\Users\Ivana\AppData\Local\{98089a1f-1d93-dc65-6426-c6b07349cac9}\L
C:\Users\Ivana\AppData\Local\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U
 
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 20%
Total physical RAM: 2037.81 MB
Available physical RAM: 1616.5 MB
Total Pagefile: 1853.88 MB
Available Pagefile: 1689.61 MB
Total Virtual: 2047.88 MB
Available Virtual: 1983.72 MB
======================= Partitions =========================
1 Drive c: (Vista) (Fixed) (Total:224.8 GB) (Free:118.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
3 Drive e: (Recovery) (Fixed) (Total:8.09 GB) (Free:0.83 GB) NTFS
4 Drive f: () (Removable) (Total:3.72 GB) (Free:2.61 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 993 KB
Disk 1 Online 3815 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 8 GB 1024 KB
Partition 2 Primary 225 GB 8 GB
======================================================================================================
Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 8 GB Healthy Hidden
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 C Vista NTFS Partition 225 GB Healthy
======================================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3815 MB 8 KB
======================================================================================================
Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 F FAT32 Removable 3815 MB Healthy
======================================================================================================
==========================================================
Last Boot: 2012-06-27 19:28
======================= End Of Log ==========================
 
Good job :)

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
I assume one of these results is the copy made by the virus?
--

Farbar Recovery Scan Tool Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-27 23:10:28
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2009-09-24 17:35] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2008-05-21 14:54] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
[2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0
C:\Windows\System32\services.exe
[2009-09-24 17:35] - [2012-06-27 21:52] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843
=== End Of Search ===
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

See if you can boot normally.

If so...

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    519 bytes · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
Ran by SYSTEM at 2012-06-28 18:07:33 Run:1
Running from F:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
jbedpbxqwyridrvi service deleted successfully.
yqmpixviuxhltppx service deleted successfully.
C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9} moved successfully.
C:\Users\Ivana\AppData\Local\{98089a1f-1d93-dc65-6426-c6b07349cac9} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====
 
