TechSpot

Infected with Sirefef

Solved
By Sohee
Jun 27, 2012
  1. One Google search later, and here I am. Apparently, there's been a lot of cases of this virus lately. I see a lot of Sirefef.B and Sirefef.Y here, but mine is Sirefef.R (virus) and Sirefef.AH (Trojan).

    Like many before me, I saw that WSE stopped working. Unfortunately, I ignored it until I found an unknown program running in my system. I reinstalled WSE, intending to scan said program to see if it was malware, and WSE detected Sirefef instead. Now Windows fails and forces a restart after a minute whenever I try to start Windows normally or tell WSE to remove it in Safe Mode.

    I have no logs or anything like that right now, but if it helps, I'm running Windows Vista 32-bit SP2.

    Help would be appreciated, since I'd like to get this PC up and running again for a huge game update I'm looking forward to and an art project I'm working on, and I'd prefer not to follow Microsoft's advice of reinstalling Windows.
     
  2. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ========================================================

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  3. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    Ah, thanks for replying, Broni!
    Unfortunately my computer doesn't have System Recovery Options in the Advanced Boot menu, nor do I have a Windows installation disk.
     
  4. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Sending PM.
     
  5. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    Okay, I got it.
    --

    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 20-06-2012 01
    Ran by SYSTEM at 27-06-2012 21:01:22
    Running from F:\
    Windows Vista (TM) Home Premium (X86) OS Language: English(US)
    The current controlset is ControlSet002
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2007-09-19] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [154136 2007-09-19] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [137752 2007-09-19] (Intel Corporation)
    HKLM\...\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [311296 2007-09-19] (Sony Corporation)
    HKLM\...\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1 [53248 2007-09-06] (Sony Electronics, Inc.)
    HKLM\...\Run: [VAIO Help and Support Demo] "C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [290816 2007-08-27] ()
    HKLM\...\Run: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe" [20480 2007-10-17] (Sony Electronics, Inc.)
    HKLM\...\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [45056 2007-10-12] (Sony Electronics, Inc.)
    HKLM\...\Run: [VAIOSurvey] "C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe" [577536 2007-07-20] ()
    HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [115816 2007-01-09] (Symantec Corporation)
    HKLM\...\Run: [TP CfgWiz] "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" -G:{2D617065-1C52-4240-B5BC-C0AE12157777} -T:Config [820872 2007-02-08] (Symantec Corporation)
    HKLM\...\Run: [Skytel] Skytel.exe [x]
    HKLM\...\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun [68592 2009-06-19] (Google Inc.)
    HKLM\...\Run: [Ask and Record FLV Service] "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run [156672 2009-03-09] (Applian Technologies, Inc.)
    HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-03-17] (Apple Inc.)
    HKLM\...\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot [202256 2010-07-24] (RealNetworks, Inc.)
    HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1164584 2010-08-31] ()
    HKLM\...\Run: [NPSStartup] [x]
    HKLM\...\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe [646232 2011-09-30] ()
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)
    HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
    HKLM\...\Run: [PRISMSVR.EXE] "C:\Windows\system32\PRISMSVR.EXE" /APPLY [x]
    HKLM\...\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [217256 2011-07-29] (Visicom Media Inc. (Powered by Panda Security))
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [931200 2012-03-26] (Microsoft Corporation)
    HKU\Eric Yu\...\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun [1233920 2009-04-10] (Microsoft Corporation)
    HKU\Eric Yu\...\Run: [WindowsWelcomeCenter] "rundll32.exe" oobefldr.dll,ShowWelcomeCenter [x]
    HKU\Eric Yu\...\Policies\system: [LogonHoursAction] 2
    HKU\Eric Yu\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Ivana\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [68856 2008-04-19] (Google Inc.)
    HKU\Ivana\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-18] (Microsoft Corporation)
    HKU\Ivana\...\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe [3077528 2011-07-26] ()
    HKU\Ivana\...\Run: [Akamai NetSession Interface] "C:\Users\Ivana\AppData\Local\Akamai\netsession_win.exe" [4327744 2012-05-26] (Akamai Technologies, Inc)
    HKU\Ivana\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
    HKU\Ivana\...\Policies\system: [LogonHoursAction] 2
    HKU\Ivana\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKLM\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462408 2012-04-04] (Malwarebytes Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Winlogon\Notify\VESWinlogon: VESWinlogon.dll (Sony Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\AOL DDI.lnk
    ShortcutTarget: AOL DDI.lnk -> C:\DDI\AOLICON.exe (No File)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    Startup: C:\Users\Ivana\Start Menu\Programs\Startup\VirtualExpander.lnk
    ShortcutTarget: VirtualExpander.lnk -> (No File)
    ================================ Services (Whitelisted) ==================
    2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108648 2007-01-09] (Symantec Corporation)
    2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108648 2007-01-09] (Symantec Corporation)
    2 CLTNetCnService; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [108648 2007-01-09] (Symantec Corporation)
    3 comHost; "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" [49248 2007-01-12] (Symantec Corporation)
    3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [292352 2008-01-18] (Microsoft Corporation)
    3 ehSched; C:\Windows\ehome\ehsched.exe [131072 2006-11-02] (Microsoft Corporation)
    2 Eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 2008-01-18] (Microsoft Corporation)
    3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2975352 2007-01-31] (Symantec Corporation)
    3 MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [45056 2006-12-14] (Sony Corporation)
    3 PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [57344 2006-12-14] ()
    2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
    2 QBCFMonitorService; "C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe" [20480 2007-09-05] (Intuit)
    3 QBFCService; "C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe" [61440 2007-05-24] (Intuit Inc.)
    2 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [160944 2012-06-05] (Skype Technologies)
    3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69632 2006-12-14] (Sony Corporation)
    3 Symantec Core LC; "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" [1174664 2008-03-21] (Symantec Corporation)
    2 TabletServicePen; C:\Program Files\Tablet\Pen\Pen_Tablet.exe [5554552 2011-09-08] (Wacom Technology, Corp.)
    2 TouchServicePen; C:\Program Files\Tablet\Pen\Pen_TouchService.exe [451960 2011-09-08] (Wacom Technology, Corp.)
    2 uCamMonitor; C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe [125440 2007-10-31] (ArcSoft, Inc.)
    3 usprserv; C:\Windows\System32\svchost.exe -k netsvcs [21504 2008-01-18] (Microsoft Corporation)
    3 VAIO Entertainment TV Device Arbitration Service; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe" [73728 2007-06-28] (Sony Corporation)
    2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182392 2007-08-14] (Sony Corporation)
    3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2818048 2007-09-23] (Sony Corporation)
    3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-08-08] (Sony Corporation)
    3 VAIOMediaPlatform-UCLS-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [745472 2007-01-10] (Sony Corporation)
    3 VAIOMediaPlatform-UCLS-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [1089536 2007-08-08] (Sony Corporation)
    3 VcmIAlzMgr; "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" [292128 2007-09-28] (Sony Corporation)
    3 Vcsw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM [274432 2007-06-28] (Sony Corporation)
    2 Viewpoint Manager Service; "C:\Program Files\Viewpoint\Common\ViewpointService.exe" [24652 2007-01-04] (Viewpoint Corporation)
    2 VzCdbSvc; "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" [192512 2007-08-28] (Sony Corporation)
    2 VzFw; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe [131072 2007-08-28] (Sony Corporation)
    2 WebrootSpySweeperService; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3572592 2008-01-04] (Webroot Software, Inc.)
    2 Akamai; c:\program files\common files\akamai/netsession_win_80c2ffa.dll [x]
    2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x]
    3 NisSrv; "c:\Program Files\Microsoft Security Client\NisSrv.exe" [x]
    3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
    3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
    3 VAIOMediaPlatform-UCLS-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-UCLS-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\UCLS\HTTP" [x]
     
