TechSpot

Malware "hard drive failed" 7-step logs attached

Solved
By moveinmaryland
Jun 5, 2011
  1. Hi. Virus popped up on the wifes laptop tonight. Looking for some help. Thanks.

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6781

    Windows 6.0.6000
    Internet Explorer 7.0.6000.17037

    6/5/2011 10:35:19 PM
    mbam-log-2011-06-05 (22-35-19).txt

    Scan type: Quick scan
    Objects scanned: 162104
    Time elapsed: 13 minute(s), 13 second(s)

    Memory Processes Infected: 2
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 3

    Memory Processes Infected:
    c:\programdata\nhwlatouajw.exe (Trojan.FakeMS) -> 2964 -> Unloaded process successfully.
    c:\programdata\22208272.exe (Trojan.FakeMS) -> 3188 -> Failed to unload process.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NHWLAtOuAjw (Trojan.FakeMS) -> Value: NHWLAtOuAjw -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    c:\programdata\nhwlatouajw.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
    c:\programdata\22208272.exe (Trojan.FakeMS) -> Delete on reboot.
    c:\Users\circuit city\AppData\Local\Temp\tmp45E0.tmp (Trojan.FakeMS) -> Quarantined and deleted successfully.




    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-05 22:52:28
    Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 FUJITSU_MHW2120BH rev.00000012
    Running: r25cw28c.exe; Driver: C:\Users\CIRCUI~1\AppData\Local\Temp\kxtdypoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

    ---- EOF - GMER 1.0.15 ----





    .
    DDS (Ver_2011-06-03.01) - NTFSx86
    Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_22
    Run by Circuit City at 23:07:29 on 2011-06-05
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.240 [GMT -4:00]
    .
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\LEXBCES.EXE
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\LEXPPS.EXE
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Napster\napster.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\AOL\1172106502\ee\aolsoftware.exe
    C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files\Lexmark 2400 Series\ezprint.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Circuit City\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Windows\system32\lxcrcoms.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\consent.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.sony.com/vaiopeople
    uDefault_Page_URL = hxxp://www.sony.com/vaiopeople
    mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.0\NppBho.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.0\UIBHO.dll
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "c:\users\circuit city\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
    mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
    mRun: [VAIOSecurity] "c:\program files\sony\vaio security center\VSC.exe" 1
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [osCheck] "c:\program files\norton internet security\osCheck.exe"
    mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire\Corel PhotoDownloader.exe
    mRun: [VAIOSurvey] c:\program files\sony corporation\vaio survey\Vista VAIO Survey.exe
    mRun: [HostManager] c:\program files\common files\aol\1172106502\ee\AOLSoftware.exe
    mRun: [Lexmark X5100 Series] "c:\program files\lexmark x5100 series\lxbabmgr.exe"
    mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
    mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
    mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
    mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    Trusted Zone: turbotax.com
    DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D3FA53A4-C575-400F-90E5-9AB568E4BC64} - hxxp://www.mbaiforms.net/formflow/gbbrcommon/mbaicontrol2.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{40FC4565-3516-4BCA-8D15-D9318DC658B2} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{6AC176F5-E863-4FBD-AAD5-73D085F9639A} : DhcpNameServer = 192.168.2.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\circuit city\appdata\roaming\mozilla\firefox\profiles\og9e8sno.default\
    FF - prefs.js: browser.startup.homepage - www.cnn.com
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: c:\users\circuit city\appdata\local\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\users\circuit city\appdata\roaming\move networks\plugins\npqmp071503000010.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\circuit city\appdata\roaming\Move Networks
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070525.001\IDSvix86.sys [2007-5-25 212280]
    R2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
    R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2006-10-24 37008]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-12-18 227328]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-6-20 39984]
    S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [2006-11-7 47488]
    S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-9-11 1252232]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-1-6 741376]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-1-6 397312]
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-1-6 1089536]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    ============= FINISH: 23:09:03.14 ===============






    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-03.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/21/2007 4:51:25 PM
    System Uptime: 6/5/2011 10:59:40 PM (1 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Genuine Intel(R) CPU T2250 @ 1.73GHz | N/A | 1733/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 106 GiB total, 29.378 GiB free.
    D: is Removable
    E: is Removable
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0003
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #2
    PNP Device ID: ROOT\*ISATAP\0003
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    ABBYY FineReader 6.0 Sprint
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.4
    Alps Pointing-device for VAIO
    AnswerWorks 4.0 Runtime - English
    AOL Uninstaller (Choose which Products to Remove)
    AppCore
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AV
    Bonjour
    BPD_Scan
    BPDSoftware
    ccCommon
    Click to DVD 2.0.05 Menu Data
    Click to DVD 2.6.00
    Corel Paint Shop Pro Photo XI
    Corel Snapfire
    ECVG Uninstall
    Enterprise
    Full Tilt Poker
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    Google Chrome
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Officejet J5700 AiO Series Corporate Edition 8.0
    HP Photosmart Essential 3.5
    HPPhotoSmartDiscLabelContent1
    HPPhotosmartEssential
    Intel(R) Graphics Media Accelerator Driver
    iPhone Configuration Utility
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 7
    Java(TM) SE Runtime Environment 6
    Lexmark 2400 Series
    Lexmark Fax Solutions
    Lexmark X5100 Series
    LiveUpdate 3.2 (Symantec Corporation)
    LiveUpdate Notice (Symantec Corporation)
    Magic Online III
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 3.5 SP1
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Picture It! Library 10
    Microsoft Picture It! Premium 10
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Works
    Microsoft Works 2005 Setup Launcher
    Microsoft Works Suite Add-in for Microsoft Word
    MobileMe Control Panel
    Move Media Player
    Mozilla Firefox (3.5.18)
    MSRedist
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    Napster
    Napster Burn Engine
    Norton AntiVirus
    Norton Confidential Browser Component
    Norton Confidential Web Protection Component
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Norton Protection Center
    O*NET 98 Viewer v1.0
    OpenMG Secure Module 4.6.01
    OpenOffice.org Installer 1.0
    QuickBooks Product Listing Service
    QuickBooks Simple Start Free Starter Edition
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Easy Media Creator Home
    RTC Client API v1.2
    Safari
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2466156)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2464583)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Sentrilock Card Utility
    Setting Utility Series
    SonicStage 4.2
    Sony Snymsico for Vista
    Sony Utilities DLL
    Sony Video Shared Library
    SPBBC 32bit
    SupportSoft Assisted Service
    Symantec Real Time Storage Protection Component
    SymNet
    TurboTax Deluxe 2007
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    VAIO Azure Float Wallpaper
    VAIO Central
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Floral Dusk Wallpaper
    VAIO Help And Support
    VAIO Media 6.0
    VAIO Media AC3 Decoder 1.0
    VAIO Media Content Collection 6.0
    VAIO Media Integrated Server 6.0
    VAIO Media Redistribution 6.0
    VAIO Media Registration Tool 6.0
    VAIO OOBE
    VAIO Photo 2007
    VAIO Power Management
    VAIO Security Center
    VAIO Survey
    VAIO Teal Whisper Wallpaper
    VAIO Update 3
    VAIO Video & Photo Utilities
    Viewpoint Media Player
    Windows Driver Package - SCM Microsystems Inc. (SCR3xx USB Smart Card Reader) SmartCardReader (11/07/2006 4.35.00.01)
    Windows Media Player Firefox Plugin
    WinDVD for VAIO
    Wireless Switch Setting Utility
    Works Upgrade
    .
    ==== Event Viewer Messages From Past Week ========
    .
    6/5/2011 9:32:49 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    6/5/2011 9:29:45 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
    6/5/2011 9:24:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Automatic LiveUpdate Scheduler service to connect.
    6/5/2011 9:24:21 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    6/5/2011 9:24:21 PM, Error: Service Control Manager [7000] - The Automatic LiveUpdate Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/5/2011 11:00:06 PM, Error: EventLog [6008] - The previous system shutdown at 10:58:57 PM on 6/5/2011 was unexpected.
    5/31/2011 8:32:40 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.3 for the Network Card with network address 0018DEDA8BD2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    5/30/2011 4:46:48 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.9 for the Network Card with network address 0018DEDA8BD2 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    =====================================================================