ComboFix 12-06-28.03 - Ivana 8/2012 Thu 18:31:42.1.2 - x86
Running from: c:\users\Ivana\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-29 01:49 . 2012-06-29 01:56 -------- d-----w- c:\users\Ivana\AppData\Local\temp
2012-06-29 01:49 . 2012-06-29 01:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-06-29 01:49 . 2012-06-29 01:49 -------- d-----w- c:\users\Eric Yu\AppData\Local\temp
2012-06-29 01:49 . 2012-06-29 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-28 05:01 . 2012-06-28 05:02 -------- d-----w- C:\FRST
2012-06-28 03:23 . 2012-06-28 03:48 -------- d-----w- c:\users\Ivana\AppData\Roaming\ImgBurn
2012-06-28 03:21 . 2012-06-28 03:21 -------- d-----w- c:\program files\ImgBurn
2012-06-28 01:51 . 2012-06-28 01:51 -------- d-----w- c:\users\Ivana\AppData\Roaming\Malwarebytes
2012-06-28 01:51 . 2012-06-28 01:51 -------- d-----w- c:\programdata\Malwarebytes
2012-06-28 01:51 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 01:51 . 2012-06-28 01:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-27 21:58 . 2012-06-27 21:50 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15483DB3-D715-41E5-8DC6-8A52D0812E94}\gapaengine.dll
2012-06-27 21:52 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2DEB424-E6DF-4F73-9E69-6A2C2917716D}\mpengine.dll
2012-06-27 21:26 . 2012-06-27 21:27 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-22 19:35 . 2012-06-22 19:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-22 01:02 . 2012-06-29 01:13 -------- d-----w- c:\users\Ivana\Tracing
2012-06-22 00:55 . 2012-06-22 00:55 -------- d-----w- c:\windows\en
2012-06-22 00:48 . 2012-06-22 00:48 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-22 00:40 . 2012-06-23 18:38 -------- d-----w- c:\program files\Microsoft Silverlight
2012-06-22 00:38 . 2012-06-22 00:38 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\57f35a391cd500f03\DXSETUP.exe
2012-06-22 00:38 . 2012-06-22 00:38 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\57f35a391cd500f03\dsetup32.dll
2012-06-22 00:38 . 2012-06-22 00:38 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\57f35a391cd500f03\DSETUP.dll
2012-06-22 00:38 . 2012-06-22 00:38 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\4d6e2d191cd500f02\Silverlight.4.0.exe
2012-06-21 23:19 . 2012-06-21 23:19 -------- d-----w- c:\users\Ivana\AppData\Local\FireAlpaca
2012-06-21 22:58 . 2012-06-21 22:58 -------- d-----w- c:\program files\FireAlpaca
2012-06-16 19:26 . 2012-06-16 19:26 -------- d-----w- c:\program files\Vectorian Inc
2012-06-16 19:02 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-16 19:02 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-06-16 19:02 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-06-16 19:02 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-06-16 19:02 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-16 19:02 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-06-16 19:02 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-06-16 19:01 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-16 19:01 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-16 19:01 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-14 18:59 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 18:59 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 18:58 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 18:58 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 17:59 . 2012-06-27 22:24 -------- d-----w- c:\users\Ivana\AppData\Roaming\Skype
2012-06-13 17:59 . 2012-06-13 17:59 -------- d-----w- c:\program files\Common Files\Skype
2012-06-13 17:58 . 2012-06-13 17:59 -------- d-----r- c:\program files\Skype
2012-06-13 17:58 . 2012-06-13 17:59 -------- d-----w- c:\programdata\Skype
2012-06-13 17:13 . 2012-06-13 17:13 -------- d-----w- c:\users\Ivana\AppData\Local\Macromedia
2012-06-06 17:53 . 2012-06-06 17:53 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-06 17:53 . 2012-06-06 17:53 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-05 01:03 . 2012-06-06 17:54 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-06-05 01:03 . 2012-06-12 19:47 -------- d-----w- c:\users\Ivana\AppData\Local\Procaster
2012-06-05 01:03 . 2012-06-06 17:54 -------- d-----w- c:\program files\Livestream Procaster
2012-06-04 19:31 . 2012-06-04 19:31 -------- d-----w- c:\users\Ivana\AppData\Local\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 19:35 . 2012-04-22 00:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 19:35 . 2011-05-25 21:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 17:25 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 17:26 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 17:26 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 17:25 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 17:25 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 17:26 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 17:26 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 17:25 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:12 . 2012-06-21 17:25 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-05-17 22:35 . 2012-06-16 19:02 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 23:32 . 2012-05-15 23:32 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-15 23:32 . 2010-05-06 01:51 472864 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-15 19:51 . 2012-06-14 18:58 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-04-03 08:16 . 2012-05-14 23:47 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-14 23:47 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-17 02:39 . 2011-03-24 01:17 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 06:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-12-01 00:06 303104 ------w- c:\ddi\OverIcon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
[HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
2008-11-29 00:00 73728 ----a-w- c:\users\Ivana\AppData\Local\Sony Corporation\VirtualExpander\VEShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-27 3077528]
"Akamai NetSession Interface"="c:\users\Ivana\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-08 4423680]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-13 45056]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"TP CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" [2007-02-08 820872]
"Skytel"="Skytel.exe" [2007-04-08 1822720]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-20 68592]
"Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-24 202256]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-09-30 646232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
.
c:\users\Ivana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
VirtualExpander.lnk - c:\users\Ivana\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe [2008-4-29 474808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AOL DDI.lnk - c:\ddi\AOLICON.exe [N/A]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintServer Diagnostic]
2004-11-25 00:09 266240 ----a-w- c:\program files\Print Server\PTP\PSDiagnostic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
2008-01-05 03:56 5367664 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-03-10 01:58 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 19:35]
.
2012-06-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-20 18:19]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:39]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://sbc.yahoo.com/dsl
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2....barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.serebii.net/index2.shtml
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NPSStartup - (no file)
HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-28 18:58
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{90222687-F593-4738-B738-FBEE9C7B26DF}"=hex:51,66,7a,6c,4c,1d,38,12,e9,25,31,
94,a1,bb,56,02,c8,2e,b8,ae,99,25,62,cb
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c
"{1E8A6170-7264-4D0F-BEAE-D42A53123C75}"=hex:51,66,7a,6c,4c,1d,38,12,1e,62,99,
1a,56,3c,61,08,c1,b8,97,6a,56,4c,78,61
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:e5,7f,ee,10,b9,50,cd,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5656)
c:\ddi\overicon.dll
c:\users\Ivana\AppData\Local\Sony Corporation\VirtualExpander\VEShellExt.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Tablet\Pen\Pen_TouchService.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Tablet\Pen\Pen_Tablet.exe
c:\program files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\program files\Common Files\microsoft shared\ink\TabTip.exe
c:\program files\Tablet\Pen\Pen_TouchUser.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Tablet\Pen\Pen_TabletUser.exe
c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
c:\program files\Tablet\Pen\Pen_Tablet.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.
Completion time: 2012-06-28 19:07:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-29 02:07
.
Pre-Run: 133,691,404,288 bytes free
Post-Run: 133,656,760,320 bytes free
.
- - End Of File - - D8F55FAC047D6E9CE971AD8BA03965DE
 
Looks good :)

Any current issues?

