Solved System Check virus help needed

whenever I first click 'Start' the area above 'All Programs' doesn't automatically show any programs
Click to expand...
See my topic here: http://www.smartestcomputing.us.com/topic/49859-missing-items-from-main-start-menu-window-fix/

Combofix log looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Hi Broni,

Computer is good/much better. Earlier today when I tried to go to 'techspot' for example, I would get sent to odd sites (like 'carbusiness.com') instead of the site I'm trying to get to. It hasn't happened now. :)

Thanks so much for your help thus far. :grinthumb You're amazing for keeping up with all our posts.

I will do the OTL items and let you know.
 
OTL.Txt log

OTL logfile created on: 03/01/2012 9:36:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sharon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 58.49% Memory free
5.95 Gb Paging File | 4.86 Gb Available in Paging File | 81.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.41 Gb Total Space | 96.43 Gb Free Space | 42.97% Space Free | Partition Type: NTFS
Drive G: | 449.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 477.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHARON-PC | User Name: Sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/03 21:32:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
PRC - [2010/01/25 21:21:00 | 000,906,640 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
PRC - [2009/11/13 10:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/10 22:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/10/17 18:21:46 | 000,203,616 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/10/17 18:19:22 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/10/17 17:16:54 | 000,415,584 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/10/17 02:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/09/29 16:07:40 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\Program Files\Sony\VAIO Care\collsvc.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/09 12:57:52 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2008/09/08 09:59:54 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/09/08 09:59:52 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/09/05 10:54:58 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/09/03 17:36:04 | 000,446,464 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/08/28 20:21:36 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008/05/20 13:48:32 | 000,024,576 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
PRC - [2008/04/03 20:32:48 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 17:40:17 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\09d9d35b68b4fe07c1d2f25e2533f21e\System.IdentityModel.Selectors.ni.dll
MOD - [2011/10/13 17:40:15 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\dbcb4baf3d2ed9e62645bd332fc221f2\System.IdentityModel.ni.dll
MOD - [2011/10/13 17:40:14 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll
MOD - [2011/10/13 17:40:11 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll
MOD - [2011/10/13 17:40:09 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6b2ee1fdc6a182722db04af9c3cd10c3\System.ServiceModel.ni.dll
MOD - [2011/10/13 17:38:36 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/13 17:38:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 17:36:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 17:35:43 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 17:35:32 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 17:34:16 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 17:33:32 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/01/25 21:20:40 | 000,880,640 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\fsk.dll
MOD - [2010/01/25 21:19:22 | 000,007,680 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\connectionDetector.dll
MOD - [2010/01/25 21:17:36 | 000,011,264 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
MOD - [2010/01/25 21:14:42 | 000,010,240 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\FskMobileMediaDevice.dll
MOD - [2010/01/25 21:14:38 | 000,233,472 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\Fskin.dll
MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/09 20:14:32 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookUsb.dll
MOD - [2008/10/29 15:26:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2008/10/29 15:26:38 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2008/10/17 18:19:22 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/10 21:30:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/11/09 20:46:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008/10/21 10:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/10/21 10:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/10/21 10:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/10/17 18:21:46 | 000,203,616 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/10/17 17:16:54 | 000,415,584 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/10/17 02:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/09/29 16:07:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel(R)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/08 09:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/09/08 09:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/09/08 09:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/09/03 17:36:04 | 000,446,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/06/11 23:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/06/11 23:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/05/20 01:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 01:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 01:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/14 15:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111027.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/08/22 23:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111104.030\IDSvix86.sys -- (IDSVix86)
DRV - [2011/08/03 17:50:52 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111106.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/08/03 17:50:52 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111106.009\NAVENG.SYS -- (NAVENG)
DRV - [2011/07/27 17:31:33 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/26 19:47:35 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/30 19:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 16:39:49 | 000,331,384 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 18:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/26 22:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/26 21:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2009/02/13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/10/06 17:47:20 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/02 16:00:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/08/22 15:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/08/21 16:06:22 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/06/27 16:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/09 16:04:47 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/06/06 16:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/24 14:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/24 18:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sonystyle.ca/vaio [binary data]
IE - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/09/28 21:05:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_4_3 [2012/01/03 19:58:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 01:25:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 16:31:39 | 000,000,000 | ---D | M]