    Please download Rootkit Unhooker from one of the following links and save it to your desktop.
    In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

    • Double-click on RKUnhookerLE.exe to start the program.
      Vista/Windows 7 users right-click and select Run As Administrator.
    • Click the Report tab, then click Scan.
    • Check Drivers, Stealth, and uncheck the rest.
    • Click OK.
    • Wait until it's finished and then go to File > Save Report.
    • Save the report to your Desktop.
    • Copy and paste the contents of the report into your next reply.
    -- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".
     
  3. moveinmaryland

    moveinmaryland TS Rookie Topic Starter

    Thanks for taking up the cause. Here are the reports that were generated.


    aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
    Run date: 2011-06-06 10:49:03
    -----------------------------
    10:49:03.636 OS Version: Windows 6.0.6000
    10:49:03.636 Number of processors: 2 586 0xE08
    10:49:03.638 ComputerName: MARK-PC UserName:
    10:50:08.889 Initialize success
    10:50:40.204 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    10:50:40.207 Disk 0 Vendor: FUJITSU_MHW2120BH 00000012 Size: 114473MB BusType: 3
    10:50:40.211 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006b
    10:50:40.213 Disk 1 Vendor: ( Size: 114473MB BusType: 0
    10:50:40.217 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006c
    10:50:40.221 Disk 2 Vendor: ( Size: 114473MB BusType: 0
    10:50:42.565 Disk 0 MBR read successfully
    10:50:42.569 Disk 0 MBR scan
    10:50:42.574 Disk 0 unknown MBR code
    10:50:44.724 Disk 0 scanning sectors +234439600
    10:50:44.787 Disk 0 scanning C:\Windows\system32\drivers
    10:52:22.556 Service scanning
    10:52:34.958 Disk 0 trace - called modules:
    10:52:35.005 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys
    10:52:35.501 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8375bad8]
    10:52:35.508 3 ntkrnlpa.exe[81cb07e2] -> nt!IofCallDriver -> [0x8339a1b8]
    10:52:35.519 5 acpi.sys[8046932a] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0x833b5bb0]
    10:52:35.527 Scan finished successfully
    10:53:18.636 Disk 0 MBR has been saved successfully to "C:\Users\Circuit City\Desktop\MBR.dat"
    10:53:18.644 The log file has been saved successfully to "C:\Users\Circuit City\Desktop\aswMBR.txt"