=================================================

Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===============================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Everything is working well so far. My OS and WSE are loading properly. MBAM detected a couple of things, but neither is Sirefef. :D
I'll restart and do the OTL scan now.
--

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.06.28.02
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Ivana :: EVERGREEN [administrator]
6/28/2012 7:22:27 PM
mbam-log-2012-06-28 (19-22-27).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262137
Time elapsed: 29 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 2
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
 
OTL logfile created on: 6/28/2012 8:08:54 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Ivana\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.24% Memory free
4.21 Gb Paging File | 3.04 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.80 Gb Total Space | 124.25 Gb Free Space | 55.27% Space Free | Partition Type: NTFS

Computer Name: EVERGREEN | User Name: Ivana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/28 19:21:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ivana\Desktop\OTL.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Ivana\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/30 16:33:24 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
PRC - [2011/09/08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2011/09/08 17:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2011/09/08 17:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2011/09/08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2011/07/29 13:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/07/26 18:10:20 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/08/31 23:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/09 18:29:41 | 000,156,672 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
PRC - [2008/01/04 20:56:52 | 003,572,592 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/10/31 14:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/10/31 09:40:08 | 000,125,440 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
PRC - [2007/10/30 12:04:08 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/10/30 12:04:08 | 000,748,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/10/12 17:29:56 | 000,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
PRC - [2007/09/20 11:05:10 | 000,550,776 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/09/19 12:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/09/06 16:38:24 | 000,053,248 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe
PRC - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/08/28 17:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/08/28 17:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 21:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/28 09:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/15 12:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/03/05 13:27:32 | 000,474,808 | ---- | M] (Sony Corporation) -- C:\Users\Ivana\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe
PRC - [2007/01/09 21:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/16 17:18:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/16 17:18:10 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/20 14:25:33 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/20 14:25:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/09/30 16:33:24 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
MOD - [2011/09/08 17:48:36 | 000,962,936 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll
MOD - [2011/07/26 18:10:20 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2010/08/31 23:39:28 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/08/31 23:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2007/10/30 11:57:58 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/10/30 11:44:52 | 000,393,216 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007/09/19 17:04:28 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/23 12:35:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/16 19:39:25 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/22 20:14:49 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/09/08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011/09/08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2008/03/21 12:31:46 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/04 20:56:52 | 003,572,592 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2007/10/31 09:40:08 | 000,125,440 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/09/28 22:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 11:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 19:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/28 17:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 17:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 00:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 00:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 00:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 00:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 00:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 09:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 09:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/31 13:11:42 | 002,975,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/12 19:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/19 21:19:38 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf001.sys -- (apf001)
DRV - [2010/10/11 12:19:36 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/10/11 12:19:28 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/10/11 12:19:26 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/05/13 11:41:02 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2009/05/13 11:41:02 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2009/05/13 11:41:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2008/05/08 18:05:36 | 000,026,112 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/05/01 08:11:45 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2008/03/21 12:33:39 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2008/01/04 20:34:34 | 000,163,696 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (SSIDRV)
DRV - [2008/01/04 20:34:34 | 000,021,872 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (SSHRMD)
DRV - [2008/01/04 20:34:34 | 000,020,336 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SSFS0BB9.sys -- (SSFS0BB9)
DRV - [2007/11/15 17:29:22 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/10/29 19:30:30 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/10/16 17:01:59 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/10/16 17:01:59 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/04 17:02:46 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/04 17:02:11 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/08/28 18:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/05/26 01:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/05/15 01:00:00 | 000,852,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070515.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/05/15 01:00:00 | 000,077,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070515.033\NAVENG.SYS -- (NAVENG)
DRV - [2007/02/01 02:21:02 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/01/11 18:22:20 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/01/11 18:22:18 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/01/11 18:22:14 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/01/09 14:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/01/09 14:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2006/12/27 22:48:26 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys -- (IDSvix86)
DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2001/05/07 03:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{3B0B8EFF-3619-4856-A1EA-F5B3DAF4B5EA}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7;
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_.../barsearch.jhtml&st=sb&searchfor={searchTerms}
IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\SearchScopes\{28F4A32B-116F-48fd-B4CE-4273852BB730}: "URL" = http://search.gphotoshow-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\SearchScopes\{3B0B8EFF-3619-4856-A1EA-F5B3DAF4B5EA}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7;
IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en
IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\SearchScopes\{A5566DA7-69CA-43C1-AE1C-458F2F1BD036}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.serebii.net/index2.shtml"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.99999
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ivana\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Users\Ivana\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 19:39:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/15 16:32:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 19:39:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/15 16:32:45 | 000,000,000 | ---D | M]