[2011/05/10 19:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Extensions
[2012/01/03 20:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\d5g5p1ue.default\extensions
[2011/05/28 00:20:48 | 000,002,469 | ---- | M] () -- C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\d5g5p1ue.default\searchplugins\safesearch.xml
[2012/01/03 19:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/10 01:25:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/21 19:23:51 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/06/21 19:23:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/06/21 19:23:51 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/06/21 19:23:51 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2011/06/21 19:23:51 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/01/03 21:06:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKU\S-1-5-21-3089448421-401795078-1939485088-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D10402C1-9CDE-4582-A6B7-6C0D33B0E7BC}: DhcpNameServer = 192.168.1.254 75.153.176.9
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2012/01/03 21:32:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2012/01/03 21:32:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe.part
[2012/01/03 21:19:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/01/03 21:19:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/03 21:19:06 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\temp
[2012/01/03 20:13:05 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Desktop\bootkit_remover
[2012/01/03 19:55:51 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Sharon\Desktop\FixTDSS.exe
[2012/01/03 19:36:23 | 000,000,000 | ---D | C] -- C:\FRST
[2012/01/03 19:23:31 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sharon\Desktop\tdsskiller.exe
[2012/01/03 18:05:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/03 18:05:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/03 18:05:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/03 18:01:50 | 004,368,434 | R--- | C] (Swearware) -- C:\Users\Sharon\Desktop\ComboFix.exe
[2012/01/03 17:46:50 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\Sharon\Desktop\aswMBR.exe
[2012/01/02 23:07:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sharon\Desktop\dds.scr
[2012/01/02 21:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012/01/02 20:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/02 20:32:37 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/02 20:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/02 20:31:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/02 20:27:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/02 20:04:08 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012/01/02 19:59:53 | 000,000,000 | ---D | C] -- C:\found.000

========== Files - Modified Within 30 Days ==========

[2012/01/03 21:32:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2012/01/03 21:32:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe.part
[2012/01/03 21:06:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/01/03 20:16:16 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Sharon\Desktop\aswMBR.exe
[2012/01/03 20:12:36 | 000,044,607 | ---- | M] () -- C:\Users\Sharon\Desktop\bootkit_remover.zip
[2012/01/03 20:11:52 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 20:11:52 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/03 19:58:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/03 19:58:13 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/03 19:55:52 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Sharon\Desktop\FixTDSS.exe
[2012/01/03 19:35:57 | 000,858,430 | ---- | M] () -- C:\Users\Sharon\Desktop\FRST.exe
[2012/01/03 19:26:03 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sharon\Desktop\tdsskiller.exe
[2012/01/03 18:02:08 | 004,368,434 | R--- | M] (Swearware) -- C:\Users\Sharon\Desktop\ComboFix.exe
[2012/01/02 23:07:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sharon\Desktop\dds.scr
[2012/01/02 22:22:31 | 000,302,592 | ---- | M] () -- C:\Users\Sharon\Desktop\mntdhvp6.exe
[2012/01/02 20:32:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 20:17:50 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/02 20:17:49 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/02 20:12:29 | 000,000,629 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/12/22 20:24:42 | 000,136,704 | ---- | M] () -- C:\Users\Sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 13:28:54 | 000,419,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/01/03 20:10:06 | 000,044,607 | ---- | C] () -- C:\Users\Sharon\Desktop\bootkit_remover.zip
[2012/01/03 19:35:57 | 000,858,430 | ---- | C] () -- C:\Users\Sharon\Desktop\FRST.exe
[2012/01/03 18:05:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/03 18:05:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/03 18:05:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/03 18:05:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/03 18:05:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/02 22:22:29 | 000,302,592 | ---- | C] () -- C:\Users\Sharon\Desktop\mntdhvp6.exe
[2012/01/02 20:32:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/02 20:12:27 | 000,000,629 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
[2011/08/14 17:56:39 | 000,002,554 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2011/05/18 17:02:51 | 000,001,940 | ---- | C] () -- C:\Users\Sharon\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/06/02 22:36:23 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/06/02 22:36:22 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/03/04 15:40:48 | 000,000,680 | ---- | C] () -- C:\Users\Sharon\AppData\Local\d3d9caps.dat
[2009/09/11 00:15:36 | 000,136,704 | ---- | C] () -- C:\Users\Sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/11 00:10:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 00:10:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2008/11/14 23:51:31 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/10/29 15:12:05 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2008/10/29 15:12:05 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2008/10/29 15:12:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2008/10/29 15:12:05 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2008/10/29 15:11:26 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/10/29 15:11:15 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/10/29 15:11:15 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/10/29 15:11:14 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/10/29 15:11:14 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/10/29 15:09:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2008/10/29 14:38:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/01/20 18:24:38 | 000,033,794 | ---- | C] () -- C:\Windows\System32\in2kwun.dll
[2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:47:37 | 000,419,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010/09/29 17:50:26 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Auslogics
[2011/08/14 18:03:07 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\GetRightToGo
[2011/05/23 00:41:15 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\InterVideo
[2010/06/21 21:51:57 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Stereoscopic Player
[2012/01/03 20:52:48 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\uTorrent
[2010/09/26 14:20:51 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Western Digital
[2012/01/03 19:57:31 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/10/29 15:09:57 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/01/03 21:18:52 | 000,011,242 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/01/03 19:58:13 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/14 23:42:29 | 000,000,187 | ---- | M] () -- C:\Installer_Setup.log
[2011/08/14 17:55:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/08/14 17:55:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/03 19:58:11 | 3395,616,768 | -HS- | M] () -- C:\pagefile.sys
[2008/11/14 23:52:11 | 000,386,492 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\Fonts\*.com >
[2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/05/04 18:20:19 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/20 18:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 18:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 19:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 19:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 19:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/01/03 20:16:16 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Sharon\Desktop\aswMBR.exe
[2012/01/03 18:02:08 | 004,368,434 | R--- | M] (Swearware) -- C:\Users\Sharon\Desktop\ComboFix.exe
[2012/01/03 19:55:52 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Sharon\Desktop\FixTDSS.exe
[2012/01/03 19:35:57 | 000,858,430 | ---- | M] () -- C:\Users\Sharon\Desktop\FRST.exe
[2012/01/02 22:22:31 | 000,302,592 | ---- | M] () -- C:\Users\Sharon\Desktop\mntdhvp6.exe
[2012/01/03 21:32:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
[2012/01/03 19:26:03 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sharon\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/09/10 14:27:24 | 000,000,402 | -HS- | M] () -- C:\Users\Sharon\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
Extras.Txt log