    RkU Version: 3.8.389.593, Type LE (SR2)
    ==============================================
    OS Name: Windows Vista
    Version 6.0.6000
    Number of processors #2
    ==============================================
    >Drivers
    ==============================================
    0x88D52000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7004160 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
    0x81C00000 C:\Windows\system32\ntkrnlpa.exe 3805184 bytes (Microsoft Corporation, NT Kernel & System)
    0x81C00000 PnpManager 3805184 bytes
    0x81C00000 RAW 3805184 bytes
    0x81C00000 WMIxWDM 3805184 bytes
    0x94E00000 Win32k 2097152 bytes
    0x94E00000 C:\Windows\System32\win32k.sys 2097152 bytes (Microsoft Corporation, Multi-User Win32 Driver)
    0xB8A3F000 C:\Windows\system32\DRIVERS\NETw3v32.sys 1839104 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
    0x8A46F000 C:\Windows\system32\drivers\RTKVHDA.sys 1642496 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
    0x82494000 C:\Windows\System32\Drivers\Ntfs.sys 1081344 bytes (Microsoft Corporation, NT File System Driver)
    0x8060A000 C:\Windows\system32\drivers\ndis.sys 1064960 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
    0x8A6FD000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
    0x8051F000 C:\Windows\system32\CI.dll 921600 bytes (Microsoft Corporation, Code Integrity Module)
    0xB1444000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
    0x8A92B000 C:\Windows\System32\drivers\tcpip.sys 872448 bytes (Microsoft Corporation, TCP/IP Driver)
    0xB524C000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070525.032\NAVEX15.SYS 847872 bytes (Symantec Corporation, AV Engine)
    0x8A649000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
    0x88CB5000 C:\Windows\System32\drivers\dxgkrnl.sys 643072 bytes (Microsoft Corporation, DirectX Graphics Kernel)
    0xA9972000 C:\Windows\system32\drivers\spsys.sys 581632 bytes (Microsoft Corporation, security processor)
    0x804A4000 C:\Windows\system32\drivers\Wdf01000.sys 503808 bytes (Microsoft Corporation, WDF Dynamic)
    0x8242A000 C:\Windows\System32\Drivers\ksecdd.sys 434176 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
    0xABD57000 C:\Windows\system32\drivers\HTTP.sys 430080 bytes (Microsoft Corporation, HTTP Protocol Stack)
    0x8E397000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 430080 bytes (Symantec Corporation, SPBBC Driver)
    0x8E214000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 401408 bytes (Symantec Corporation, Symantec Eraser Control Driver)
    0x80266000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
    0xAC2B4000 C:\Windows\System32\DRIVERS\srv.sys 331776 bytes (Microsoft Corporation, Server driver)
    0xB4CDB000 C:\Windows\System32\Drivers\SRTSP.SYS 303104 bytes (Symantec Corporation, Symantec AutoProtect)
    0x8077E000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
    0x8A8D0000 C:\Windows\system32\drivers\afd.sys 290816 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
    0x80461000 C:\Windows\system32\drivers\acpi.sys 274432 bytes (Microsoft Corporation, ACPI Driver for NT)
    0x89795000 C:\Windows\system32\DRIVERS\storport.sys 262144 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
    0x89E3D000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
    0x88C6A000 C:\Windows\system32\drivers\ti21sony.sys 249856 bytes (Texas Instruments, ti21sony.sys)
    0x88802000 C:\Windows\system32\DRIVERS\USBPORT.SYS 249856 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
    0x8021A000 C:\Windows\system32\CLFS.SYS 241664 bytes (Microsoft Corporation, Common Log File System Driver)
    0x8E35C000 C:\Windows\system32\DRIVERS\rdbss.sys 241664 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
    0xAC3C7000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
    0x8259C000 C:\Windows\system32\drivers\NETIO.SYS 233472 bytes (Microsoft Corporation, Network I/O Subsystem)
    0x8E326000 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070525.001\IDSvix86.sys 221184 bytes (Symantec Corporation, IDS Core Driver)
    0x827CA000 C:\Windows\system32\drivers\volsnap.sys 221184 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
    0x81FA1000 ACPI_HAL 212992 bytes
    0x81FA1000 C:\Windows\system32\hal.dll 212992 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
    0x89F0C000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
    0x87605000 C:\Windows\system32\DRIVERS\yk60x86.sys 208896 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)
    0x8A89E000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
    0x80727000 C:\Windows\system32\drivers\fltmgr.sys 200704 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
    0x89E9F000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
    0x8A83B000 C:\Windows\System32\Drivers\SYMTDI.SYS 180224 bytes (Symantec Corporation, Network Dispatch Driver)
    0x897D5000 C:\Windows\system32\DRIVERS\msiscsi.sys 176128 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
    0x825D5000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
    0xA98A6000 C:\Windows\system32\DRIVERS\nwifi.sys 176128 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
    0x896EC000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
    0x807C8000 C:\Windows\system32\DRIVERS\pcmcia.sys 172032 bytes (Microsoft Corporation, PCMCIA Bus Driver)
    0x88C24000 C:\Windows\system32\DRIVERS\Apfiltr.sys 163840 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
    0x8E5DA000 C:\Windows\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
    0x89E7A000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
    0x827A5000 C:\Windows\System32\drivers\ecache.sys 151552 bytes (Microsoft Corporation, Special Memory Device Cache)
    0x80434000 C:\Windows\system32\drivers\pci.sys 151552 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
    0xABC0D000 C:\Windows\System32\DRIVERS\srv2.sys 147456 bytes (Microsoft Corporation, Smb 2.0 Server driver)
    0x89745000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
    0x8A818000 C:\Windows\system32\Drivers\SYMEVENT.SYS 143360 bytes (Symantec Corporation, Symantec Event Library)
    0x8ADBE000 C:\Windows\System32\Drivers\SYMFW.SYS 139264 bytes (Symantec Corporation, Firewall Filter Driver)
    0x82773000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
    0x89E02000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
    0xABC4F000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
    0x80758000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
    0xABC31000 C:\Windows\system32\DRIVERS\mrxsmb.sys 122880 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
    0xA89A5000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
    0xABCFC000 C:\Windows\System32\DRIVERS\srvnet.sys 110592 bytes (Microsoft Corporation, Server Network driver)
    0xABCE3000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
    0x8A622000 C:\Windows\System32\drivers\fwpkclnt.sys 102400 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
    0x88C01000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
    0x8AC0F000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Client MUP Surrogate Driver)
    0x89773000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
    0xAF48D000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
    0x8A888000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
    0xA8990000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
    0x8A60D000 C:\Windows\system32\DRIVERS\tdx.sys 86016 bytes (Microsoft Corporation, TDI Translation Driver)
    0xB0C23000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
    0xABC6F000 C:\Windows\System32\drivers\mpsdrv.sys 81920 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
    0x8A917000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
    0x88C57000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
    0x89732000 C:\Windows\system32\DRIVERS\raspptp.sys 77824 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
    0xA9893000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
    0x8A867000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
    0x87638000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
    0xABCD1000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 73728 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
    0xA9821000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20070525.032\NAVENG.SYS 73728 bytes (Symantec Corporation, AV Engine)
    0xB0C11000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
    0x82794000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
    0x8AC34000 C:\Windows\System32\Drivers\SRTSPX.SYS 69632 bytes (Symantec Corporation, Symantec AutoProtect)
    0x80717000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
    0x85AA1000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
    0x8040B000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
    0x85AE1000 C:\Windows\System32\Drivers\NDProxy.SYS 65536 bytes (Microsoft Corporation, NDIS Proxy)
    0x85A81000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
    0x8F92E000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
    0x8240C000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
    0x8241B000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
    0x85BC5000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
    0x89716000 C:\Windows\system32\DRIVERS\termdd.sys 61440 bytes (Microsoft Corporation, Terminal Server Driver)
    0x80425000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
    0x88CA7000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
    0x95210000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
    0x876B7000 C:\Windows\system32\DRIVERS\intelppm.sys 57344 bytes (Microsoft Corporation, Processor Device Driver)
    0x8A87A000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
    0x8A63B000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
    0x807F2000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
    0x87727000 C:\Windows\system32\DRIVERS\usbehci.sys 57344 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
    0x89629000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
    0x8961C000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
    0x89725000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
    0x8764A000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
    0x8020D000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
    0x89600000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
    0x8E281000 C:\Users\CIRCUI~1\AppData\Local\Temp\aswMBR.sys 45056 bytes
    0x8E276000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
    0x88C4C000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
    0x88C19000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
    0x8A404000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
    0x89768000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
    0x8A80D000 C:\Windows\System32\Drivers\SYMNDISV.SYS 45056 bytes (Symantec Corporation, NDIS Filter Driver)
    0x8E2FA000 C:\Windows\System32\drivers\tcpipreg.sys 45056 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
    0x8978A000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
    0x876C5000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x87735000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
    0x8041B000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
    0x8E424000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
    0x8771D000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
    0x8E438000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
    0x8A603000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
    0x8E456000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
    0x87779000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
    0x82403000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
    0x877DC000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
    0x8025D000 C:\Windows\system32\PSHED.dll 36864 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
    0x8070E000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
    0x877E5000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
    0x87794000 C:\Windows\System32\Drivers\SYMIDS.SYS 36864 bytes (Symantec Corporation, IDS Filter Driver)
    0x95200000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
    0x87770000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
    0x80204000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
    0x80776000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
    0x80255000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
    0x8AD56000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
    0x802C6000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
    0x80459000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
    0x85EFF000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x85F07000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
    0x80602000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
    0x922F8000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
    0x87701000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
    0x80404000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
    0x876FA000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
    0x876D0000 C:\Windows\System32\Drivers\SonyNC.sys 28672 bytes (Sony Corporation, Sony Firmware Extension Parser driver)
    0x87681000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
    0x876A5000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
    0x87657000 C:\Windows\System32\Drivers\SYMREDRV.SYS 24576 bytes (Symantec Corporation, Redirector Filter Driver)
    0x87693000 C:\Windows\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
    0x85E42000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
    0xB0938000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
    0x80201000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
    0x85F6E000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
    0x89F56000 C:\Windows\System32\Drivers\SYMDNS.SYS 8192 bytes (Symantec Corporation, DNS Filter Driver)
    0x8960D000 C:\Windows\System32\Drivers\Cdr4_xp.SYS 4096 bytes (Sonic Solutions, CDR4 CD and DVD Place Holder Driver (see PxHelp))
    0x8960E000 C:\Windows\System32\Drivers\Cdralw2k.SYS 4096 bytes (Sonic Solutions, CDRAL Place Holder Driver (see PxHelp))
    0x8AD21000 C:\Windows\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
    ==============================================
    >Stealth
    ==============================================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Looks good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. moveinmaryland