  6. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    ========================== Drivers (Whitelisted) =============
    3 apf001; \??\C:\Windows\system32\apf001.sys [10872 2011-12-19] ()
    3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [17920 2007-10-29] (ArcSoft, Inc.)
    3 IDSvix86; \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [212280 2006-12-27] (Symantec Corporation)
    2 MDC8021X; C:\Windows\System32\DRIVERS\mdc8021x.sys [15781 2004-04-13] (Meetinghouse Data Communications)
    0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
    3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070515.033\NAVENG.SYS [77688 2007-05-15] (Symantec Corporation)
    3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070515.033\NAVEX15.SYS [852824 2007-05-15] (Symantec Corporation)
    3 NCHSSVAD; C:\Windows\System32\drivers\nchssvad.sys [26112 2008-05-08] (NCH Swift Sound)
    3 NETw4v32; C:\Windows\System32\DRIVERS\NETw4v32.sys [2251776 2007-09-26] (Intel Corporation)
    3 R5U870FLx86; C:\Windows\System32\Drivers\R5U870FLx86.sys [73472 2007-10-16] (Ricoh)
    3 R5U870FUx86; C:\Windows\System32\Drivers\R5U870FUx86.sys [43904 2007-10-16] (Ricoh)
    3 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [417592 2007-02-01] (Symantec Corporation)
    3 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [247608 2007-01-11] (Symantec Corporation)
    3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [276792 2007-01-11] (Symantec Corporation)
    1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [25400 2007-01-11] (Symantec Corporation)
    3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [90240 2009-05-13] (MCCI Corporation)
    3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [14976 2009-05-13] (MCCI Corporation)
    3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [121856 2009-05-13] (MCCI Corporation)
    0 SSFS0BB9; C:\Windows\System32\Drivers\SSFS0BB9.SYS [20336 2008-01-04] (Webroot Software Inc (www.webroot.com))
    0 SSHRMD; C:\Windows\System32\Drivers\SSHRMD.SYS [21872 2008-01-04] (Webroot Software Inc (www.webroot.com))
    0 SSIDRV; C:\Windows\System32\Drivers\SSIDRV.SYS [163696 2008-01-04] (Webroot Software Inc (www.webroot.com))
    3 SSKBFD; C:\Windows\System32\Drivers\sskbfd.sys [23920 2008-01-04] (Webroot Software Inc (www.webroot.com))
    3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [115000 2008-03-21] (Symantec Corporation)
    3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [27576 2007-01-09] (Symantec Corporation)
    1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [191544 2007-01-09] (Symantec Corporation)
    3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [818688 2007-11-15] (Texas Instruments)
    3 TIEHDUSB; C:\Windows\System32\drivers\tiehdusb.sys [49536 2008-05-01] (Texas Instruments Incorporated)
    4 blbdrive; C:\Windows\system32\drivers\blbdrive.sys [x]
    3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
    3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
    3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
    1 jbedpbxqwyridrvi; C:\Windows\system32\drivers\jbedpbxqwyridrvi.sys [x]
    3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
    3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
    1 yqmpixviuxhltppx; C:\Windows\system32\drivers\yqmpixviuxhltppx.sys [x]
    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============
    2012-06-27 19:23 - 2012-06-27 19:48 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\ImgBurn
    2012-06-27 19:22 - 2012-06-27 19:39 - 126310400 ____A C:\Users\Ivana\Downloads\Vista_Recovery_Disc.iso
    2012-06-27 19:21 - 2012-06-27 19:21 - 00000000 ____D C:\Program Files\ImgBurn
    2012-06-27 19:12 - 2012-06-27 19:12 - 00003958 ____A C:\Windows\PFRO.log
    2012-06-27 18:17 - 2012-06-27 18:29 - 00003478 ____A C:\Windows\WindowsUpdate.log
    2012-06-27 17:51 - 2012-06-27 17:51 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Malwarebytes
    2012-06-27 17:51 - 2012-06-27 17:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-27 17:51 - 2012-06-27 17:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-06-27 17:51 - 2012-04-04 14:56 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-27 13:26 - 2012-06-27 13:27 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-27 09:57 - 2012-06-27 09:58 - 00000000 ____D C:\Users\Ivana\AppData\Local\{EFFC308C-1641-44F8-91C9-9D1036730AD1}
    2012-06-27 09:57 - 2012-06-27 09:57 - 00000000 ____D C:\Users\Ivana\AppData\Local\{4335F55D-F831-46D6-87A2-E87E69A4ABB2}
    2012-06-26 19:12 - 2012-06-26 19:12 - 00059136 ____A C:\Users\Ivana\Desktop\Doom (2) (48000 Hz).mp3
    2012-06-26 16:05 - 2012-06-26 16:05 - 00018563 ____A C:\Users\Ivana\.recently-used.xbel
    2012-06-26 16:02 - 2012-06-26 16:02 - 00001276 ____A C:\Users\Ivana\Desktop\pkjp.txt
    2012-06-26 10:27 - 2012-06-26 10:27 - 00000000 ____D C:\Users\Ivana\AppData\Local\{05E95ED0-B361-46AF-8670-E409257F17E8}
    2012-06-25 16:23 - 2012-06-25 16:24 - 00000175 ____A C:\Users\Ivana\Desktop\Kaitou R sheets.txt
    2012-06-25 10:43 - 2012-06-25 10:43 - 00000000 ____D C:\Users\Ivana\AppData\Local\{23007D4A-7938-4BD3-9D4F-17EF5ACC580E}
    2012-06-24 10:45 - 2012-06-24 10:45 - 00000000 ____D C:\Users\Ivana\AppData\Local\{C8E8E48E-8E4F-48C1-BD54-55C10DFA418C}
    2012-06-23 22:44 - 2012-06-23 22:45 - 00000000 ____D C:\Users\Ivana\AppData\Local\{7214CC9D-F196-488E-8D09-A50209E412C6}
    2012-06-23 10:44 - 2012-06-26 10:27 - 00000000 ____D C:\Users\Ivana\AppData\Local\{708631C6-0727-4A3E-B45E-45A7C4867CB6}
    2012-06-22 11:35 - 2012-06-22 11:35 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-22 09:38 - 2012-06-22 09:38 - 00000000 ____D C:\Users\Ivana\AppData\Local\{C2C48BDD-827A-4238-996C-C9595583BC28}
    2012-06-22 09:38 - 2012-06-22 09:38 - 00000000 ____D C:\Users\Ivana\AppData\Local\{6C120788-9F69-4447-B9A2-E93432FC55DE}
    2012-06-21 18:09 - 2012-06-21 18:09 - 00000000 ____D C:\Users\Ivana\Documents\My Received Files
    2012-06-21 17:02 - 2012-06-27 16:35 - 00000000 ____D C:\Users\Ivana\Tracing
    2012-06-21 17:02 - 2012-06-21 17:03 - 00000000 ____D C:\Users\Ivana\AppData\Local\{BFEBE2A7-19C1-4F00-9B04-26F8C0D9B085}
    2012-06-21 17:02 - 2012-06-21 17:02 - 00000000 ____D C:\Users\Ivana\AppData\Local\{F8DDE8B3-92A0-468D-9B4D-827CC33C0CB7}
    2012-06-21 16:40 - 2012-06-23 10:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-06-21 15:19 - 2012-06-21 15:19 - 00000000 ____D C:\Users\Ivana\AppData\Local\FireAlpaca
    2012-06-21 14:58 - 2012-06-21 14:58 - 00000974 ____A C:\Users\Public\Desktop\FireAlpaca.lnk
    2012-06-21 14:58 - 2012-06-21 14:58 - 00000000 ____D C:\Program Files\FireAlpaca
    2012-06-21 09:26 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-21 09:26 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-21 09:26 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-21 09:26 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-21 09:25 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-21 09:25 - 2012-06-02 14:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-21 09:25 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-21 09:25 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-21 09:25 - 2012-06-02 14:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-18 12:18 - 2012-06-04 20:54 - 00000000 ____D C:\Users\Ivana\Desktop\Appsheets
    2012-06-16 11:26 - 2012-06-16 11:26 - 00000000 ____D C:\Program Files\Vectorian Inc
    2012-06-16 11:02 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-16 11:02 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-16 11:02 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-16 11:02 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-16 11:02 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-16 11:02 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-16 11:02 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-16 11:02 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-16 11:02 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-16 11:02 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-16 11:01 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-16 11:01 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-16 11:01 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-16 11:01 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 10:59 - 2012-04-23 08:00 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-14 10:59 - 2012-04-23 08:00 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-14 10:58 - 2012-05-15 11:51 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-14 10:58 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-14 10:58 - 2012-04-23 08:00 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 09:59 - 2012-06-27 14:24 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Skype
    2012-06-13 09:59 - 2012-06-13 09:59 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-06-13 09:59 - 2012-06-13 09:59 - 00000000 ____D C:\Program Files\Common Files\Skype
    2012-06-13 09:58 - 2012-06-13 09:59 - 00000000 ___RD C:\Program Files\Skype
    2012-06-13 09:58 - 2012-06-13 09:59 - 00000000 ____D C:\Users\All Users\Skype
    2012-06-13 09:13 - 2012-06-13 09:13 - 00000000 ____D C:\Users\Ivana\AppData\Local\Macromedia
    2012-06-12 13:06 - 2012-06-12 13:06 - 00000014 ____A C:\Users\Ivana\Desktop\yukarins friend code.txt
    2012-06-08 11:25 - 2012-06-08 16:14 - 2433958760 ____A (Nexon) C:\Users\Ivana\Desktop\DragonNestSetupV140.exe
    2012-06-04 17:03 - 2012-06-12 11:47 - 00000000 ____D C:\Users\Ivana\AppData\Local\Procaster
    2012-06-04 17:03 - 2012-06-06 09:54 - 00000900 ____A C:\Users\Public\Desktop\Livestream Procaster.lnk
    2012-06-04 17:03 - 2012-06-06 09:54 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
    2012-06-04 17:03 - 2012-06-06 09:54 - 00000000 ____D C:\Program Files\Livestream Procaster
    2012-06-04 11:31 - 2012-06-04 11:31 - 00000000 ____D C:\Users\Ivana\AppData\Local\Unity
    2012-05-29 10:51 - 2012-05-29 10:51 - 00000000 ____D C:\Users\Guest\Documents\Bluetooth Exchange Folder
    2012-05-29 10:51 - 2012-05-29 10:51 - 00000000 ____D C:\Users\Guest\Bluetooth Software
    2012-05-29 10:50 - 2012-06-27 14:39 - 00121328 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\Documents\Ask and Record Toolbar
    2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Wacom
    2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Real
    2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
    2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Local\FLVService
    2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Local\antiphishing-vmninternethelper1_1dn
    2012-05-29 10:48 - 2012-05-29 10:51 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
    2012-05-29 10:48 - 2012-05-29 10:48 - 00000000 ____D C:\Users\Guest\AppData\Roaming\WTablet
    2012-05-29 10:48 - 2012-05-29 10:48 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Sony Corporation
    2012-05-29 10:47 - 2012-05-29 10:51 - 00000000 ____D C:\users\Guest
    2012-05-29 10:47 - 2012-05-29 10:47 - 00000020 ___SH C:\Users\Guest\ntuser.ini
    2012-05-29 10:47 - 2010-01-04 18:32 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
    2012-05-29 10:47 - 2008-04-29 15:37 - 00000000 ____D C:\Users\Guest\AppData\Local\Microsoft Help
     