OTL Extras logfile created on: 03/01/2012 9:36:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sharon\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 58.49% Memory free
5.95 Gb Paging File | 4.86 Gb Available in Paging File | 81.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.41 Gb Total Space | 96.43 Gb Free Space | 42.97% Space Free | Partition Type: NTFS
Drive G: | 449.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 477.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHARON-PC | User Name: Sharon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3089448421-401795078-1939485088-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F023661-4DE9-4EB7-A38C-0446BB22BC66}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{4674A079-D04E-410B-ACC0-BA011877B706}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{664F94EF-A24B-4240-A815-A61CFB5204F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7A9E61FA-C57D-465A-9680-DA6EA7B8B1B2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C55274F7-36E6-4017-9448-6F1889715499}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
"{F09827DA-6B54-4705-A876-3D240C311885}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04E33974-6387-41DA-A245-F1DFBF2BE71E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{13488C58-A308-48D7-B5C6-8A24F15E5900}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{1C1D7D24-16C2-4086-A76F-87CE62B0B8DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{419BE742-B2A0-4426-8918-C514D1763F05}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{481CDBB9-4A50-423D-AC97-F6E0E0434BB3}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{64B3E398-567A-4A3F-B1F8-2C2F2B78B913}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{87C24DE1-FE01-435D-9EBD-9490ED91C0C1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9120FAAF-1CC2-4CB7-B654-0DD26AEE9B85}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{9FCC7ECD-5285-4CBD-BE79-99170207FBF9}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
"{A22F5B4E-43D4-42BA-A0A5-9A98A65322AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{B65B578C-74E5-43BF-B8B3-D446C739C75A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CAA5EA77-40F3-488A-AED2-1D2FFD3222BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E0312C94-B167-4D56-953E-80B50137BC42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F7FD2F03-9661-4387-9CED-3217B5EC2256}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{FF4B4F03-5247-4F97-8783-B0C71851D656}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{984FE99E-3AD9-4D65-BF56-E360B2999343}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{4CA97E7C-8614-4765-B0F9-8858C324D282}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{088C7311-A3BB-43C5-B046-C114D2F9728C}" = VAIO Media plus
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 25
"{2F839384-6AB0-449B-8772-25E607036357}" = VAIO Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E299E6E-78B6-4D4D-9A44-907240E92CFD}" = Stereoscopic Player
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63AF7EF8-0416-4465-9DAD-2678780F05D5}" = Reader Library by Sony
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6D4673B7-A982-43E5-82E9-13E037681478}" = Click to Disc
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72B5983C-80C7-4225-BA72-E92AE1D59C62}" = VAIO My Memory Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75F52FAC-16CE-4A2A-B89A-9742F39A1864}" = VAIO Movie Story
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F2D688-B8CB-4461-A92D-6B35279DAE8F}" = VAIO Content Folder Watcher
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{A2052C95-48CC-4AC9-A8D4-FCD89DDD8F2C}" = VAIO Content Folder Watcher
"{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D589544A-31B1-4479-B88F-A51B1D47B214}" = VitalSource Bookshelf
"{D5FBA9C1-21D3-4210-A604-CF9E38238F35}" = VAIO Entertainment Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISER" = Microsoft Office Enterprise 2007
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
"N360" = Norton 360
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/01/2012 12:54:55 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/01/2012 12:54:55 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/01/2012 12:54:56 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/01/2012 12:54:56 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/01/2012 1:19:21 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/01/2012 1:19:21 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/01/2012 1:19:21 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/01/2012 1:19:21 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 04/01/2012 1:39:06 AM | Computer Name = Sharon-PC | Source = SPP | ID = 16387
Description =