[2008/06/17 20:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Extensions
[2012/06/27 11:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions
[2010/04/27 15:39:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/20 17:42:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/06/27 11:28:59 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions\crossriderapp2258@crossrider.com
[2011/03/11 18:50:51 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions\personas@christopher.beard
[2008/08/23 12:08:00 | 000,002,109 | ---- | M] () -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\searchplugins\youtube-video-search.xml
[2012/06/06 10:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/20 11:15:56 | 000,459,683 | ---- | M] () (No name found) -- C:\USERS\IVANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9MK8YXVA.DEFAULT\EXTENSIONS\NICOFOX@LITTLEBTC.XPI
[2012/06/16 19:39:26 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/03/15 01:29:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/15 01:29:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/28 18:56:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\Toolbar\WebBrowser: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TP CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe (Symantec Corporation)
O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIO Help and Support Demo] C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe ()
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001..\Run: [Akamai NetSession Interface] C:\Users\Ivana\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Ivana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtualExpander.lnk = C:\Users\Ivana\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabinogi.com:88/renderer/mabiweb.2009.4.9.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABE3899E-4A54-402C-9350-879195F38C10}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E75B49DA-A45C-4BE5-ADB6-6407114BCFE2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Ivana\Pictures\shrine.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ivana\Pictures\shrine.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.CSCD - C:\Windows\System32\camcodec.dll (RenderSoft Software)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.mp42 - mpg4c32.dll File not found
Drivers32: vidc.mp43 - mpg4c32.dll File not found
Drivers32: vidc.mpg4 - mpg4c32.dll File not found
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 19:21:21 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Ivana\Desktop\OTL.exe
[2012/06/28 19:07:33 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\temp
[2012/06/28 19:06:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/28 18:26:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/28 18:26:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/28 18:26:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/28 18:26:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/28 18:26:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/28 18:20:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/28 18:16:08 | 004,566,027 | R--- | C] (Swearware) -- C:\Users\Ivana\Desktop\ComboFix.exe
[2012/06/28 18:14:49 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{E50FE989-A0F1-437A-9675-C31A45D47BA0}
[2012/06/28 18:14:34 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{AC8CEADA-6384-430C-8970-4314DF14E92B}
[2012/06/27 22:01:11 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/27 20:23:52 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Roaming\ImgBurn
[2012/06/27 20:21:40 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/06/27 20:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/06/27 18:51:59 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Roaming\Malwarebytes
[2012/06/27 18:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/27 18:51:54 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/27 18:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/27 18:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/27 14:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/27 14:21:11 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/27 10:57:51 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{EFFC308C-1641-44F8-91C9-9D1036730AD1}
[2012/06/27 10:57:18 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{4335F55D-F831-46D6-87A2-E87E69A4ABB2}
[2012/06/26 11:27:34 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{05E95ED0-B361-46AF-8670-E409257F17E8}
[2012/06/25 11:43:18 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{23007D4A-7938-4BD3-9D4F-17EF5ACC580E}
[2012/06/24 11:45:21 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{C8E8E48E-8E4F-48C1-BD54-55C10DFA418C}
[2012/06/23 23:44:53 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{7214CC9D-F196-488E-8D09-A50209E412C6}
[2012/06/23 11:44:43 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{708631C6-0727-4A3E-B45E-45A7C4867CB6}
[2012/06/22 12:35:41 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/06/22 10:38:20 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{C2C48BDD-827A-4238-996C-C9595583BC28}
[2012/06/22 10:38:05 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{6C120788-9F69-4447-B9A2-E93432FC55DE}
[2012/06/21 19:09:36 | 000,000,000 | ---D | C] -- C:\Users\Ivana\Documents\My Received Files
[2012/06/21 18:02:45 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{BFEBE2A7-19C1-4F00-9B04-26F8C0D9B085}
[2012/06/21 18:02:33 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{F8DDE8B3-92A0-468D-9B4D-827CC33C0CB7}
[2012/06/21 18:02:13 | 000,000,000 | ---D | C] -- C:\Users\Ivana\Tracing
[2012/06/21 17:55:54 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/21 17:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/06/21 17:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/06/21 16:19:20 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\FireAlpaca
[2012/06/21 15:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireAlpaca
[2012/06/21 15:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\FireAlpaca