  7. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    ============ 3 Months Modified Files and Folders ===============
    2012-06-27 21:01 - 2012-06-27 21:01 - 00000000 ____D C:\FRST
    2012-06-27 19:55 - 2011-07-16 13:43 - 00000000 ____D C:\Program Files\Common Files\Akamai
    2012-06-27 19:55 - 2007-11-22 14:12 - 00001842 ____A C:\Windows\bthservsdp.dat
    2012-06-27 19:55 - 2006-11-02 05:01 - 00032646 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-06-27 19:55 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-06-27 19:54 - 2006-11-02 04:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-27 19:54 - 2006-11-02 04:47 - 00003296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-27 19:48 - 2012-06-27 19:23 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\ImgBurn
    2012-06-27 19:39 - 2012-06-27 19:22 - 126310400 ____A C:\Users\Ivana\Downloads\Vista_Recovery_Disc.iso
    2012-06-27 19:21 - 2012-06-27 19:21 - 00000000 ____D C:\Program Files\ImgBurn
    2012-06-27 19:12 - 2012-06-27 19:12 - 00003958 ____A C:\Windows\PFRO.log
    2012-06-27 19:12 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\IME
    2012-06-27 18:29 - 2012-06-27 18:17 - 00003478 ____A C:\Windows\WindowsUpdate.log
    2012-06-27 18:14 - 2010-02-04 21:39 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-27 17:54 - 2009-03-16 20:18 - 00001356 ____A C:\Users\Ivana\AppData\Local\d3d9caps.dat
    2012-06-27 17:51 - 2012-06-27 17:51 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Malwarebytes
    2012-06-27 17:51 - 2012-06-27 17:51 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-06-27 17:51 - 2012-06-27 17:51 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-06-27 16:42 - 2009-09-24 17:35 - 00279552 ____A (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-06-27 16:36 - 2009-09-17 20:15 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Winamp
    2012-06-27 16:36 - 2007-12-09 20:16 - 00000000 ___RD C:\Users\Ivana\Documents\Setups
    2012-06-27 16:35 - 2012-06-21 17:02 - 00000000 ____D C:\Users\Ivana\Tracing
    2012-06-27 16:35 - 2008-05-08 17:51 - 00000000 ____D C:\Windows\Minidump
    2012-06-27 14:49 - 2011-07-26 17:10 - 00000000 ____D C:\Users\Ivana\AppData\Local\PMB Files
    2012-06-27 14:45 - 2012-05-14 17:49 - 00000000 ____D C:\Users\All Users\Anti-phishing Domain Advisor
    2012-06-27 14:45 - 2008-04-19 16:26 - 00000000 ____D C:\users\Ivana
    2012-06-27 14:44 - 2012-03-08 17:47 - 00000000 __SHD C:\Users\Ivana\AppData\Local\{98089a1f-1d93-dc65-6426-c6b07349cac9}
    2012-06-27 14:39 - 2012-05-29 10:50 - 00121328 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-27 14:36 - 2012-04-21 16:30 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-27 14:24 - 2012-06-13 09:59 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Skype
    2012-06-27 14:08 - 2010-02-04 21:39 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-27 13:27 - 2012-06-27 13:26 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-06-27 13:27 - 2011-01-28 17:54 - 00001945 ____A C:\Windows\epplauncher.mif
    2012-06-27 13:26 - 2006-11-02 02:33 - 00713158 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-06-27 12:16 - 2009-03-25 14:55 - 00000868 ____A C:\Windows\Tasks\Google Software Updater.job
    2012-06-27 09:58 - 2012-06-27 09:57 - 00000000 ____D C:\Users\Ivana\AppData\Local\{EFFC308C-1641-44F8-91C9-9D1036730AD1}
    2012-06-27 09:58 - 2011-05-05 16:03 - 00000000 ____D C:\Users\Ivana\AppData\Local\Windows Live
    2012-06-27 09:57 - 2012-06-27 09:57 - 00000000 ____D C:\Users\Ivana\AppData\Local\{4335F55D-F831-46D6-87A2-E87E69A4ABB2}
    2012-06-26 19:12 - 2012-06-26 19:12 - 00059136 ____A C:\Users\Ivana\Desktop\Doom (2) (48000 Hz).mp3
    2012-06-26 16:05 - 2012-06-26 16:05 - 00018563 ____A C:\Users\Ivana\.recently-used.xbel
    2012-06-26 16:05 - 2008-11-30 19:33 - 00000000 ____D C:\Users\Ivana\.gimp-2.6
    2012-06-26 16:02 - 2012-06-26 16:02 - 00001276 ____A C:\Users\Ivana\Desktop\pkjp.txt
    2012-06-26 10:27 - 2012-06-26 10:27 - 00000000 ____D C:\Users\Ivana\AppData\Local\{05E95ED0-B361-46AF-8670-E409257F17E8}
    2012-06-26 10:27 - 2012-06-23 10:44 - 00000000 ____D C:\Users\Ivana\AppData\Local\{708631C6-0727-4A3E-B45E-45A7C4867CB6}
    2012-06-25 16:24 - 2012-06-25 16:23 - 00000175 ____A C:\Users\Ivana\Desktop\Kaitou R sheets.txt
    2012-06-25 10:43 - 2012-06-25 10:43 - 00000000 ____D C:\Users\Ivana\AppData\Local\{23007D4A-7938-4BD3-9D4F-17EF5ACC580E}
    2012-06-24 10:45 - 2012-06-24 10:45 - 00000000 ____D C:\Users\Ivana\AppData\Local\{C8E8E48E-8E4F-48C1-BD54-55C10DFA418C}
    2012-06-23 22:45 - 2012-06-23 22:44 - 00000000 ____D C:\Users\Ivana\AppData\Local\{7214CC9D-F196-488E-8D09-A50209E412C6}
    2012-06-23 11:35 - 2012-04-21 16:30 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
    2012-06-23 11:35 - 2011-05-25 13:53 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
    2012-06-23 10:38 - 2012-06-21 16:40 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2012-06-22 18:05 - 2008-11-30 20:04 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\gtk-2.0
    2012-06-22 11:35 - 2012-06-22 11:35 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-06-22 09:59 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
    2012-06-22 09:38 - 2012-06-22 09:38 - 00000000 ____D C:\Users\Ivana\AppData\Local\{C2C48BDD-827A-4238-996C-C9595583BC28}
    2012-06-22 09:38 - 2012-06-22 09:38 - 00000000 ____D C:\Users\Ivana\AppData\Local\{6C120788-9F69-4447-B9A2-E93432FC55DE}
    2012-06-21 18:09 - 2012-06-21 18:09 - 00000000 ____D C:\Users\Ivana\Documents\My Received Files
    2012-06-21 17:03 - 2012-06-21 17:02 - 00000000 ____D C:\Users\Ivana\AppData\Local\{BFEBE2A7-19C1-4F00-9B04-26F8C0D9B085}
    2012-06-21 17:02 - 2012-06-21 17:02 - 00000000 ____D C:\Users\Ivana\AppData\Local\{F8DDE8B3-92A0-468D-9B4D-827CC33C0CB7}
    2012-06-21 16:50 - 2009-11-04 17:45 - 00000000 ____D C:\Program Files\Windows Live
    2012-06-21 16:48 - 2006-11-02 03:18 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2012-06-21 15:19 - 2012-06-21 15:19 - 00000000 ____D C:\Users\Ivana\AppData\Local\FireAlpaca
    2012-06-21 14:58 - 2012-06-21 14:58 - 00000974 ____A C:\Users\Public\Desktop\FireAlpaca.lnk
    2012-06-21 14:58 - 2012-06-21 14:58 - 00000000 ____D C:\Program Files\FireAlpaca
    2012-06-21 10:32 - 2009-06-29 16:55 - 00000000 ____D C:\Users\Ivana\AppData\Local\FLVService
    2012-06-19 17:23 - 2011-10-26 17:05 - 00000000 ____D C:\Users\Ivana\AppData\Local\Akamai
    2012-06-16 22:10 - 2012-04-24 22:18 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2012-06-16 18:39 - 2008-04-19 18:27 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2012-06-16 16:23 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
    2012-06-16 16:16 - 2006-11-02 04:47 - 00668760 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-06-16 15:28 - 2011-05-26 10:55 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Audacity
    2012-06-16 15:04 - 2009-12-07 20:17 - 00000000 ____D C:\Users\Ivana\Documents\Any Video Converter
    2012-06-16 11:26 - 2012-06-16 11:26 - 00000000 ____D C:\Program Files\Vectorian Inc
    2012-06-16 11:11 - 2006-11-02 02:24 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2012-06-13 09:59 - 2012-06-13 09:59 - 00001878 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-06-13 09:59 - 2012-06-13 09:59 - 00000000 ____D C:\Program Files\Common Files\Skype
    2012-06-13 09:59 - 2012-06-13 09:58 - 00000000 ___RD C:\Program Files\Skype
    2012-06-13 09:59 - 2012-06-13 09:58 - 00000000 ____D C:\Users\All Users\Skype
    2012-06-13 09:14 - 2010-01-04 18:32 - 00000000 ____D C:\Program Files\Common Files\Adobe AIR
    2012-06-13 09:13 - 2012-06-13 09:13 - 00000000 ____D C:\Users\Ivana\AppData\Local\Macromedia
    2012-06-12 13:06 - 2012-06-12 13:06 - 00000014 ____A C:\Users\Ivana\Desktop\yukarins friend code.txt
    2012-06-12 11:47 - 2012-06-04 17:03 - 00000000 ____D C:\Users\Ivana\AppData\Local\Procaster
    2012-06-08 16:21 - 2011-07-27 10:07 - 00000175 ____A C:\Users\Public\Desktop\DragonNest.url
    2012-06-08 16:15 - 2008-11-28 17:30 - 00000000 ____D C:\Nexon
    2012-06-08 16:14 - 2012-06-08 11:25 - 2433958760 ____A (Nexon) C:\Users\Ivana\Desktop\DragonNestSetupV140.exe
    2012-06-06 09:54 - 2012-06-04 17:03 - 00000900 ____A C:\Users\Public\Desktop\Livestream Procaster.lnk
    2012-06-06 09:54 - 2012-06-04 17:03 - 00000000 __SHD C:\Windows\System32\AI_RecycleBin
    2012-06-06 09:54 - 2012-06-04 17:03 - 00000000 ____D C:\Program Files\Livestream Procaster
    2012-06-04 20:54 - 2012-06-18 12:18 - 00000000 ____D C:\Users\Ivana\Desktop\Appsheets
    2012-06-04 11:31 - 2012-06-04 11:31 - 00000000 ____D C:\Users\Ivana\AppData\Local\Unity
    2012-06-02 14:19 - 2012-06-21 09:26 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 09:26 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 09:26 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 09:25 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 09:25 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:19 - 2012-06-21 09:25 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:12 - 2012-06-21 09:26 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:12 - 2012-06-21 09:25 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:12 - 2012-06-21 09:25 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-05-31 16:49 - 2012-05-14 18:00 - 00000000 ____D C:\Users\Ivana\AppData\Local\Paint.NET
    2012-05-30 11:18 - 2008-04-23 16:03 - 00000000 ____D C:\Users\Ivana\AppData\Roaming\Corel
    2012-05-30 09:50 - 2008-04-19 16:26 - 00121328 ____A C:\Users\Ivana\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-29 11:07 - 2008-03-21 11:21 - 00000000 ____D C:\Users\All Users\Corel
    2012-05-29 11:07 - 2008-03-21 11:20 - 00000000 ____D C:\Program Files\Corel
    2012-05-29 10:51 - 2012-05-29 10:51 - 00000000 ____D C:\Users\Guest\Documents\Bluetooth Exchange Folder
    2012-05-29 10:51 - 2012-05-29 10:51 - 00000000 ____D C:\Users\Guest\Bluetooth Software
    2012-05-29 10:51 - 2012-05-29 10:48 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
    2012-05-29 10:51 - 2012-05-29 10:47 - 00000000 ____D C:\users\Guest
    2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\Documents\Ask and Record Toolbar
    2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Wacom
    2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Real
    2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
    2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Local\FLVService
    2012-05-29 10:50 - 2012-05-29 10:50 - 00000000 ____D C:\Users\Guest\AppData\Local\antiphishing-vmninternethelper1_1dn
    2012-05-29 10:48 - 2012-05-29 10:48 - 00000000 ____D C:\Users\Guest\AppData\Roaming\WTablet
    2012-05-29 10:48 - 2012-05-29 10:48 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Sony Corporation
    2012-05-29 10:47 - 2012-05-29 10:47 - 00000020 ___SH C:\Users\Guest\ntuser.ini
    2012-05-20 13:18 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
    2012-05-20 09:02 - 2008-03-21 11:16 - 00000000 ____D C:\Users\All Users\Microsoft Help
    2012-05-19 23:15 - 2006-11-02 02:23 - 00000240 ____A C:\Windows\win.ini
    2012-05-19 22:55 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
    2012-05-17 15:11 - 2012-06-16 11:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-05-17 14:48 - 2012-06-16 11:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-05-17 14:45 - 2012-06-16 11:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-05-17 14:36 - 2012-06-16 11:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-05-17 14:35 - 2012-06-16 11:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-05-17 14:35 - 2012-06-16 11:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-05-17 14:33 - 2012-06-16 11:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-05-17 14:31 - 2012-06-16 11:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-05-17 14:29 - 2012-06-16 11:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-05-17 14:29 - 2012-06-16 11:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-05-17 14:27 - 2012-06-16 11:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-05-17 14:25 - 2012-06-16 11:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-05-17 14:24 - 2012-06-16 11:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-05-17 14:20 - 2012-06-16 11:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-05-16 22:15 - 2012-05-16 22:15 - 00001701 ____A C:\Users\Public\Desktop\AIM.lnk
    2012-05-16 22:15 - 2009-10-12 21:19 - 00000000 ____D C:\Users\Ivana\AppData\Local\AIM
    2012-05-16 22:15 - 2008-03-21 11:00 - 00001110 ___AH C:\IPH.PH
    2012-05-16 22:14 - 2012-05-16 22:14 - 00000000 ____D C:\Program Files\Common Files\Software Update Utility
    2012-05-16 22:14 - 2009-10-13 18:09 - 00000000 ____D C:\Program Files\AIM
    2012-05-16 00:05 - 2008-10-26 11:33 - 00000000 ____D C:\Users\Ivana\Documents\DVDVideoSoft
    2012-05-15 17:14 - 2007-11-24 11:49 - 00000000 ____D C:\Users\Ivana\Desktop\Unused Desktop Shortcuts
    2012-05-15 15:34 - 2007-11-22 15:14 - 00000000 ____D C:\Program Files\Common Files\Java
    2012-05-15 15:32 - 2012-05-15 15:32 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
    2012-05-15 15:32 - 2012-05-15 15:32 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
    2012-05-15 15:32 - 2012-05-15 15:32 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
    2012-05-15 15:32 - 2012-05-15 15:32 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
    2012-05-15 15:32 - 2010-05-05 17:51 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
    2012-05-15 11:51 - 2012-06-14 10:58 - 02045440 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-05-14 18:04 - 2012-05-14 18:04 - 00000939 ____A C:\Users\Public\Desktop\Paint.NET.lnk
    2012-05-14 18:03 - 2012-05-14 18:01 - 00000000 ____D C:\Program Files\Paint.NET
    2012-05-14 17:49 - 2012-05-14 17:49 - 00000000 ____D C:\Users\Ivana\AppData\Local\antiphishing-vmninternethelper1_1dn
    2012-05-14 17:48 - 2008-04-19 19:06 - 00000000 ____D C:\Users\Ivana\AppData\Local\Google
    2012-05-14 17:44 - 2012-05-14 17:44 - 00809288 ____A (AirInstaller Inc.) C:\Users\Ivana\Downloads\setup.exe
    2012-05-01 06:03 - 2012-06-14 10:58 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-29 16:20 - 2012-04-29 16:20 - 00000000 ____D C:\Program Files\Kap.SATc
    2012-04-24 22:18 - 2012-04-24 22:18 - 00000000 ____D C:\Users\All Users\Mozilla
    2012-04-23 08:00 - 2012-06-14 10:59 - 00984064 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-23 08:00 - 2012-06-14 10:59 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-23 08:00 - 2012-06-14 10:58 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-22 00:30 - 2012-03-12 21:59 - 00000000 ____D C:\Users\Ivana\Documents\THOCC Concept Contest
    2012-04-07 00:43 - 2012-04-07 00:43 - 00000684 ____A C:\Users\Ivana\Desktop\dark pit.txt
    2012-04-04 14:56 - 2012-06-27 17:51 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-04-04 01:53 - 2012-04-04 01:53 - 00001978 ____A C:\Users\Ivana\Desktop\redo question.txt
    2012-04-04 01:12 - 2012-03-16 04:38 - 00002450 ____A C:\Users\Ivana\Desktop\description.txt
    2012-04-04 01:08 - 2012-03-25 23:24 - 00002108 ____A C:\Users\Ivana\Desktop\commissions.txt
    2012-04-04 00:52 - 2012-04-04 00:52 - 00001021 ____A C:\Users\Ivana\Desktop\concepts.txt
    2012-04-03 00:16 - 2012-05-14 15:47 - 03602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2012-04-03 00:16 - 2012-05-14 15:47 - 03550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-03-31 21:02 - 2012-03-31 21:02 - 00008986 ____A C:\Users\Ivana\Desktop\BannedStory_Project.bsproj
    2012-03-31 20:59 - 2012-03-31 20:59 - 06688541 ____A C:\Users\Ivana\Desktop\BannedStory_SpriteSheet.zip
    2012-03-30 04:39 - 2012-05-14 16:08 - 00914304 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    ZeroAccess:
    C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}
    C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\@
    C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\L
    C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\n
    C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U
    C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U\00000001.@
    C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U\80000000.@
    C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U\800000cb.@
    ZeroAccess:
    C:\Users\Ivana\AppData\Local\{98089a1f-1d93-dc65-6426-c6b07349cac9}
    C:\Users\Ivana\AppData\Local\{98089a1f-1d93-dc65-6426-c6b07349cac9}\@
    C:\Users\Ivana\AppData\Local\{98089a1f-1d93-dc65-6426-c6b07349cac9}\L
    C:\Users\Ivana\AppData\Local\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U
     