Error - 04/01/2012 1:39:06 AM | Computer Name = Sharon-PC | Source = System Restore | ID = 8193
Description =

[ Media Center Events ]
Error - 25/07/2011 4:20:00 PM | Computer Name = Sharon-PC | Source = MCUpdate | ID = 0
Description = Error connecting to the internet. (3744.1128)

Error - 25/07/2011 4:20:00 PM | Computer Name = Sharon-PC | Source = MCUpdate | ID = 0
Description = Unable to contact server.. (3744.1129)

[ System Events ]
Error - 04/01/2012 12:53:36 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 04/01/2012 12:53:36 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 04/01/2012 12:53:37 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 04/01/2012 12:54:14 AM | Computer Name = Sharon-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 04/01/2012 12:58:16 AM | Computer Name = Sharon-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 04/01/2012 1:06:40 AM | Computer Name = Sharon-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 04/01/2012 1:38:57 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 04/01/2012 1:38:57 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 04/01/2012 1:38:57 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 04/01/2012 1:39:05 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .


< End of report >
 
OTL log is clean :)

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

==========================================================

Last checks....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.

See you tomorrow :)
 
Hi Broni,

Unfortunately my problems appeared again - I tried to download Java but an error always pops up. "Unable to download"

Also, when I visit a site, I get sent to random sites again. Like hipnoza.com :(

Below is the Security Check log:

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 25
Java(TM) SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player ( 10.2.152.32) Flash Player Out of Date!
Mozilla Firefox (x86 en-GB..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````
 
Hi Broni,

Not sure why, but now I think I have a redirect virus, or maybe that is part of the Systems Check Virus....?

I'm getting redirected to all sorts of odd sites now.

I am not able to install Java and it might be because of that.

Thanks!
 
aswMBR

aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
Run date: 2012-01-04 18:59:55
-----------------------------
18:59:55.814 OS Version: Windows 6.0.6002 Service Pack 2
18:59:55.815 Number of processors: 2 586 0xF0D
18:59:55.817 ComputerName: SHARON-PC UserName: Sharon
18:59:57.259 Initialze error 0 - driver not loaded
18:59:59.747 AVAST engine download error: 0
19:00:12.124 The log file has been saved successfully to "C:\Users\Sharon\Desktop\aswMBR.txt"


Still have this msg :(

Thanks
 
Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Oops sorry, I went off to run the Combofix...

For some reason my Windows Security Alerts kept popping up during the Combofix even though it was exited before I started. Not sure if that is known to happen but it didn't seem to happen before.

Here is the Combofix (before I do the Bootkit Remover)

Thanks Broni...!