[2012/06/18 13:18:06 | 000,000,000 | ---D | C] -- C:\Users\Ivana\Desktop\Appsheets
[2012/06/16 12:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorian Giotto
[2012/06/16 12:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Vectorian Inc
[2012/06/13 10:59:17 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Roaming\Skype
[2012/06/13 10:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/13 10:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/06/13 10:58:57 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/06/13 10:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/06/13 10:13:18 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\Macromedia
[2012/06/08 12:25:23 | 2433,958,760 | ---- | C] (Nexon) -- C:\Users\Ivana\Desktop\DragonNestSetupV140.exe
[2012/06/04 18:03:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2012/06/04 18:03:39 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\Procaster
[2012/06/04 18:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livestream Procaster
[2012/06/04 18:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Livestream Procaster
[2012/06/04 12:31:36 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\Unity
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/28 20:08:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/28 20:04:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 20:01:49 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 20:01:48 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/28 20:01:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/28 20:01:23 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/28 19:59:55 | 000,001,842 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/28 19:35:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/28 19:21:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ivana\Desktop\OTL.exe
[2012/06/28 18:56:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/28 18:16:15 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\Ivana\Desktop\ComboFix.exe
[2012/06/27 18:54:32 | 000,001,356 | ---- | M] () -- C:\Users\Ivana\AppData\Local\d3d9caps.dat
[2012/06/27 14:27:41 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/27 14:26:58 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/27 14:26:58 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/27 13:16:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/06/26 20:12:29 | 000,059,136 | ---- | M] () -- C:\Users\Ivana\Desktop\Doom (2) (48000 Hz).mp3
[2012/06/26 17:05:08 | 000,215,247 | ---- | M] () -- C:\Users\Ivana\Desktop\Photo0569.jpg
[2012/06/26 17:05:08 | 000,018,563 | ---- | M] () -- C:\Users\Ivana\.recently-used.xbel
[2012/06/26 16:44:14 | 001,233,629 | ---- | M] () -- C:\Users\Ivana\Desktop\forest_path_anime_background_by_wbd-d3l83r9.jpg
[2012/06/26 15:09:27 | 000,474,129 | ---- | M] () -- C:\Users\Ivana\Desktop\Anime_Style_Beach_Background_by_wbd.jpg
[2012/06/21 15:58:25 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\FireAlpaca.lnk
[2012/06/17 15:41:39 | 000,030,835 | ---- | M] () -- C:\Users\Ivana\Desktop\5565eefb8ec44845_1338622384.jpg
[2012/06/17 15:19:08 | 000,131,068 | ---- | M] () -- C:\Users\Ivana\Desktop\27890042_p10.jpg
[2012/06/16 17:16:20 | 000,668,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 10:59:02 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/08 17:21:14 | 000,000,175 | ---- | M] () -- C:\Users\Public\Desktop\DragonNest.url
[2012/06/08 17:14:00 | 2433,958,760 | ---- | M] (Nexon) -- C:\Users\Ivana\Desktop\DragonNestSetupV140.exe
[2012/06/06 10:54:11 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/28 18:26:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/28 18:26:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/28 18:26:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/28 18:26:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/28 18:26:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/28 18:09:20 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/27 20:21:40 | 000,001,685 | ---- | C] () -- C:\Users\Ivana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/06/27 14:27:08 | 000,001,831 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/26 22:01:55 | 000,215,247 | ---- | C] () -- C:\Users\Ivana\Desktop\Photo0569.jpg
[2012/06/26 20:12:25 | 000,059,136 | ---- | C] () -- C:\Users\Ivana\Desktop\Doom (2) (48000 Hz).mp3
[2012/06/26 17:05:08 | 000,018,563 | ---- | C] () -- C:\Users\Ivana\.recently-used.xbel
[2012/06/26 16:43:53 | 001,233,629 | ---- | C] () -- C:\Users\Ivana\Desktop\forest_path_anime_background_by_wbd-d3l83r9.jpg
[2012/06/26 15:08:48 | 000,474,129 | ---- | C] () -- C:\Users\Ivana\Desktop\Anime_Style_Beach_Background_by_wbd.jpg
[2012/06/21 17:50:56 | 000,002,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/06/21 15:58:25 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\FireAlpaca.lnk
[2012/06/17 15:41:37 | 000,030,835 | ---- | C] () -- C:\Users\Ivana\Desktop\5565eefb8ec44845_1338622384.jpg
[2012/06/17 15:18:52 | 000,131,068 | ---- | C] () -- C:\Users\Ivana\Desktop\27890042_p10.jpg
[2012/06/13 10:59:02 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/04 18:03:43 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2011/12/19 21:19:38 | 000,012,920 | ---- | C] () -- C:\Windows\System32\apl001.sys
[2011/12/19 21:19:38 | 000,010,872 | ---- | C] () -- C:\Windows\System32\apf001.sys
[2011/09/08 18:34:17 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/08/20 14:04:10 | 000,004,296 | ---- | C] () -- C:\Windows\checkip.dat
[2010/11/20 23:26:16 | 000,000,067 | ---- | C] () -- C:\Windows\Star Video Converter.INI
[2009/11/15 16:35:54 | 000,002,292 | ---- | C] () -- C:\Users\Ivana\AppData\Roaming\ASSDraw3.cfg
[2009/03/16 21:18:16 | 000,001,356 | ---- | C] () -- C:\Users\Ivana\AppData\Local\d3d9caps.dat
[2008/05/16 18:29:41 | 000,032,256 | ---- | C] () -- C:\Users\Ivana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/27 18:48:27 | 000,000,552 | ---- | C] () -- C:\Users\Ivana\AppData\Local\d3d8caps.dat
[2008/04/19 17:26:05 | 000,001,232 | RHS- | C] () -- C:\Users\Ivana\ntuser.pol