  8. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 8737764F4FD36D6808EE80578409C843 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 20%
    Total physical RAM: 2037.81 MB
    Available physical RAM: 1616.5 MB
    Total Pagefile: 1853.88 MB
    Available Pagefile: 1689.61 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1983.72 MB
    ======================= Partitions =========================
    1 Drive c: (Vista) (Fixed) (Total:224.8 GB) (Free:118.36 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF
    3 Drive e: (Recovery) (Fixed) (Total:8.09 GB) (Free:0.83 GB) NTFS
    4 Drive f: () (Removable) (Total:3.72 GB) (Free:2.61 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 233 GB 993 KB
    Disk 1 Online 3815 MB 0 B
    Partitions of Disk 0:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 8 GB 1024 KB
    Partition 2 Primary 225 GB 8 GB
    ======================================================================================================
    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Recovery NTFS Partition 8 GB Healthy Hidden
    ======================================================================================================
    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 0 C Vista NTFS Partition 225 GB Healthy
    ======================================================================================================
    Partitions of Disk 1:
    ===============
    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 3815 MB 8 KB
    ======================================================================================================
    Disk: 1
    Partition 1
    Type : 0B
    Hidden: No
    Active: No
    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 F FAT32 Removable 3815 MB Healthy
    ======================================================================================================
    ==========================================================
    Last Boot: 2012-06-27 19:28
    ======================= End Of Log ==========================
     
  9. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Good job :)

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
     
  10. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    I assume one of these results is the copy made by the virus?
    --

    Farbar Recovery Scan Tool Version: 20-06-2012 01
    Ran by SYSTEM at 2012-06-27 23:10:28
    Running from F:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
    [2009-09-24 17:35] - [2009-04-10 22:27] - 0279552 ____A (Microsoft Corporation) D4E6D91C1349B7BFB3599A6ADA56851B
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2008-05-21 14:54] - [2008-01-18 23:33] - 0279040 ____A (Microsoft Corporation) 2B336AB6286D6C81FA02CBAB914E3C6C
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6000.16386_none_cd28fe6bd05df036\services.exe
    [2006-11-02 00:35] - [2006-11-02 01:45] - 0279552 ____A (Microsoft Corporation) 329CF3C97CE4C19375C8ABCABAE258B0
    C:\Windows\System32\services.exe
    [2009-09-24 17:35] - [2012-06-27 21:52] - 0279552 ____A (Microsoft Corporation) 8737764F4FD36D6808EE80578409C843
    === End Of Search ===
     
  11. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    See if you can boot normally.

    If so...

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

     
  12. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-06-2012 01
    Ran by SYSTEM at 2012-06-28 18:07:33 Run:1
    Running from F:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    jbedpbxqwyridrvi service deleted successfully.
    yqmpixviuxhltppx service deleted successfully.
    C:\Windows\Installer\{98089a1f-1d93-dc65-6426-c6b07349cac9} moved successfully.
    C:\Users\Ivana\AppData\Local\{98089a1f-1d93-dc65-6426-c6b07349cac9} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
     