    moveinmaryland TS Rookie Topic Starter

    Thanks for the help. Here is my combofix log.


    ComboFix 11-06-06.02 - Circuit City 06/06/2011 21:47:52.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1014.280 [GMT -4:00]
    Running from: c:\users\Circuit City\Downloads\ComboFix.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\pswi_preloaded.exe
    c:\users\Circuit City\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
    c:\users\Circuit City\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Uninstall Windows Vista Recovery.lnk
    c:\users\Circuit City\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery\Windows Vista Recovery.lnk
    c:\users\Circuit City\Desktop\Windows Vista Recovery.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-07 02:05 . 2011-06-07 02:06 -------- d-----w- c:\users\Circuit City\AppData\Local\temp
    2011-06-07 02:05 . 2011-06-07 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-06-07 01:41 . 2011-06-07 01:41 -------- d-----w- C:\32788R22FWJFW
    2011-06-06 03:26 . 2011-04-01 21:07 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-06-06 03:26 . 2011-04-01 21:07 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-06-06 03:25 . 2011-06-06 03:25 -------- d-----w- c:\programdata\Avira
    2011-06-06 03:25 . 2011-06-06 03:25 -------- d-----w- c:\program files\Avira
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-29 13:11 . 2009-06-20 22:20 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11 . 2009-06-20 22:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-09 1232896]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2006-11-16 3784704]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2006-11-13 118784]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 43128]
    "NapsterShell"="c:\program files\Napster\napster.exe" [2006-11-09 323216]
    "VAIOSecurity"="c:\program files\Sony\VAIO Security Center\VSC.exe" [2006-11-28 2150400]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-14 98304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-14 106496]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-14 81920]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
    "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
    "VAIOSurvey"="c:\program files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe" [2006-12-07 577536]
    "HostManager"="c:\program files\Common Files\AOL\1172106502\ee\AOLSoftware.exe" [2006-09-26 50736]
    "lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 286720]
    "EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
    "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816]
    "LXCRCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2006-10-17 960032]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2006-11-24 18:36 73728 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
    R3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2006-11-07 47488]
    R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2006-10-12 741376]
    R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2006-10-09 397312]
    R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2006-10-11 1089536]
    S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070525.001\IDSvix86.sys [2007-02-14 212280]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-28 136360]
    S2 MSSQL$VAIO_VEDB;SQL Server (VAIO_VEDB);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
    S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2006-10-24 37008]
    S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-11-10 227328]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - COMHOST
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2150067163-3515280496-705732272-1006Core.job
    - c:\users\Circuit City\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-29 15:39]
    .
    2011-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2150067163-3515280496-705732272-1006UA.job
    - c:\users\Circuit City\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-29 15:39]
    .
    2011-06-04 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Mark.job
    - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-08 01:48]
    .
    2011-06-07 c:\windows\Tasks\User_Feed_Synchronization-{1700A660-4BB2-40A8-A7D4-661B7C722194}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    2011-06-07 c:\windows\Tasks\User_Feed_Synchronization-{F6E2AB09-51EC-47CF-AC0C-62B925293FC8}.job
    - c:\windows\system32\msfeedssync.exe [2006-11-02 09:45]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.sony.com/vaiopeople
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    Trusted Zone: turbotax.com
    TCP: DhcpNameServer = 192.168.2.1
    DPF: {D3FA53A4-C575-400F-90E5-9AB568E4BC64} - hxxp://www.mbaiforms.net/formflow/gbbrcommon/mbaicontrol2.cab
    FF - ProfilePath - c:\users\Circuit City\AppData\Roaming\Mozilla\Firefox\Profiles\og9e8sno.default\
    FF - prefs.js: browser.startup.homepage - www.cnn.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\users\Circuit City\AppData\Roaming\Move Networks
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire\Corel PhotoDownloader.exe
    HKLM-Run-Lexmark X5100 Series - c:\program files\Lexmark X5100 Series\lxbabmgr.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-06 22:06
    Windows 6.0.6000 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXCRCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2011-06-06 22:25:46
    ComboFix-quarantined-files.txt 2011-06-07 02:25
    .
    Pre-Run: 37,871,718,400 bytes free
    Post-Run: 40,616,083,456 bytes free
    .
    - - End Of File - - D2644054173002DE9376FC4FE1C6B4B7
     
  6. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Looks good :)

    How is computer doing?

    I can see some Norton's leftovers.
    Please, run this tool to remove them: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    Then...

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. moveinmaryland

    moveinmaryland TS Rookie Topic Starter

    Computer is starting to look pretty good.