========== LOP Check ==========

[2012/05/29 11:50:07 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Wacom
[2008/06/17 20:54:12 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\acccore
[2010/11/19 18:13:14 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Aegisub
[2009/12/07 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\AnvSoft
[2012/06/16 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Audacity
[2009/11/15 17:38:09 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\avidemux
[2011/11/13 14:29:00 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Design Science
[2012/06/22 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\gtk-2.0
[2012/06/27 20:48:49 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\ImgBurn
[2008/05/08 18:05:33 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\NCH Swift Sound
[2010/04/10 18:47:35 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\NetMedia Providers
[2008/04/30 00:46:01 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Nexon
[2010/02/07 16:58:57 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Publish Providers
[2010/06/21 15:29:18 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Sakura
[2010/09/25 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Samsung
[2011/08/15 14:16:04 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\ShanghaiAlice
[2010/04/10 18:46:38 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Sony
[2010/09/14 20:31:50 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\SYSTEMAX Software Development
[2011/12/20 15:39:08 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\SystemRequirementsLab
[2010/07/24 14:01:27 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Titanium
[2011/06/08 10:19:10 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Wacom
[2011/06/08 10:19:12 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010/11/20 17:03:57 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\WinFF
[2012/06/28 20:00:08 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/02/11 16:43:20 | 000,001,256 | ---- | M] () -- C:\Ask & Record Toolbar Setup Log.txt
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/11/22 12:59:39 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/06/28 19:07:30 | 000,022,911 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2012/06/28 20:01:23 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/23 15:52:02 | 000,000,164 | ---- | M] () -- C:\install.dat
[2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/05/08 17:55:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/05/16 23:15:07 | 000,001,110 | -H-- | M] () -- C:\IPH.PH
[2008/05/08 17:55:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/03/01 21:27:39 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2011/03/01 21:27:39 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2011/03/01 21:27:39 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2011/03/01 21:27:41 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{230467fa-447b-11e0-b9f4-001e3d888441}.TM.blf
[2011/03/01 21:27:40 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{230467fa-447b-11e0-b9f4-001e3d888441}.TMContainer00000000000000000001.regtrans-ms
[2011/03/01 21:27:40 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{230467fa-447b-11e0-b9f4-001e3d888441}.TMContainer00000000000000000002.regtrans-ms
[2012/06/28 20:01:21 | 2451,243,008 | -HS- | M] () -- C:\pagefile.sys
[2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2008/03/21 12:28:47 | 000,392,802 | ---- | M] () -- C:\vcredist_x86.log
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2011/08/20 14:58:24 | 000,000,000 | ---- | M] () -- C:\wizard.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/24 19:35:49 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 00:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/05/21 23:59:55 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/05 19:46:47 | 000,000,221 | -HS- | M] () -- C:\Users\Ivana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/28 18:16:15 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\Ivana\Desktop\ComboFix.exe
[2012/06/08 17:14:00 | 2433,958,760 | ---- | M] (Nexon) -- C:\Users\Ivana\Desktop\DragonNestSetupV140.exe
[2012/06/28 19:21:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ivana\Desktop\OTL.exe
[2010/06/14 18:04:11 | 000,315,392 | ---- | M] ( ) -- C:\Users\Ivana\Desktop\PianoRollComposer.exe
[2010/03/14 00:10:12 | 000,408,064 | ---- | M] () -- C:\Users\Ivana\Desktop\Pokesav HGSS - ENG - PP.org.exe
[2010/06/18 14:20:14 | 004,542,800 | ---- | M] (Microsoft Corporation) -- C:\Users\Ivana\Desktop\vs_proweb.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/28 19:35:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/27 13:16:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/06/28 20:04:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/28 20:08:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/28 20:01:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/06/28 20:00:08 | 000,032,646 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/04/19 17:26:13 | 000,000,402 | -HS- | M] () -- C:\Users\Ivana\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6547C5A3
< End of report >
 