  13. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    ComboFix 12-06-28.03 - Ivana 8/2012 Thu 18:31:42.1.2 - x86
    Running from: c:\users\Ivana\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-29 01:49 . 2012-06-29 01:56 -------- d-----w- c:\users\Ivana\AppData\Local\temp
    2012-06-29 01:49 . 2012-06-29 01:49 -------- d-----w- c:\users\Guest\AppData\Local\temp
    2012-06-29 01:49 . 2012-06-29 01:49 -------- d-----w- c:\users\Eric Yu\AppData\Local\temp
    2012-06-29 01:49 . 2012-06-29 01:49 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-06-28 05:01 . 2012-06-28 05:02 -------- d-----w- C:\FRST
    2012-06-28 03:23 . 2012-06-28 03:48 -------- d-----w- c:\users\Ivana\AppData\Roaming\ImgBurn
    2012-06-28 03:21 . 2012-06-28 03:21 -------- d-----w- c:\program files\ImgBurn
    2012-06-28 01:51 . 2012-06-28 01:51 -------- d-----w- c:\users\Ivana\AppData\Roaming\Malwarebytes
    2012-06-28 01:51 . 2012-06-28 01:51 -------- d-----w- c:\programdata\Malwarebytes
    2012-06-28 01:51 . 2012-04-04 22:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-28 01:51 . 2012-06-28 01:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-06-27 21:58 . 2012-06-27 21:50 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{15483DB3-D715-41E5-8DC6-8A52D0812E94}\gapaengine.dll
    2012-06-27 21:52 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2DEB424-E6DF-4F73-9E69-6A2C2917716D}\mpengine.dll
    2012-06-27 21:26 . 2012-06-27 21:27 -------- d-----w- c:\program files\Microsoft Security Client
    2012-06-22 19:35 . 2012-06-22 19:35 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-06-22 01:02 . 2012-06-29 01:13 -------- d-----w- c:\users\Ivana\Tracing
    2012-06-22 00:55 . 2012-06-22 00:55 -------- d-----w- c:\windows\en
    2012-06-22 00:48 . 2012-06-22 00:48 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-22 00:40 . 2012-06-23 18:38 -------- d-----w- c:\program files\Microsoft Silverlight
    2012-06-22 00:38 . 2012-06-22 00:38 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\57f35a391cd500f03\DXSETUP.exe
    2012-06-22 00:38 . 2012-06-22 00:38 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\57f35a391cd500f03\dsetup32.dll
    2012-06-22 00:38 . 2012-06-22 00:38 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\57f35a391cd500f03\DSETUP.dll
    2012-06-22 00:38 . 2012-06-22 00:38 6260088 ----a-w- c:\program files\Common Files\Windows Live\.cache\4d6e2d191cd500f02\Silverlight.4.0.exe
    2012-06-21 23:19 . 2012-06-21 23:19 -------- d-----w- c:\users\Ivana\AppData\Local\FireAlpaca
    2012-06-21 22:58 . 2012-06-21 22:58 -------- d-----w- c:\program files\FireAlpaca
    2012-06-16 19:26 . 2012-06-16 19:26 -------- d-----w- c:\program files\Vectorian Inc
    2012-06-16 19:02 . 2012-05-17 22:24 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-16 19:02 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2012-06-16 19:02 . 2012-05-17 22:31 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
    2012-06-16 19:02 . 2012-05-17 22:31 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
    2012-06-16 19:02 . 2012-05-17 22:29 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-16 19:02 . 2012-05-17 23:21 748664 ----a-w- c:\program files\Internet Explorer\iexplore.exe
    2012-06-16 19:02 . 2012-05-17 22:45 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-16 19:01 . 2012-05-17 22:38 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
    2012-06-16 19:01 . 2012-05-17 22:37 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
    2012-06-16 19:01 . 2012-05-17 22:35 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-14 18:59 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-14 18:59 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-14 18:58 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-14 18:58 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 17:59 . 2012-06-27 22:24 -------- d-----w- c:\users\Ivana\AppData\Roaming\Skype
    2012-06-13 17:59 . 2012-06-13 17:59 -------- d-----w- c:\program files\Common Files\Skype
    2012-06-13 17:58 . 2012-06-13 17:59 -------- d-----r- c:\program files\Skype
    2012-06-13 17:58 . 2012-06-13 17:59 -------- d-----w- c:\programdata\Skype
    2012-06-13 17:13 . 2012-06-13 17:13 -------- d-----w- c:\users\Ivana\AppData\Local\Macromedia
    2012-06-06 17:53 . 2012-06-06 17:53 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    2012-06-06 17:53 . 2012-06-06 17:53 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2012-06-05 01:03 . 2012-06-06 17:54 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
    2012-06-05 01:03 . 2012-06-12 19:47 -------- d-----w- c:\users\Ivana\AppData\Local\Procaster
    2012-06-05 01:03 . 2012-06-06 17:54 -------- d-----w- c:\program files\Livestream Procaster
    2012-06-04 19:31 . 2012-06-04 19:31 -------- d-----w- c:\users\Ivana\AppData\Local\Unity
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-23 19:35 . 2012-04-22 00:30 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-06-23 19:35 . 2011-05-25 21:53 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-06-02 22:19 . 2012-06-21 17:25 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-21 17:26 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 17:26 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 17:25 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 17:25 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 17:26 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-21 17:26 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-21 17:25 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:12 . 2012-06-21 17:25 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-05-17 22:35 . 2012-06-16 19:02 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-05-15 23:32 . 2012-05-15 23:32 476960 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-05-15 23:32 . 2010-05-06 01:51 472864 ----a-w- c:\windows\system32\deployJava1.dll
    2012-05-15 19:51 . 2012-06-14 18:58 2045440 ----a-w- c:\windows\system32\win32k.sys
    2012-04-03 08:16 . 2012-05-14 23:47 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-03 08:16 . 2012-05-14 23:47 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-17 02:39 . 2011-03-24 01:17 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-09-29 06:44 1400712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
    @="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
    [HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
    2007-12-01 00:06 303104 ------w- c:\ddi\OverIcon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
    @="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
    [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
    2008-11-29 00:00 73728 ----a-w- c:\users\Ivana\AppData\Local\Sony Corporation\VirtualExpander\VEShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-20 68856]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-07-27 3077528]
    "Akamai NetSession Interface"="c:\users\Ivana\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-08 4423680]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 137752]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
    "VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
    "VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
    "VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
    "VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-13 45056]
    "VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
    "TP CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe" [2007-02-08 820872]
    "Skytel"="Skytel.exe" [2007-04-08 1822720]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-20 68592]
    "Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-24 202256]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
    "BambooCore"="c:\program files\Bamboo Dock\BambooCore.exe" [2011-09-30 646232]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-07-29 217256]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 931200]
    .
    c:\users\Ivana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    VirtualExpander.lnk - c:\users\Ivana\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe [2008-4-29 474808]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AOL DDI.lnk - c:\ddi\AOLICON.exe [N/A]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintServer Diagnostic]
    2004-11-25 00:09 266240 ----a-w- c:\program files\Print Server\PTP\PSDiagnostic.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
    2008-01-05 03:56 5367664 ----a-w- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2007-03-10 01:58 835584 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 19:35]
    .
    2012-06-27 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-20 18:19]
    .
    2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:39]
    .
    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 05:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://sbc.yahoo.com/dsl
    uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2....barsearch.jhtml&st=sb&searchfor={searchTerms}
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.serebii.net/index2.shtml
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-NPSStartup - (no file)
    HKLM-Run-PRISMSVR.EXE - c:\windows\system32\PRISMSVR.EXE
    AddRemove-_{53A908D4-99C6-469B-BC13-F4189F260742} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {53A908D4-99C6-469B-BC13-F4189F260742}
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-06-28 18:58
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Akamai]
    "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{90222687-F593-4738-B738-FBEE9C7B26DF}"=hex:51,66,7a,6c,4c,1d,38,12,e9,25,31,
    94,a1,bb,56,02,c8,2e,b8,ae,99,25,62,cb
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
    d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
    02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
    "{11111111-1111-1111-1111-110011221158}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
    15,23,5f,7f,54,6e,07,52,40,14,7c,55,4c
    "{1E8A6170-7264-4D0F-BEAE-D42A53123C75}"=hex:51,66,7a,6c,4c,1d,38,12,1e,62,99,
    1a,56,3c,61,08,c1,b8,97,6a,56,4c,78,61
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:e5,7f,ee,10,b9,50,cd,01
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5656)
    c:\ddi\overicon.dll
    c:\users\Ivana\AppData\Local\Sony Corporation\VirtualExpander\VEShellExt.dll
    c:\windows\system32\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\Tablet\Pen\Pen_TouchService.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\program files\Common Files\microsoft shared\ink\TabTip.exe
    c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
    c:\windows\system32\PSIService.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files\Tablet\Pen\Pen_Tablet.exe
    c:\program files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
    c:\program files\Sony\VAIO Event Service\VESMgr.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    c:\program files\Viewpoint\Common\ViewpointService.exe
    c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
    c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\igfxext.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\WUDFHost.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    c:\windows\SYSTEM32\WISPTIS.EXE
    c:\program files\Common Files\microsoft shared\ink\TabTip.exe
    c:\program files\Tablet\Pen\Pen_TouchUser.exe
    c:\program files\Sony\VAIO Power Management\SPMgr.exe
    c:\program files\Tablet\Pen\Pen_TabletUser.exe
    c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe
    c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
    c:\program files\Tablet\Pen\Pen_Tablet.exe
    c:\windows\system32\conime.exe
    c:\program files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Microsoft Security Client\MpCmdRun.exe
    c:\program files\Microsoft Security Client\MpCmdRun.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-28 19:07:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-29 02:07
    .
    Pre-Run: 133,691,404,288 bytes free
    Post-Run: 133,656,760,320 bytes free
    .
    - - End Of File - - D8F55FAC047D6E9CE971AD8BA03965DE
     
  14. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Looks good :)

    Any current issues?

    =================================================

    Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===============================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  15. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    Everything is working well so far. My OS and WSE are loading properly. MBAM detected a couple of things, but neither is Sirefef. :D
    I'll restart and do the OTL scan now.
    --

    Malwarebytes Anti-Malware 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.06.28.02
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Ivana :: EVERGREEN [administrator]
    6/28/2012 7:22:27 PM
    mbam-log-2012-06-28 (19-22-27).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 262137
    Time elapsed: 29 minute(s), 59 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 2
    HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Quarantined and deleted successfully.
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
     
  16. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    OTL logfile created on: 6/28/2012 8:08:54 PM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Ivana\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.24% Memory free
    4.21 Gb Paging File | 3.04 Gb Available in Paging File | 72.17% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 224.80 Gb Total Space | 124.25 Gb Free Space | 55.27% Space Free | Partition Type: NTFS