    OTL logfile created on: 6/6/2011 11:02:24 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Circuit City\Downloads
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.17037)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1013.56 Mb Total Physical Memory | 249.36 Mb Available Physical Memory | 24.60% Memory free
    2.23 Gb Paging File | 1.27 Gb Available in Paging File | 56.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 105.67 Gb Total Space | 38.07 Gb Free Space | 36.03% Space Free | Partition Type: NTFS

    Computer Name: MARK-PC | User Name: Circuit City | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/06/06 23:01:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Circuit City\Downloads\OTL.exe
    PRC - [2011/06/06 22:58:15 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2006/11/28 13:58:40 | 000,546,936 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
    PRC - [2006/11/28 01:15:30 | 000,465,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    PRC - [2006/11/24 21:58:38 | 000,919,672 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    PRC - [2006/11/24 14:36:54 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2006/11/24 14:36:54 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2006/11/13 09:32:52 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2006/11/13 09:32:52 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
    PRC - [2006/11/13 09:32:49 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
    PRC - [2006/11/11 19:35:36 | 000,043,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    PRC - [2006/11/08 23:03:02 | 000,323,216 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
    PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
    PRC - [2006/09/25 20:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1172106502\ee\aolsoftware.exe
    PRC - [2006/08/23 16:43:08 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2006/03/06 13:48:46 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
    PRC - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) -- C:\Windows\System32\lxcrcoms.exe
    PRC - [2006/02/07 01:10:34 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/06/06 23:01:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Circuit City\Downloads\OTL.exe
    MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/03/28 16:15:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2007/04/12 00:34:26 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/11/24 14:36:54 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2006/11/13 21:31:22 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
    SRV - [2006/10/24 14:32:08 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
    SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
    SRV - [2006/10/11 22:36:02 | 000,741,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
    SRV - [2006/10/11 19:52:44 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
    SRV - [2006/10/11 19:52:44 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
    SRV - [2006/10/09 15:02:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
    SRV - [2006/10/09 15:02:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
    SRV - [2006/10/04 22:25:00 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2006/10/04 22:15:30 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
    SRV - [2006/10/04 22:06:58 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2006/09/26 18:48:36 | 000,172,032 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2006/09/26 18:46:58 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
    SRV - [2006/09/21 13:53:16 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2006/09/17 01:08:00 | 000,071,184 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
    SRV - [2006/08/29 01:38:04 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
    SRV - [2006/08/23 16:43:08 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\Windows\System32\lxcrcoms.exe -- (lxcr_device)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
    DRV - [2011/04/01 17:07:59 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2011/04/01 17:07:59 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2006/11/30 23:13:46 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2006/11/30 23:13:46 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2006/11/13 23:07:45 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/11/13 09:32:52 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2006/11/10 17:50:53 | 000,227,328 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
    DRV - [2006/11/10 17:43:38 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
    DRV - [2006/11/07 06:35:00 | 000,047,488 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3xx USB Smart Card Reader)
    DRV - [2006/11/06 04:09:26 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
    DRV - [2006/11/01 16:18:15 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2006/10/18 15:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
    DRV - [2006/10/18 14:43:18 | 000,124,256 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2150067163-3515280496-705732272-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
    IE - HKU\S-1-5-21-2150067163-3515280496-705732272-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2150067163-3515280496-705732272-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2150067163-3515280496-705732272-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.cnn.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/06 22:58:27 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/06 22:58:27 | 000,000,000 | ---D | M]

    [2009/06/10 17:56:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Circuit City\AppData\Roaming\mozilla\Extensions
    [2011/06/05 23:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Circuit City\AppData\Roaming\mozilla\Firefox\Profiles\og9e8sno.default\extensions
    [2009/09/03 21:46:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Circuit City\AppData\Roaming\mozilla\Firefox\Profiles\og9e8sno.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/11/05 17:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/30 23:01:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/11/05 17:59:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2009/06/10 17:56:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
    [2009/09/10 20:40:13 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\CIRCUIT CITY\APPDATA\ROAMING\MOVE NETWORKS
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/06/06 22:05:53 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
    O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1172106502\ee\aolsoftware.exe (America Online, Inc.)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [LXCRCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL ()
    O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [VAIOSecurity] C:\Program Files\Sony\VAIO Security Center\VSC.exe ()
    O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony Corporation\VAIO Survey\Vista VAIO Survey.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2150067163-3515280496-705732272-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2150067163-3515280496-705732272-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKU\S-1-5-21-2150067163-3515280496-705732272-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab (Support.com Configuration Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D3FA53A4-C575-400F-90E5-9AB568E4BC64} http://www.mbaiforms.net/formflow/gbbrcommon/mbaicontrol2.cab (MBAIFSaver Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
    O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/06/06 22:26:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/06/06 22:26:03 | 000,000,000 | ---D | C] -- C:\Users\Circuit City\AppData\Local\temp
    [2011/06/06 21:42:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/06/06 21:42:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/06/06 21:42:14 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/06/06 21:42:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/06/06 21:41:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/06/06 21:41:37 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/06/06 21:41:25 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2011/06/05 23:26:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/06/05 23:26:17 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2011/06/05 23:26:05 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2011/06/05 23:26:04 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2011/06/05 23:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/06/05 23:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/05/09 12:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2011/05/09 12:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2007/04/24 17:15:51 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxcrusb1.dll
    [2007/04/24 17:15:50 | 001,183,744 | ---- | C] ( ) -- C:\Windows\System32\lxcrserv.dll
    [2007/04/24 17:15:50 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxcrprox.dll
    [2007/04/24 17:15:50 | 000,114,688 | ---- | C] ( ) -- C:\Windows\System32\lxcrpplc.dll
    [2007/04/24 17:15:49 | 000,536,576 | ---- | C] ( ) -- C:\Windows\System32\lxcrlmpm.dll
    [2007/04/24 17:15:47 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\lxcrih.exe
    [2007/04/24 17:15:45 | 000,495,616 | ---- | C] ( ) -- C:\Windows\System32\lxcrcoms.exe
    [2007/04/24 17:15:45 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomm.dll
    [2007/04/24 17:15:44 | 000,610,304 | ---- | C] ( ) -- C:\Windows\System32\lxcrcomc.dll
    [2006/02/20 15:06:52 | 000,393,216 | ---- | C] ( ) -- C:\Windows\System32\lxcriesc.dll
    [2006/02/20 15:03:02 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxcrinpa.dll