OTL Extras logfile created on: 6/28/2012 8:08:55 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Ivana\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.24% Memory free
4.21 Gb Paging File | 3.04 Gb Available in Paging File | 72.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.80 Gb Total Space | 124.25 Gb Free Space | 55.27% Space Free | Partition Type: NTFS

Computer Name: EVERGREEN | User Name: Ivana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9002254F-6AE1-4096-B589-A88C09DB3948}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{93E137D9-0C11-40BF-8247-3629B78F08F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{21E73920-6CB6-4ADC-AEEB-7EC33604F2B3}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"TCP Query User{AD333EC1-1C87-4C77-9FF5-F0F1D6CE5707}C:\users\ivana\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\ivana\appdata\local\akamai\netsession_win.exe |
"UDP Query User{B27BB1E2-044B-4E03-86DA-61AEF170C1BC}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"UDP Query User{F2037962-DC31-4D2C-9DFD-B54F31BE6E47}C:\users\ivana\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\ivana\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.8
"{2515EAA9-AE9F-4F0A-8301-B40034838B8A}" = Livestream Procaster
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}" = MapleStory
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-I Visual Effects
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.2
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1" = “Œ•û”ñ‘z“V‘¥ Ver1.10ƒAƒbƒvƒf[ƒg
"{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
"{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2F83792-DA53-487F-B2F8-84A98E51B7FD}_is1" = Power CD+G to Video Karaoke Converter
"{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard
"{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D937DD80-3928-4617-876F-538A25AECB17}" = LocationFree Player
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5397A82-641F-4643-8200-51D7F0016511}" = Click to Disc
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2Wire SetupWiz" = SBC Yahoo! DSL Home Networking Installer
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface Service
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"Any Video Converter_is1" = Any Video Converter 3.1.2
"ASIO4ALL" = ASIO4ALL
"Ask & Record Toolbar4.01" = Ask & Record Toolbar 4.01
"Audacity_is1" = Audacity 1.2.6
"Bamboo Dock" = Bamboo Dock 3.3
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"CCleaner" = CCleaner
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DragonNest" = DragonNest
"Drumaxx" = Drumaxx
"DSMT5" = MathType 5
"EdenEternal" = EdenEternal
"Finale PrintMusic 2008" = Finale PrintMusic 2008
"FireAlpaca_is1" = FireAlpaca 1.0.30
"FL Studio 9" = FL Studio 9
"Fraps" = Fraps
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
"Free Audio Dub_is1" = Free Audio Dub version 1.5
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 1.4
"Google Updater" = Google Updater
"Hardcore" = Hardcore
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Higher Score on the SAT/PSAT_is1" = Higher Score on the SAT/PSAT
"Hisoutensoku English" = NSIS Hisoutensoku English
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HyperCam 2" = HyperCam 2
"IL Download Manager" = IL Download Manager
"ImgBurn" = ImgBurn
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MapleStory" = MapleStory
"MegaMan_ScreeenSaver" = MegaMan_ScreeenSaver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Print Monitor" = Network Print Monitor for Windows
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"osu!" = osu!
"Pen Tablet Driver" = Bamboo
"PoiZone" = PoiZone
"Print Server Driver" = Print Server Driver
"Quick Search Box" = Google Quick Search Box
"RealPlayer 12.0" = RealPlayer
"Sakura" = Sakura
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
"Sawer" = Sawer
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"VAIO Service Utility" = VAIO Service Utility
"Vectorian Giotto_is1" = Vectorian Giotto 3.0.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite" = Windows Live Essentials
"Xvid_is1" = Xvid 1.2.1 final uninstall
"YInstHelper" = Yahoo! Install Manager
"東方神霊廟 体験版_is1" = 東方神霊廟 体験版 ver 0.01a
 
========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Energy Skate Park" = Energy Skate Park
"Forces in 1 Dimension" = Forces in 1 Dimension
"Ladybug Revolution" = Ladybug Revolution
"Magnet and Compass" = Magnet and Compass
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/28/2012 9:57:13 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2012 9:57:13 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2012 10:07:38 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2012 10:07:38 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2012 10:07:38 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2012 10:07:38 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2012 10:07:38 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2012 10:07:39 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2012 10:07:39 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2012 11:02:07 PM | Computer Name = EVERGREEN | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

[ Media Center Events ]
Error - 4/30/2008 8:32:55 PM | Computer Name = Evergreen | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/25/2008 7:35:41 PM | Computer Name = Evergreen | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/27/2008 11:15:36 PM | Computer Name = Evergreen | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 7/23/2009 9:31:12 PM | Computer Name = EVERGREEN | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 9/28/2008 6:47:40 PM | Computer Name = Evergreen | Source = Service Control Manager | ID = 7000
Description =