    Computer Name: EVERGREEN | User Name: Ivana | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/28 19:21:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ivana\Desktop\OTL.exe
    PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Ivana\AppData\Local\Akamai\netsession_win.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2011/09/30 16:33:24 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
    PRC - [2011/09/08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    PRC - [2011/09/08 17:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    PRC - [2011/09/08 17:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    PRC - [2011/09/08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    PRC - [2011/07/29 13:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
    PRC - [2011/07/26 18:10:20 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
    PRC - [2010/08/31 23:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/09 18:29:41 | 000,156,672 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
    PRC - [2008/01/04 20:56:52 | 003,572,592 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    PRC - [2007/10/31 14:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    PRC - [2007/10/31 09:40:08 | 000,125,440 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
    PRC - [2007/10/30 12:04:08 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2007/10/30 12:04:08 | 000,748,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2007/10/12 17:29:56 | 000,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
    PRC - [2007/09/20 11:05:10 | 000,550,776 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    PRC - [2007/09/19 12:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    PRC - [2007/09/06 16:38:24 | 000,053,248 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe
    PRC - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    PRC - [2007/08/28 17:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    PRC - [2007/08/28 17:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    PRC - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2007/08/14 21:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2007/06/28 09:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2007/06/15 12:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
    PRC - [2007/03/05 13:27:32 | 000,474,808 | ---- | M] (Sony Corporation) -- C:\Users\Ivana\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe
    PRC - [2007/01/09 21:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/16 17:18:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
    MOD - [2012/06/16 17:18:10 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
    MOD - [2012/05/20 14:25:33 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
    MOD - [2012/05/20 14:25:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
    MOD - [2011/09/30 16:33:24 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
    MOD - [2011/09/08 17:48:36 | 000,962,936 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll
    MOD - [2011/07/26 18:10:20 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
    MOD - [2010/08/31 23:39:28 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2010/08/31 23:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2007/10/30 11:57:58 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2007/10/30 11:44:52 | 000,393,216 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
    MOD - [2007/09/19 17:04:28 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/06/23 12:35:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/16 19:39:25 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/05/22 20:14:49 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2011/09/08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
    SRV - [2011/09/08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
    SRV - [2008/03/21 12:31:46 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2008/01/04 20:56:52 | 003,572,592 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
    SRV - [2007/10/31 09:40:08 | 000,125,440 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2007/09/28 22:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV - [2007/09/23 11:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
    SRV - [2007/09/20 19:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
    SRV - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
    SRV - [2007/08/28 17:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
    SRV - [2007/08/28 17:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2007/08/09 00:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
    SRV - [2007/08/09 00:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
    SRV - [2007/08/09 00:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
    SRV - [2007/08/09 00:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
    SRV - [2007/08/09 00:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
    SRV - [2007/06/28 09:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2007/06/28 09:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
    SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2007/01/31 13:11:42 | 002,975,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2007/01/12 19:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
    SRV - [2007/01/10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
    SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2011/12/19 21:19:38 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf001.sys -- (apf001)
    DRV - [2010/10/11 12:19:36 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV - [2010/10/11 12:19:28 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV - [2010/10/11 12:19:26 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
    DRV - [2009/05/13 11:41:02 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
    DRV - [2009/05/13 11:41:02 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
    DRV - [2009/05/13 11:41:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
    DRV - [2008/05/08 18:05:36 | 000,026,112 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD)
    DRV - [2008/05/01 08:11:45 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
    DRV - [2008/03/21 12:33:39 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
    DRV - [2008/01/04 20:34:34 | 000,163,696 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (SSIDRV)
    DRV - [2008/01/04 20:34:34 | 000,021,872 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (SSHRMD)
    DRV - [2008/01/04 20:34:34 | 000,020,336 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SSFS0BB9.sys -- (SSFS0BB9)
    DRV - [2007/11/15 17:29:22 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
    DRV - [2007/10/29 19:30:30 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV - [2007/10/16 17:01:59 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
    DRV - [2007/10/16 17:01:59 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
    DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
    DRV - [2007/09/19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
    DRV - [2007/09/04 17:02:46 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/09/04 17:02:11 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2007/08/28 18:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2007/05/26 01:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2007/05/15 01:00:00 | 000,852,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070515.033\NAVEX15.SYS -- (NAVEX15)
    DRV - [2007/05/15 01:00:00 | 000,077,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070515.033\NAVENG.SYS -- (NAVENG)
    DRV - [2007/02/01 02:21:02 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
    DRV - [2007/01/11 18:22:20 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
    DRV - [2007/01/11 18:22:18 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
    DRV - [2007/01/11 18:22:14 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
    DRV - [2007/01/09 14:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
    DRV - [2007/01/09 14:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
    DRV - [2006/12/27 22:48:26 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys -- (IDSvix86)
    DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
    DRV - [2001/05/07 03:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{3B0B8EFF-3619-4856-A1EA-F5B3DAF4B5EA}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7;
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_.../barsearch.jhtml&st=sb&searchfor={searchTerms}
    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\SearchScopes\{28F4A32B-116F-48fd-B4CE-4273852BB730}: "URL" = http://search.gphotoshow-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\SearchScopes\{3B0B8EFF-3619-4856-A1EA-F5B3DAF4B5EA}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7;
    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en
    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\SearchScopes\{A5566DA7-69CA-43C1-AE1C-458F2F1BD036}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.serebii.net/index2.shtml"
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.99999
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ivana\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Users\Ivana\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll (Yahoo! Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 19:39:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/15 16:32:45 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 19:39:26 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/15 16:32:45 | 000,000,000 | ---D | M]

    [2008/06/17 20:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Extensions
    [2012/06/27 11:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions
    [2010/04/27 15:39:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/06/20 17:42:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2012/06/27 11:28:59 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions\crossriderapp2258@crossrider.com
    [2011/03/11 18:50:51 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions\personas@christopher.beard
    [2008/08/23 12:08:00 | 000,002,109 | ---- | M] () -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\searchplugins\youtube-video-search.xml
    [2012/06/06 10:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/06/20 11:15:56 | 000,459,683 | ---- | M] () (No name found) -- C:\USERS\IVANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9MK8YXVA.DEFAULT\EXTENSIONS\NICOFOX@LITTLEBTC.XPI
    [2012/06/16 19:39:26 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
    [2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
    [2012/03/15 01:29:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/03/15 01:29:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    O1 HOSTS File: ([2012/06/28 18:56:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\Toolbar\WebBrowser: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
    O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
    O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [TP CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe (Symantec Corporation)
    O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
    O4 - HKLM..\Run: [VAIO Help and Support Demo] C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe ()
    O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
    O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
    O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
    O4 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001..\Run: [Akamai NetSession Interface] C:\Users\Ivana\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
    O4 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
    O4 - Startup: C:\Users\Ivana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtualExpander.lnk = C:\Users\Ivana\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe (Sony Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
    O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabinogi.com:88/renderer/mabiweb.2009.4.9.cab (MabinogiWebAvatarRenderer Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABE3899E-4A54-402C-9350-879195F38C10}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E75B49DA-A45C-4BE5-ADB6-6407114BCFE2}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Users\Ivana\Pictures\shrine.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Ivana\Pictures\shrine.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\...com [@ = ComFile] -- Reg Error: Key error. File not found
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.CSCD - C:\Windows\System32\camcodec.dll (RenderSoft Software)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.dvsd - C:\Windows\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.mp42 - mpg4c32.dll File not found
    Drivers32: vidc.mp43 - mpg4c32.dll File not found
    Drivers32: vidc.mpg4 - mpg4c32.dll File not found
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
  17. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/28 19:21:21 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Ivana\Desktop\OTL.exe
    [2012/06/28 19:07:33 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\temp
    [2012/06/28 19:06:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/28 18:26:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/28 18:26:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/28 18:26:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/28 18:26:35 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/06/28 18:26:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/28 18:20:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/28 18:16:08 | 004,566,027 | R--- | C] (Swearware) -- C:\Users\Ivana\Desktop\ComboFix.exe
    [2012/06/28 18:14:49 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{E50FE989-A0F1-437A-9675-C31A45D47BA0}
    [2012/06/28 18:14:34 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{AC8CEADA-6384-430C-8970-4314DF14E92B}
    [2012/06/27 22:01:11 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/27 20:23:52 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Roaming\ImgBurn
    [2012/06/27 20:21:40 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
    [2012/06/27 20:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
    [2012/06/27 18:51:59 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Roaming\Malwarebytes
    [2012/06/27 18:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/27 18:51:54 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/06/27 18:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/27 18:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/06/27 14:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/27 14:21:11 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/06/27 10:57:51 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{EFFC308C-1641-44F8-91C9-9D1036730AD1}
    [2012/06/27 10:57:18 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{4335F55D-F831-46D6-87A2-E87E69A4ABB2}
    [2012/06/26 11:27:34 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{05E95ED0-B361-46AF-8670-E409257F17E8}
    [2012/06/25 11:43:18 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{23007D4A-7938-4BD3-9D4F-17EF5ACC580E}
    [2012/06/24 11:45:21 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{C8E8E48E-8E4F-48C1-BD54-55C10DFA418C}
    [2012/06/23 23:44:53 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{7214CC9D-F196-488E-8D09-A50209E412C6}
    [2012/06/23 11:44:43 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{708631C6-0727-4A3E-B45E-45A7C4867CB6}
    [2012/06/22 12:35:41 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/06/22 10:38:20 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{C2C48BDD-827A-4238-996C-C9595583BC28}
    [2012/06/22 10:38:05 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{6C120788-9F69-4447-B9A2-E93432FC55DE}
    [2012/06/21 19:09:36 | 000,000,000 | ---D | C] -- C:\Users\Ivana\Documents\My Received Files
    [2012/06/21 18:02:45 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{BFEBE2A7-19C1-4F00-9B04-26F8C0D9B085}
    [2012/06/21 18:02:33 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{F8DDE8B3-92A0-468D-9B4D-827CC33C0CB7}
    [2012/06/21 18:02:13 | 000,000,000 | ---D | C] -- C:\Users\Ivana\Tracing
    [2012/06/21 17:55:54 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2012/06/21 17:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    [2012/06/21 17:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2012/06/21 16:19:20 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\FireAlpaca
    [2012/06/21 15:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireAlpaca
    [2012/06/21 15:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\FireAlpaca
    [2012/06/18 13:18:06 | 000,000,000 | ---D | C] -- C:\Users\Ivana\Desktop\Appsheets
    [2012/06/16 12:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorian Giotto
    [2012/06/16 12:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Vectorian Inc
    [2012/06/13 10:59:17 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Roaming\Skype
    [2012/06/13 10:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2012/06/13 10:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
    [2012/06/13 10:58:57 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
    [2012/06/13 10:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
    [2012/06/13 10:13:18 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\Macromedia
    [2012/06/08 12:25:23 | 2433,958,760 | ---- | C] (Nexon) -- C:\Users\Ivana\Desktop\DragonNestSetupV140.exe
    [2012/06/04 18:03:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
    [2012/06/04 18:03:39 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\Procaster
    [2012/06/04 18:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livestream Procaster
    [2012/06/04 18:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Livestream Procaster
    [2012/06/04 12:31:36 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\Unity
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/06/28 20:08:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/28 20:04:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/28 20:01:49 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/28 20:01:48 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/28 20:01:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/28 20:01:23 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/28 19:59:55 | 000,001,842 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/06/28 19:35:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/28 19:21:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ivana\Desktop\OTL.exe
    [2012/06/28 18:56:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/06/28 18:16:15 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\Ivana\Desktop\ComboFix.exe
    [2012/06/27 18:54:32 | 000,001,356 | ---- | M] () -- C:\Users\Ivana\AppData\Local\d3d9caps.dat
    [2012/06/27 14:27:41 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/27 14:26:58 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/06/27 14:26:58 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/06/27 13:16:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/06/26 20:12:29 | 000,059,136 | ---- | M] () -- C:\Users\Ivana\Desktop\Doom (2) (48000 Hz).mp3
    [2012/06/26 17:05:08 | 000,215,247 | ---- | M] () -- C:\Users\Ivana\Desktop\Photo0569.jpg
    [2012/06/26 17:05:08 | 000,018,563 | ---- | M] () -- C:\Users\Ivana\.recently-used.xbel
    [2012/06/26 16:44:14 | 001,233,629 | ---- | M] () -- C:\Users\Ivana\Desktop\forest_path_anime_background_by_wbd-d3l83r9.jpg
    [2012/06/26 15:09:27 | 000,474,129 | ---- | M] () -- C:\Users\Ivana\Desktop\Anime_Style_Beach_Background_by_wbd.jpg
    [2012/06/21 15:58:25 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\FireAlpaca.lnk
    [2012/06/17 15:41:39 | 000,030,835 | ---- | M] () -- C:\Users\Ivana\Desktop\5565eefb8ec44845_1338622384.jpg
    [2012/06/17 15:19:08 | 000,131,068 | ---- | M] () -- C:\Users\Ivana\Desktop\27890042_p10.jpg
    [2012/06/16 17:16:20 | 000,668,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/06/13 10:59:02 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/06/08 17:21:14 | 000,000,175 | ---- | M] () -- C:\Users\Public\Desktop\DragonNest.url
    [2012/06/08 17:14:00 | 2433,958,760 | ---- | M] (Nexon) -- C:\Users\Ivana\Desktop\DragonNestSetupV140.exe
    [2012/06/06 10:54:11 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/06/28 18:26:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/28 18:26:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/28 18:26:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/28 18:26:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/28 18:26:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/28 18:09:20 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
    [2012/06/27 20:21:40 | 000,001,685 | ---- | C] () -- C:\Users\Ivana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
    [2012/06/27 14:27:08 | 000,001,831 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/26 22:01:55 | 000,215,247 | ---- | C] () -- C:\Users\Ivana\Desktop\Photo0569.jpg
    [2012/06/26 20:12:25 | 000,059,136 | ---- | C] () -- C:\Users\Ivana\Desktop\Doom (2) (48000 Hz).mp3
    [2012/06/26 17:05:08 | 000,018,563 | ---- | C] () -- C:\Users\Ivana\.recently-used.xbel
    [2012/06/26 16:43:53 | 001,233,629 | ---- | C] () -- C:\Users\Ivana\Desktop\forest_path_anime_background_by_wbd-d3l83r9.jpg
    [2012/06/26 15:08:48 | 000,474,129 | ---- | C] () -- C:\Users\Ivana\Desktop\Anime_Style_Beach_Background_by_wbd.jpg
    [2012/06/21 17:50:56 | 000,002,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2012/06/21 15:58:25 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\FireAlpaca.lnk
    [2012/06/17 15:41:37 | 000,030,835 | ---- | C] () -- C:\Users\Ivana\Desktop\5565eefb8ec44845_1338622384.jpg
    [2012/06/17 15:18:52 | 000,131,068 | ---- | C] () -- C:\Users\Ivana\Desktop\27890042_p10.jpg
    [2012/06/13 10:59:02 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
    [2012/06/04 18:03:43 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
    [2011/12/19 21:19:38 | 000,012,920 | ---- | C] () -- C:\Windows\System32\apl001.sys
    [2011/12/19 21:19:38 | 000,010,872 | ---- | C] () -- C:\Windows\System32\apf001.sys
    [2011/09/08 18:34:17 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
    [2011/08/20 14:04:10 | 000,004,296 | ---- | C] () -- C:\Windows\checkip.dat
    [2010/11/20 23:26:16 | 000,000,067 | ---- | C] () -- C:\Windows\Star Video Converter.INI
    [2009/11/15 16:35:54 | 000,002,292 | ---- | C] () -- C:\Users\Ivana\AppData\Roaming\ASSDraw3.cfg
    [2009/03/16 21:18:16 | 000,001,356 | ---- | C] () -- C:\Users\Ivana\AppData\Local\d3d9caps.dat
    [2008/05/16 18:29:41 | 000,032,256 | ---- | C] () -- C:\Users\Ivana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/04/27 18:48:27 | 000,000,552 | ---- | C] () -- C:\Users\Ivana\AppData\Local\d3d8caps.dat
    [2008/04/19 17:26:05 | 000,001,232 | RHS- | C] () -- C:\Users\Ivana\ntuser.pol