    ========== Files - Modified Within 30 Days ==========

    [2011/06/06 23:05:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F6E2AB09-51EC-47CF-AC0C-62B925293FC8}.job
    [2011/06/06 22:54:15 | 000,003,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/06/06 22:54:15 | 000,003,456 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/06/06 22:54:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/06/06 22:54:04 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
    [2011/06/06 22:38:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2150067163-3515280496-705732272-1006UA.job
    [2011/06/06 22:05:53 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/06/06 21:35:30 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{1700A660-4BB2-40A8-A7D4-661B7C722194}.job
    [2011/06/06 10:53:18 | 000,000,512 | ---- | M] () -- C:\Users\Circuit City\Desktop\MBR.dat
    [2011/06/05 23:26:55 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/06/05 22:59:53 | 193,656,999 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/06/05 21:46:22 | 000,673,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/06/05 21:46:22 | 000,125,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/06/05 21:27:27 | 000,000,136 | ---- | M] () -- C:\ProgramData\~22208272
    [2011/06/05 21:27:26 | 000,000,160 | ---- | M] () -- C:\ProgramData\~22208272r
    [2011/06/05 21:18:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2150067163-3515280496-705732272-1006Core.job
    [2011/06/05 21:17:40 | 000,000,320 | ---- | M] () -- C:\ProgramData\22208272
    [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2011/06/06 21:42:14 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/06/06 21:42:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/06/06 21:42:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/06/06 21:42:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/06/06 21:42:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/06/06 10:53:18 | 000,000,512 | ---- | C] () -- C:\Users\Circuit City\Desktop\MBR.dat
    [2011/06/05 23:26:55 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/06/05 21:27:26 | 000,000,160 | ---- | C] () -- C:\ProgramData\~22208272r
    [2011/06/05 21:27:26 | 000,000,136 | ---- | C] () -- C:\ProgramData\~22208272
    [2011/06/05 21:17:40 | 000,000,320 | ---- | C] () -- C:\ProgramData\22208272
    [2011/04/28 03:13:16 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
    [2010/04/01 22:44:55 | 000,019,502 | ---- | C] () -- C:\Windows\hpqins13.dat.temp
    [2008/12/23 22:19:59 | 000,019,105 | ---- | C] () -- C:\Windows\hpqins13.dat
    [2008/05/25 11:31:25 | 000,145,978 | ---- | C] () -- C:\Windows\hpwins10.dat
    [2008/05/25 11:31:25 | 000,001,042 | ---- | C] () -- C:\Windows\hpwmdl10.dat
    [2008/04/14 15:26:08 | 000,000,680 | ---- | C] () -- C:\Users\Circuit City\AppData\Local\d3d9caps.dat
    [2007/07/05 13:33:33 | 000,000,626 | ---- | C] () -- C:\Windows\ONET98.INI
    [2007/06/10 22:00:23 | 000,019,456 | ---- | C] () -- C:\Users\Circuit City\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/04/24 17:22:39 | 000,303,104 | ---- | C] () -- C:\Windows\System32\lxcrcoin.dll
    [2007/04/24 17:20:08 | 000,040,960 | ---- | C] () -- C:\Windows\System32\LXPRMON.DLL
    [2007/04/24 17:20:08 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXPMONUI.DLL
    [2007/04/24 17:15:54 | 000,233,472 | ---- | C] () -- C:\Windows\System32\LXCRinst.dll
    [2007/04/15 23:02:25 | 000,000,000 | ---- | C] () -- C:\Users\Circuit City\AppData\Roaming\wklnhst.dat
    [2007/04/15 22:50:20 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2007/02/21 21:07:17 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
    [2007/01/06 23:00:22 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
    [2007/01/06 22:59:20 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
    [2006/12/19 00:22:07 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
    [2006/12/18 23:39:10 | 000,000,032 | ---- | C] () -- C:\Windows\System32\elcric.dat
    [2006/12/18 23:26:47 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
    [2006/12/18 23:26:47 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
    [2006/12/18 23:26:47 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
    [2006/12/18 23:26:47 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
    [2006/11/30 23:13:32 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/11/30 23:13:32 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
    [2006/11/30 23:12:04 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:47:37 | 000,409,968 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:33:01 | 000,673,684 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 06:33:01 | 000,125,296 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2006/03/06 13:51:28 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxcrdrs.dll
    [2006/03/06 13:48:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxcrcaps.dll
    [2005/12/20 12:54:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcrcnv4.dll
    [2005/07/08 04:11:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcrvs.dll
    [2002/12/03 13:51:49 | 000,086,016 | ---- | C] () -- C:\Windows\System32\LXBAIH.EXE
    [2002/12/03 13:45:42 | 000,077,824 | ---- | C] () -- C:\Windows\System32\LXBALCNP.DLL
    [2002/08/21 09:55:26 | 000,000,188 | ---- | C] () -- C:\Windows\System32\lxbacoin.ini
    [2001/01/19 11:50:20 | 000,040,960 | ---- | C] () -- C:\Windows\System32\INSTMON.EXE