Error - 9/28/2008 8:04:28 PM | Computer Name = Evergreen | Source = Service Control Manager | ID = 7011
Description =

Error - 9/29/2008 6:59:44 PM | Computer Name = Evergreen | Source = HTTP | ID = 15016
Description =

Error - 9/29/2008 7:01:20 PM | Computer Name = Evergreen | Source = Service Control Manager | ID = 7000
Description =

Error - 9/29/2008 7:16:41 PM | Computer Name = Evergreen | Source = Print | ID = 6161
Description = The document Microsoft PowerPoint - American Storyboard, owned by
Ivana, failed to print on printer HP DeskJet 970Cse. Try to print the document again,
or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in
bytes: 4758136. Number of bytes printed: 0. Total number of pages in the document:
4. Number of pages printed: 0. Client computer: \\EVERGREEN. Win32 error code returned
by the print processor: 2. The system cannot find the file specified.

Error - 9/30/2008 6:08:09 PM | Computer Name = Evergreen | Source = HTTP | ID = 15016
Description =

Error - 9/30/2008 6:09:43 PM | Computer Name = Evergreen | Source = Service Control Manager | ID = 7000
Description =

Error - 10/1/2008 6:27:00 PM | Computer Name = Evergreen | Source = HTTP | ID = 15016
Description =

Error - 10/1/2008 6:28:38 PM | Computer Name = Evergreen | Source = Service Control Manager | ID = 7000
Description =

Error - 10/2/2008 12:16:46 AM | Computer Name = EVERGREEN | Source = HTTP | ID = 15016
Description =


< End of report >
 
Good :)

You have some Norton's leftovers.
Please run this tool to remove them: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

=================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.99999
    O2 - BHO: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\Toolbar\WebBrowser: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O37 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\...com [@ = ComFile] -- Reg Error: Key error. File not found
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6547C5A3
    
    :Services
    
    :Reg
    
    :Files
    C:\Program Files\Ask.com
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
I ran the Norton Removal Tool, but all it did was extract some files then stopped doing anything. A Norton 360 trial was preinstalled on my computer but I never activated it. I think the tool doesn't detect an active Norton product on my computer?

So I gave up on the Norton Removal Tool and moved on to run the OTL fix. The first time I tried it, OTL crashed halfway. I logged out and relogged in to reactivate the processes, then ran the fix again. This time, it completed and this is the log I got.
--

All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: toolbar@ask.com:3.8.0.99999 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ask and Record FLV Service not found.
File C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_USERS\S-1-5-21-3410675808-1924818942-1369259615-1001_Classes\.com\ not found.
Registry key HKEY_USERS\S-1-5-21-3410675808-1924818942-1369259615-1001_Classes\ComFile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF .
Unable to delete ADS C:\ProgramData\TEMP:6547C5A3 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\Ask.com not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eric Yu
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ivana
->Temp folder emptied: 704290 bytes
->Temporary Internet Files folder emptied: 19386609 bytes
->Java cache emptied: 6846996 bytes
->FireFox cache emptied: 85008770 bytes
->Flash cache emptied: 2940861 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15218 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 110.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Eric Yu

User: Guest

User: Ivana
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Eric Yu
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Ivana
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06282012_223956
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JET4DB2.tmp not found!
File\Folder C:\Windows\temp\JET5D2C.tmp not found!
PendingFileRenameOperations files...
File C:\Windows\temp\JET4DB2.tmp not found!
File C:\Windows\temp\JET5D2C.tmp not found!
Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
SonicStage Mastering Studio Audio Filter Custom Preset
Norton 360
Microsoft Security Essentials
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

CA Yahoo! Anti-Spy (remove only)
Spy Sweeper
CCleaner
Java(TM) 6 Update 32
Java(TM) SE Runtime Environment 6
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 11.3.300.262
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
 
Farbar Service Scanner Version: 25-06-2012 01
Ran by Ivana (administrator) on 28-06-2012 at 23:05:25
Running from "C:\Users\Ivana\Desktop"
MicrosoftR Windows Vista? Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2012-05-14 17:08] - [2012-03-30 05:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2012-06-14 11:59] - [2012-04-23 09:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****
 
C:\FRST\Quarantine\services.exe Win32/Sirefef.FB.Gen trojan deleted - quarantined
C:\FRST\Quarantine\{98089a1f-1d93-dc65-6426-c6b07349cac9}\n Win32/Sirefef.EV trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan cleaned by deleting - quarantined
C:\Users\Ivana\Documents\Setups\WebfettiSetup2.2.60.11-2.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
 
Back