    ========== LOP Check ==========

    [2012/05/29 11:50:07 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Wacom
    [2008/06/17 20:54:12 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\acccore
    [2010/11/19 18:13:14 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Aegisub
    [2009/12/07 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\AnvSoft
    [2012/06/16 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Audacity
    [2009/11/15 17:38:09 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\avidemux
    [2011/11/13 14:29:00 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Design Science
    [2012/06/22 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\gtk-2.0
    [2012/06/27 20:48:49 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\ImgBurn
    [2008/05/08 18:05:33 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\NCH Swift Sound
    [2010/04/10 18:47:35 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\NetMedia Providers
    [2008/04/30 00:46:01 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Nexon
    [2010/02/07 16:58:57 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Publish Providers
    [2010/06/21 15:29:18 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Sakura
    [2010/09/25 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Samsung
    [2011/08/15 14:16:04 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\ShanghaiAlice
    [2010/04/10 18:46:38 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Sony
    [2010/09/14 20:31:50 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\SYSTEMAX Software Development
    [2011/12/20 15:39:08 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\SystemRequirementsLab
    [2010/07/24 14:01:27 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Titanium
    [2011/06/08 10:19:10 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Wacom
    [2011/06/08 10:19:12 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
    [2010/11/20 17:03:57 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\WinFF
    [2012/06/28 20:00:08 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2010/02/11 16:43:20 | 000,001,256 | ---- | M] () -- C:\Ask & Record Toolbar Setup Log.txt
    [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2007/11/22 12:59:39 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012/06/28 19:07:30 | 000,022,911 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2012/06/28 20:01:23 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
    [2008/04/23 15:52:02 | 000,000,164 | ---- | M] () -- C:\install.dat
    [2007/11/07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2008/05/08 17:55:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2012/05/16 23:15:07 | 000,001,110 | -H-- | M] () -- C:\IPH.PH
    [2008/05/08 17:55:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/03/01 21:27:39 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
    [2011/03/01 21:27:39 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
    [2011/03/01 21:27:39 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
    [2011/03/01 21:27:41 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{230467fa-447b-11e0-b9f4-001e3d888441}.TM.blf
    [2011/03/01 21:27:40 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{230467fa-447b-11e0-b9f4-001e3d888441}.TMContainer00000000000000000001.regtrans-ms
    [2011/03/01 21:27:40 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{230467fa-447b-11e0-b9f4-001e3d888441}.TMContainer00000000000000000002.regtrans-ms
    [2012/06/28 20:01:21 | 2451,243,008 | -HS- | M] () -- C:\pagefile.sys
    [2007/11/07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2008/03/21 12:28:47 | 000,392,802 | ---- | M] () -- C:\vcredist_x86.log
    [2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2011/08/20 14:58:24 | 000,000,000 | ---- | M] () -- C:\wizard.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/09/24 19:35:49 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/19 00:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/05/21 23:59:55 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 03:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 03:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/05/05 19:46:47 | 000,000,221 | -HS- | M] () -- C:\Users\Ivana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/28 18:16:15 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\Ivana\Desktop\ComboFix.exe
    [2012/06/08 17:14:00 | 2433,958,760 | ---- | M] (Nexon) -- C:\Users\Ivana\Desktop\DragonNestSetupV140.exe
    [2012/06/28 19:21:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ivana\Desktop\OTL.exe
    [2010/06/14 18:04:11 | 000,315,392 | ---- | M] ( ) -- C:\Users\Ivana\Desktop\PianoRollComposer.exe
    [2010/03/14 00:10:12 | 000,408,064 | ---- | M] () -- C:\Users\Ivana\Desktop\Pokesav HGSS - ENG - PP.org.exe
    [2010/06/18 14:20:14 | 004,542,800 | ---- | M] (Microsoft Corporation) -- C:\Users\Ivana\Desktop\vs_proweb.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/28 19:35:27 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/27 13:16:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/06/28 20:04:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/28 20:08:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/28 20:01:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/06/28 20:00:08 | 000,032,646 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/04/19 17:26:13 | 000,000,402 | -HS- | M] () -- C:\Users\Ivana\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6547C5A3
    < End of report >
     
  18. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    OTL Extras logfile created on: 6/28/2012 8:08:55 PM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Ivana\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.24% Memory free
    4.21 Gb Paging File | 3.04 Gb Available in Paging File | 72.17% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 224.80 Gb Total Space | 124.25 Gb Free Space | 55.27% Space Free | Partition Type: NTFS