    ========== LOP Check ==========

    [2007/03/24 22:33:30 | 000,000,000 | ---D | M] -- C:\Users\Circuit City\AppData\Roaming\InterVideo
    [2010/11/15 11:56:20 | 000,000,000 | ---D | M] -- C:\Users\Circuit City\AppData\Roaming\SentriLock
    [2009/11/20 23:55:35 | 000,000,000 | ---D | M] -- C:\Users\Circuit City\AppData\Roaming\Wizards of the Coast
    [2011/06/06 22:52:48 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/06/06 21:35:30 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{1700A660-4BB2-40A8-A7D4-661B7C722194}.job
    [2011/06/06 23:05:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F6E2AB09-51EC-47CF-AC0C-62B925293FC8}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2006/11/02 05:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
    [2006/12/18 22:59:25 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2011/06/06 22:25:54 | 000,011,258 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/06/06 22:54:04 | 1063,444,480 | -HS- | M] () -- C:\hiberfil.sys
    [2007/02/22 21:21:29 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/02/22 19:20:27 | 000,000,881 | ---- | M] () -- C:\IPH.PH
    [2011/06/05 22:09:27 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2007/02/22 21:21:29 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/06/06 22:54:02 | 1377,370,112 | -HS- | M] () -- C:\pagefile.sys
    [2007/02/21 21:07:18 | 000,000,296 | ---- | M] () -- C:\T4Metrics.log
    [2007/01/06 23:07:39 | 000,390,416 | ---- | M] () -- C:\vcredist_x86.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/08/17 21:27:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4x6.dll
    [2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2002/11/15 09:58:04 | 000,077,824 | ---- | M] (Lexmark International) -- C:\Windows\System32\spool\prtprocs\w32x86\LXBAPP5C.DLL
    [2006/01/12 10:20:04 | 000,114,688 | ---- | M] () -- C:\Windows\System32\spool\prtprocs\w32x86\lxcrpp5c.dll
    [2006/10/26 23:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/12/11 04:24:04 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2007/02/21 17:51:47 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2007/02/21 17:51:17 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2007/02/21 17:51:17 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2007/02/21 17:51:17 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2007/02/21 17:51:17 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
    [2007/02/21 17:51:17 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/12/19 00:07:12 | 000,001,338 | ---- | M] () -- C:\Users\Circuit City\Favorites\CNN Pipeline.lnk
    [2007/08/31 16:47:24 | 000,000,402 | -HS- | M] () -- C:\Users\Circuit City\Favorites\desktop.ini
    [2006/12/19 00:07:27 | 000,001,260 | ---- | M] () -- C:\Users\Circuit City\Favorites\Gametap.lnk
    [2006/12/19 00:08:29 | 000,001,352 | ---- | M] () -- C:\Users\Circuit City\Favorites\Get Office Live now.lnk
    [2006/12/19 00:07:34 | 000,001,270 | ---- | M] () -- C:\Users\Circuit City\Favorites\MobiTV.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/06/05 21:17:40 | 000,000,320 | ---- | M] () -- C:\ProgramData\22208272
    [2010/04/01 22:45:03 | 000,001,153 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2011/06/05 21:27:27 | 000,000,136 | ---- | M] () -- C:\ProgramData\~22208272
    [2011/06/05 21:27:26 | 000,000,160 | ---- | M] () -- C:\ProgramData\~22208272r

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  8. moveinmaryland

    moveinmaryland TS Rookie Topic Starter

    OTL Extras logfile created on: 6/6/2011 11:02:24 PM - Run 1
    OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Circuit City\Downloads
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.17037)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1013.56 Mb Total Physical Memory | 249.36 Mb Available Physical Memory | 24.60% Memory free
    2.23 Gb Paging File | 1.27 Gb Available in Paging File | 56.98% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 105.67 Gb Total Space | 38.07 Gb Free Space | 36.03% Space Free | Partition Type: NTFS

    Computer Name: MARK-PC | User Name: Circuit City | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = aolfile_HTM] -- C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- C:\PROGRA~1\AOL9~1.0\aol.exe -u"%1" (AOL, LLC.)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{AB11FC56-B2CB-46F0-85FD-9A4EC5426446}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00469DA5-F898-4B32-98B0-CDC654F6EFF9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{17D51D67-356D-4B36-860D-CCD38064A489}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{32FC033C-3C24-4E60-AD24-BBECC8B1BC0E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{428C66A1-41A0-429F-A130-4B163A38F5FB}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
    "{49235CFA-201B-4666-B82D-1CC285D9476B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{5348786E-5574-4D2E-988A-42A3C086FAEA}" = protocol=6 | dir=in | app=c:\program files\aol 9.0\waol.exe |
    "{576EF265-4F94-493D-AF03-FD4D32D26EE7}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{6102F971-C818-4B59-9A29-106906FFCFF0}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
    "{6C4409DC-D226-4AEA-B2A9-5ABF7BF528DB}" = protocol=17 | dir=in | app=c:\program files\aol 9.0\waol.exe |
    "{6F6A5CDD-FD03-47FF-A6DE-CBE9D6C43976}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{723F2C78-DB32-45CA-8296-C1BD122D557C}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{7CEFAED4-999B-46B0-B9E0-3EFC5D1A1137}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{884B49CE-F935-4E4A-8DBB-42CE1D218B5D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{9B373A9D-C1E5-4A69-9B18-805071127F99}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
    "{A0ADC066-4302-4D95-9579-5F73AD1FBC48}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{A7B2B2FD-455E-4AB0-9386-B0FB19DE225F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{AD4FCCE3-7B84-48CD-8A34-5E1946A4D066}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{B5FF0913-9E4D-4839-B068-6358C5AC678F}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
    "{C79628B6-E466-48A8-9D04-91A8BB817236}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{D1CE6C37-697C-4EB4-8BF7-B76A4E0D3C50}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{D6878200-28A6-49A9-A404-0D6326A01FC3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
    "{DE107BFA-EF06-4C53-98C1-9F957AFD4DBB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{E126FA8E-0924-463A-A117-E31FD2AC67D4}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{E87FA56B-B12A-4014-8DCA-F6A9D7F02E67}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
    "{E8930F57-AA73-44CE-9800-47B45E6C0D84}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
    "{EC14A64A-7FF1-4AE6-8F02-3413CFB57CB1}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
    "{FC2A544A-74CC-4FF6-A724-D1B1B6BB0C48}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
    "{FE76DB83-1EFC-4456-AAFB-A42D1556A99C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
    "{0312BD0D-A1FE-4E1A-9208-D436F566D867}" = VAIO Azure Float Wallpaper
    "{054C3038-FFAC-446D-9682-E25891DC2E05}" = QuickBooks Product Listing Service
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
    "{0EE4030A-8FD4-4798-A21D-17E525B1F7CF}" = Corel Snapfire
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{17C7703E-0B2A-4593-9CB7-E2FE14B6F8EA}" = Sony Snymsico for Vista
    "{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE
    "{1B7AC2F8-D0D7-4551-9C36-961529126944}" = Enterprise
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
    "{235915A8-1C0D-4920-95EA-FE8B773E5F57}" = VAIO Teal Whisper Wallpaper
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
    "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
    "{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01
    "{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
    "{40BA976E-38B8-4C63-990C-50999C8C3521}" = BPD_Scan
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
    "{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
    "{478D1ABC-A334-497E-904A-DDA98F087699}" = VAIO Video & Photo Utilities
    "{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
    "{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
    "{500C3FDC-5E5F-485F-BDF5-2C445839CBE0}" =
    "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
    "{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
    "{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Video & Photo Utilities
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
    "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
    "{7D716354-2C08-48DC-9AC5-957348048817}" = VAIO Help And Support
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{7E545666-F419-45FD-B3DF-C0B99A1A579F}" = QuickBooks Simple Start Free Starter Edition
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{8AFE6E90-060E-4774-861B-2408299A357C}" = HP Officejet J5700 AiO Series Corporate Edition 8.0
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI
    "{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
    "{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.2
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III
    "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
    "{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
    "{B59B3DA8-06F8-4B4C-AE94-5180753EF108}" = VAIO Floral Dusk Wallpaper
    "{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
    "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
    "{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
    "{C9B8D365-A6C3-4C4D-9624-0F0078FEB1B4}" = Sentrilock Card Utility
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
    "{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
    "{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
    "{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "C4B4D7F5499921DF57A4F6B55E59E0F50C2FE298" = Windows Driver Package - SCM Microsystems Inc. (SCR3xx USB Smart Card Reader) SmartCardReader (11/07/2006 4.35.00.01)
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
    "ECVGOut" = ECVG Uninstall
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "InstallShield_{3D79DB6E-73DA-46C9-B8FA-DAE52108246F}" = OpenMG Secure Module 4.6.01
    "Lexmark 2400 Series" = Lexmark 2400 Series
    "Lexmark Fax Solutions" = Lexmark Fax Solutions
    "Lexmark X5100 Series" = Lexmark X5100 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Mozilla Firefox (3.5.19)" = Mozilla Firefox (3.5.19)
    "O*NET 98 Viewer v1.0" = O*NET 98 Viewer v1.0
    "PictureItPrem_v10" = Microsoft Picture It! Premium 10
    "TurboTax Deluxe 2007" = TurboTax Deluxe 2007
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "Works2005Setup" = Microsoft Works 2005 Setup Launcher

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2150067163-3515280496-705732272-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 6/6/2011 11:12:51 PM | Computer Name = Mark-PC | Source = Windows Search Service | ID = 3031
    Description =

    Error - 6/6/2011 11:12:52 PM | Computer Name = Mark-PC | Source = Windows Search Service | ID = 3031
    Description =

    Error - 6/6/2011 11:12:52 PM | Computer Name = Mark-PC | Source = Windows Search Service | ID = 3031
    Description =

    Error - 6/6/2011 11:12:52 PM | Computer Name = Mark-PC | Source = Windows Search Service | ID = 3031
    Description =

    Error - 6/6/2011 11:12:52 PM | Computer Name = Mark-PC | Source = Windows Search Service | ID = 3031
    Description =

    Error - 6/6/2011 11:12:52 PM | Computer Name = Mark-PC | Source = Windows Search Service | ID = 3031
    Description =

    Error - 6/6/2011 11:12:52 PM | Computer Name = Mark-PC | Source = Windows Search Service | ID = 3031
    Description =

    Error - 6/6/2011 11:12:52 PM | Computer Name = Mark-PC | Source = Windows Search Service | ID = 3031
    Description =

    Error - 6/6/2011 11:12:52 PM | Computer Name = Mark-PC | Source = Windows Search Service | ID = 3031
    Description =

    Error - 6/6/2011 11:13:47 PM | Computer Name = Mark-PC | Source = Windows Search Service | ID = 3031
    Description =

    [ OSession Events ]
    Error - 6/2/2011 4:24:49 PM | Computer Name = Mark-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 361486
    seconds with 7320 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 6/6/2011 10:06:11 PM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 6/6/2011 10:42:54 PM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 6/6/2011 10:42:55 PM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 6/6/2011 10:43:24 PM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 6/6/2011 10:45:57 PM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 6/6/2011 10:46:27 PM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 6/6/2011 10:47:56 PM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 6/6/2011 10:47:56 PM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7031
    Description =

    Error - 6/6/2011 10:47:56 PM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 6/6/2011 10:47:56 PM | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7034
    Description =


    < End of report >
     
  9. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Good :)

    Your Vista would run much better, if you add another 1GB of RAM.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/06/05 21:27:26 | 000,000,160 | ---- | C] () -- C:\ProgramData\~22208272r
      [2011/06/05 21:27:26 | 000,000,136 | ---- | C] () -- C:\ProgramData\~22208272
      [2011/06/05 21:17:40 | 000,000,320 | ---- | C] () -- C:\ProgramData\22208272
      
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  10. moveinmaryland

    moveinmaryland TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\ProgramData\~22208272r moved successfully.
    C:\ProgramData\~22208272 moved successfully.
    C:\ProgramData\22208272 moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Circuit City
    ->Temp folder emptied: 21996607 bytes
    ->Temporary Internet Files folder emptied: 117320624 bytes
    ->Java cache emptied: 84026791 bytes
    ->FireFox cache emptied: 73921145 bytes
    ->Google Chrome cache emptied: 819568 bytes
    ->Flash cache emptied: 2274994 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 34263 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 286.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Circuit City
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.23.0 log created on 06062011_234724

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...



    Results of screen317's Security Check version 0.99.7
    Windows Vista (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 25
    Java(TM) SE Runtime Environment 6
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 10.2.152.32
    Adobe Reader 8.1.4
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````






    C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\acslang.exe probably a variant of Win32/StartPage.HSZAKFT trojan
    C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acslang.exe probably a variant of Win32/StartPage.HSZAKFT trojan
    C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acssetup.exe probably a variant of Win32/StartPage.HSZAKFT trojan
     
  11. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Uninstall:
    Java(TM) SE Runtime Environment 6
    Java(TM) 6 Update 7


    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    ===================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\acslang.exe 
      C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acslang.exe 
      C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acssetup.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current (including Service Pack 2 installation and upgrading Internet Explorer to version 9!!!)

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
     
  12. moveinmaryland

    moveinmaryland TS Rookie Topic Starter

    Everything seems to be working well right now. Here are my latest logs.

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\Common Files\AOL\Backup\ACS\Current\Suite\comps\acslang.exe moved successfully.
    C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acslang.exe moved successfully.
    C:\Program Files\Common Files\AOL\Backup\ACS\Current\US\acssetup.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Circuit City
    ->Temp folder emptied: 38911 bytes
    ->Temporary Internet Files folder emptied: 4956111 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 44140337 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 68526 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 47.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Circuit City
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.23.0 log created on 06072011_233403

    Files\Folders moved on Reboot...
    File\Folder C:\Windows\temp\JETF102.tmp not found!

    Registry entries deleted on Reboot...




    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Circuit City
    ->Temp folder emptied: 32671 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 3963585 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 531 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 4.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Circuit City
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.23.0 log created on 06072011_234410

    Files\Folders moved on Reboot...
    File\Folder C:\Windows\temp\JETBE5E.tmp not found!

    Registry entries deleted on Reboot...
     
  13. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
  14. moveinmaryland

    moveinmaryland TS Rookie Topic Starter

    Thanks for all the help. Donation on the way.
     
  15. Broni

    Broni Malware Annihilator Posts: 47,066   +256

    Thank you :)
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.