    Computer Name: EVERGREEN | User Name: Ivana | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .cmd [@ = cmdfile] -- Reg Error: Key error. File not found
    .com [@ = ComFile] -- Reg Error: Key error. File not found
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
    .pif [@ = piffile] -- Reg Error: Key error. File not found
    .vbs [@ = VBSFile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9002254F-6AE1-4096-B589-A88C09DB3948}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{93E137D9-0C11-40BF-8247-3629B78F08F8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{21E73920-6CB6-4ADC-AEEB-7EC33604F2B3}C:\program files\pando networks\media booster\pmb.exe" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "TCP Query User{AD333EC1-1C87-4C77-9FF5-F0F1D6CE5707}C:\users\ivana\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\ivana\appdata\local\akamai\netsession_win.exe |
    "UDP Query User{B27BB1E2-044B-4E03-86DA-61AEF170C1BC}C:\program files\pando networks\media booster\pmb.exe" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
    "UDP Query User{F2037962-DC31-4D2C-9DFD-B54F31BE6E47}C:\users\ivana\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\ivana\appdata\local\akamai\netsession_win.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
    "{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client
    "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
    "{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
    "{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
    "{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1" = Aegisub 2.1.8
    "{2515EAA9-AE9F-4F0A-8301-B40034838B8A}" = Livestream Procaster
    "{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
    "{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
    "{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
    "{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}" = MapleStory
    "{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
    "{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
    "{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library
    "{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
    "{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
    "{4EBFAB00-674D-27E3-91B0-3BAA73FC6FA6}" = Bamboo Dock
    "{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
    "{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
    "{53A908D4-99C6-469B-BC13-F4189F260742}" = Corel Painter Essentials 4
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
    "{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-I Visual Effects
    "{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
    "{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
    "{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
    "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
    "{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
    "{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{76F8CB2B-6516-4E1E-B6F1-AED4ABDB4B0A}_is1" = Spy Sweeper
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
    "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.2
    "{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1" = “Œ•û”ñ‘z“V‘¥ Ver1.10ƒAƒbƒvƒf[ƒg
    "{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
    "{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
    "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
    "{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
    "{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
    "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
    "{B2F83792-DA53-487F-B2F8-84A98E51B7FD}_is1" = Power CD+G to Video Karaoke Converter
    "{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library
    "{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
    "{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center
    "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
    "{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard
    "{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar
    "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
    "{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
    "{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool
    "{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
    "{D937DD80-3928-4617-876F-538A25AECB17}" = LocationFree Player
    "{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
    "{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
    "{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
    "{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
    "{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
    "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
    "{F5397A82-641F-4643-8200-51D7F0016511}" = Click to Disc
    "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "2Wire SetupWiz" = SBC Yahoo! DSL Home Networking Installer
    "7-Zip" = 7-Zip 4.65
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AIM_7" = AIM 7
    "Akamai" = Akamai NetSession Interface Service
    "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
    "Any Video Converter_is1" = Any Video Converter 3.1.2
    "ASIO4ALL" = ASIO4ALL
    "Ask & Record Toolbar4.01" = Ask & Record Toolbar 4.01
    "Audacity_is1" = Audacity 1.2.6
    "Bamboo Dock" = Bamboo Dock 3.3
    "CamStudio" = CamStudio
    "CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
    "cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
    "CCleaner" = CCleaner
    "Cheat Engine 5.5_is1" = Cheat Engine 5.5
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup.divx.com" = DivX Setup
    "DragonNest" = DragonNest
    "Drumaxx" = Drumaxx
    "DSMT5" = MathType 5
    "EdenEternal" = EdenEternal
    "Finale PrintMusic 2008" = Finale PrintMusic 2008
    "FireAlpaca_is1" = FireAlpaca 1.0.30
    "FL Studio 9" = FL Studio 9
    "Fraps" = Fraps
    "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.2
    "Free Audio Dub_is1" = Free Audio Dub version 1.5
    "Free Video to JPG Converter_is1" = Free Video to JPG Converter version 1.4
    "Google Updater" = Google Updater
    "Hardcore" = Hardcore
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "Higher Score on the SAT/PSAT_is1" = Higher Score on the SAT/PSAT
    "Hisoutensoku English" = NSIS Hisoutensoku English
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HyperCam 2" = HyperCam 2
    "IL Download Manager" = IL Download Manager
    "ImgBurn" = ImgBurn
    "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
    "LAME for Audacity_is1" = LAME v3.98.2 for Audacity
    "LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MapleStory" = MapleStory
    "MegaMan_ScreeenSaver" = MegaMan_ScreeenSaver
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Client" = Microsoft Security Essentials
    "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Network Print Monitor" = Network Print Monitor for Windows
    "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
    "osu!" = osu!
    "Pen Tablet Driver" = Bamboo
    "PoiZone" = PoiZone
    "Print Server Driver" = Print Server Driver
    "Quick Search Box" = Google Quick Search Box
    "RealPlayer 12.0" = RealPlayer
    "Sakura" = Sakura
    "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
    "SAMSUNG Mobile Modem V2" = SAMSUNG Mobile Modem V2 Software
    "Sawer" = Sawer
    "SoftwareUpdUtility" = Download Updater (AOL LLC)
    "SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Toxic Biohazard" = Toxic Biohazard
    "Uninstall_is1" = Uninstall 1.0.0.1
    "VAIO Service Utility" = VAIO Service Utility
    "Vectorian Giotto_is1" = Vectorian Giotto 3.0.0
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1" = Bamboo Dock
    "Winamp" = Winamp
    "WinGimp-2.0_is1" = GIMP 2.6.8
    "WinLiveSuite" = Windows Live Essentials
    "Xvid_is1" = Xvid 1.2.1 final uninstall
    "YInstHelper" = Yahoo! Install Manager
    "東方神霊廟 体験版_is1" = 東方神霊廟 体験版 ver 0.01a
     
  19. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3410675808-1924818942-1369259615-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "Energy Skate Park" = Energy Skate Park
    "Forces in 1 Dimension" = Forces in 1 Dimension
    "Ladybug Revolution" = Ladybug Revolution
    "Magnet and Compass" = Magnet and Compass
    "UnityWebPlayer" = Unity Web Player
    "Winamp Detect" = Winamp Detector Plug-in
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.1

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/28/2012 9:57:13 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 6/28/2012 9:57:13 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 6/28/2012 10:07:38 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 6/28/2012 10:07:38 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 6/28/2012 10:07:38 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 6/28/2012 10:07:38 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 6/28/2012 10:07:38 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 6/28/2012 10:07:39 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 6/28/2012 10:07:39 PM | Computer Name = EVERGREEN | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 6/28/2012 11:02:07 PM | Computer Name = EVERGREEN | Source = VzCdbSvc | ID = 7
    Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
    code = 0x80042019)

    [ Media Center Events ]
    Error - 4/30/2008 8:32:55 PM | Computer Name = Evergreen | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/25/2008 7:35:41 PM | Computer Name = Evergreen | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/27/2008 11:15:36 PM | Computer Name = Evergreen | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 7/23/2009 9:31:12 PM | Computer Name = EVERGREEN | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 9/28/2008 6:47:40 PM | Computer Name = Evergreen | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/28/2008 8:04:28 PM | Computer Name = Evergreen | Source = Service Control Manager | ID = 7011
    Description =

    Error - 9/29/2008 6:59:44 PM | Computer Name = Evergreen | Source = HTTP | ID = 15016
    Description =

    Error - 9/29/2008 7:01:20 PM | Computer Name = Evergreen | Source = Service Control Manager | ID = 7000
    Description =

    Error - 9/29/2008 7:16:41 PM | Computer Name = Evergreen | Source = Print | ID = 6161
    Description = The document Microsoft PowerPoint - American Storyboard, owned by
    Ivana, failed to print on printer HP DeskJet 970Cse. Try to print the document again,
    or restart the print spooler. Data type: NT EMF 1.008. Size of the spool file in
    bytes: 4758136. Number of bytes printed: 0. Total number of pages in the document:
    4. Number of pages printed: 0. Client computer: \\EVERGREEN. Win32 error code returned
    by the print processor: 2. The system cannot find the file specified.

    Error - 9/30/2008 6:08:09 PM | Computer Name = Evergreen | Source = HTTP | ID = 15016
    Description =

    Error - 9/30/2008 6:09:43 PM | Computer Name = Evergreen | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/1/2008 6:27:00 PM | Computer Name = Evergreen | Source = HTTP | ID = 15016
    Description =

    Error - 10/1/2008 6:28:38 PM | Computer Name = Evergreen | Source = Service Control Manager | ID = 7000
    Description =

    Error - 10/2/2008 12:16:46 AM | Computer Name = EVERGREEN | Source = HTTP | ID = 15016
    Description =


    < End of report >
     
  20. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    (Duplicate)
     
  21. Broni

    Broni Malware Annihilator Posts: 46,868   +254

    Good :)

    You have some Norton's leftovers.
    Please run this tool to remove them: http://majorgeeks.com/Norton_Removal_Tool_SymNRT_d4749.html

    =================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      IE - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
      FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.99999
      O2 - BHO: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKLM\..\Toolbar: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O3 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
      O3 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\..\Toolbar\WebBrowser: (Ask and Record Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
      O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O37 - HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\...com [@ = ComFile] -- Reg Error: Key error. File not found
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
      @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6547C5A3
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  22. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    I ran the Norton Removal Tool, but all it did was extract some files then stopped doing anything. A Norton 360 trial was preinstalled on my computer but I never activated it. I think the tool doesn't detect an active Norton product on my computer?

    So I gave up on the Norton Removal Tool and moved on to run the OTL fix. The first time I tried it, OTL crashed halfway. I logged out and relogged in to reactivate the processes, then ran the fix again. This time, it completed and this is the log I got.
    --

    All processes killed
    ========== OTL ==========
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    HKU\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
    Prefs.js: toolbar@ask.com:3.8.0.99999 removed from extensions.enabledItems
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3410675808-1924818942-1369259615-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ask and Record FLV Service not found.
    File C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe not found.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3410675808-1924818942-1369259615-1001_Classes\.com\ not found.
    Registry key HKEY_USERS\S-1-5-21-3410675808-1924818942-1369259615-1001_Classes\ComFile\ not found.
    HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
    Unable to delete ADS C:\ProgramData\TEMP:05EE1EEF .
    Unable to delete ADS C:\ProgramData\TEMP:6547C5A3 .
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    File\Folder C:\Program Files\Ask.com not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Eric Yu
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Ivana
    ->Temp folder emptied: 704290 bytes
    ->Temporary Internet Files folder emptied: 19386609 bytes
    ->Java cache emptied: 6846996 bytes
    ->FireFox cache emptied: 85008770 bytes
    ->Flash cache emptied: 2940861 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 24 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 15218 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 110.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Eric Yu

    User: Guest

    User: Ivana
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Eric Yu
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Ivana
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.0 log created on 06282012_223956
    Files\Folders moved on Reboot...
    File\Folder C:\Windows\temp\JET4DB2.tmp not found!
    File\Folder C:\Windows\temp\JET5D2C.tmp not found!
    PendingFileRenameOperations files...
    File C:\Windows\temp\JET4DB2.tmp not found!
    File C:\Windows\temp\JET5D2C.tmp not found!
    Registry entries deleted on Reboot...
     
  23. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    SonicStage Mastering Studio Audio Filter Custom Preset
    Norton 360
    Microsoft Security Essentials
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    CA Yahoo! Anti-Spy (remove only)
    Spy Sweeper
    CCleaner
    Java(TM) 6 Update 32
    Java(TM) SE Runtime Environment 6
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 11.3.300.262
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
     
  24. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    Farbar Service Scanner Version: 25-06-2012 01
    Ran by Ivana (administrator) on 28-06-2012 at 23:05:25
    Running from "C:\Users\Ivana\Desktop"
    MicrosoftR Windows Vista? Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Security Center:
    ============
    Windows Update:
    ============
    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.

    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys
    [2012-05-14 17:08] - [2012-03-30 05:39] - 0914304 ____A (Microsoft Corporation) EE7E10BED85C312C1D5D30C435BDDA9F
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll
    [2012-06-14 11:59] - [2012-04-23 09:00] - 0133120 ____A (Microsoft Corporation) 75C6A297E364014840B48ECCD7525E30
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit

    **** End of log ****
     
  25. Sohee

    Sohee TS Rookie Topic Starter Posts: 24

    C:\FRST\Quarantine\services.exe Win32/Sirefef.FB.Gen trojan deleted - quarantined
    C:\FRST\Quarantine\{98089a1f-1d93-dc65-6426-c6b07349cac9}\n Win32/Sirefef.EV trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U\80000000.@ a variant of Win32/Sirefef.FA trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{98089a1f-1d93-dc65-6426-c6b07349cac9}\U\800000cb.@ probably a variant of Win32/Agent.TEO trojan cleaned by deleting - quarantined
    C:\Users\Ivana\Documents\Setups\WebfettiSetup2.2.60.11-2.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.