ComboFix 12-01-04.03 - Sharon 04/01/2012 19:32:18.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2938.1761 [GMT -8:00]
Running from: c:\users\Sharon\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-05 04:03 . 2012-01-05 04:04 -------- d-----w- c:\users\Sharon\AppData\Local\temp
2012-01-05 04:03 . 2012-01-05 04:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-04 03:36 . 2012-01-04 03:39 -------- dc----w- C:\FRST
2012-01-03 05:03 . 2012-01-03 05:03 -------- d-----w- c:\programdata\WindowsSearch
2012-01-03 04:32 . 2012-01-03 04:32 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-03 04:32 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-03 03:59 . 2012-01-03 03:59 -------- d-----w- C:\found.000
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-10 09:25 . 2011-05-14 05:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-04_02.52.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2012-01-05 02:41 58856 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2012-01-05 02:41 84418 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-08-12 05:37 . 2012-01-04 01:51 12494 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3089448421-401795078-1939485088-1000_UserData.bin
+ 2009-08-12 05:37 . 2012-01-05 02:41 12494 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3089448421-401795078-1939485088-1000_UserData.bin
+ 2008-11-15 07:26 . 2012-01-05 02:42 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-15 07:26 . 2012-01-04 01:51 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-05 02:42 . 2012-01-05 02:42 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-15 07:26 . 2012-01-04 01:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-15 07:26 . 2012-01-05 02:42 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-07 00:25 . 2012-01-04 01:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-07 00:25 . 2012-01-05 02:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-03 04:14 . 2012-01-05 02:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2012-01-03 04:14 . 2012-01-04 01:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-03 04:14 . 2012-01-05 02:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2012-01-03 04:14 . 2012-01-04 01:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2012-01-03 04:14 . 2012-01-05 02:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2012-01-03 04:14 . 2012-01-04 01:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2009-12-07 00:25 . 2012-01-04 01:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-07 00:25 . 2012-01-05 02:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-07 00:25 . 2012-01-05 02:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-07 00:25 . 2012-01-04 01:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 02:24 . 2012-01-04 01:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 02:24 . 2012-01-05 02:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 02:24 . 2012-01-05 02:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 02:24 . 2012-01-04 01:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-04 01:49 . 2012-01-04 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-05 02:39 . 2012-01-05 02:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-05 02:39 . 2012-01-05 02:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-04 01:49 . 2012-01-04 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-03-07 00:47 . 2012-01-04 01:51 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-03-07 00:47 . 2012-01-04 03:09 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2010-11-18 22:51 . 2012-01-04 01:49 408212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-18 22:51 . 2012-01-04 07:10 408212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-04 03:57 . 2012-01-04 06:28 408980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3089448421-401795078-1939485088-1000-12288.dat
- 2010-11-18 22:51 . 2012-01-04 01:49 1386036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3089448421-401795078-1939485088-1000-8192.dat
+ 2010-11-18 22:51 . 2012-01-04 07:10 1386036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3089448421-401795078-1939485088-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 145944]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
"VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"eBook Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-01-26 906640]
"Skytel"="Skytel.exe" [2008-10-17 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
.
c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-10-10 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-10-18 02:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
*Deregistered* - BHDrvx86
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\d5g5p1ue.default\
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-04 20:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-04 20:18:59
ComboFix-quarantined-files.txt 2012-01-05 04:18
ComboFix2.txt 2012-01-04 05:18
ComboFix3.txt 2012-01-04 03:10
.
Pre-Run: 102,592,077,824 bytes free
Post-Run: 102,565,502,976 bytes free
.
- - End Of File - - 2B33618B03909EFCD7A1070F8E0DCC79
 
rootkit

Reply to below :(

232 GB \\.\PHysical Drive0 controlled by rootkit!


Boot code on some of your physical disks is hidden by a rootkit.




Broni said:
Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
Click to expand...
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

  • Double click on downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log (FRST.txt) on your desktop.
  • Please copy and paste it to your reply.
 
Farbar log

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
Ran by Sharon at 2012-01-04 21:15:11
Running from C:\Users\Sharon\Desktop
Service Pack 2 (X86) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

========================== Registry (Whitelisted) =============

HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
HKLM\...\Winlogon: [Userinit] [x]
HKLM\...\Winlogon: [Shell]

================================ Services (Whitelisted) ==================


========================== Drivers (Whitelisted) =============


========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-04 20:22 - 2012-01-04 20:22 - 0044607 ____A C:\Users\Sharon\Desktop\bootkit_remover.zip
2012-01-04 20:19 - 2012-01-04 20:19 - 0011224 ___AC C:\ComboFix.txt
2012-01-04 20:15 - 2012-01-04 20:15 - 0000000 _SHDC C:\$RECYCLE.BIN
2012-01-04 19:25 - 2012-01-04 20:19 - 0000000 ___DC C:\ComboFix
2012-01-03 23:00 - 2012-01-03 23:00 - 2322184 ____A (ESET) C:\Users\Sharon\Downloads\esetsmartinstaller_enu.exe
2012-01-03 22:51 - 2012-01-03 22:51 - 0446464 ____A (OldTimer Tools) C:\Users\Sharon\Desktop\TFC.exe
2012-01-03 22:37 - 2012-01-03 22:37 - 0869194 ____A C:\Users\Sharon\Desktop\SecurityCheck.exe
2012-01-03 22:24 - 2012-01-03 22:25 - 0006266 ___AC C:\JavaRa.log
2012-01-03 21:44 - 2012-01-03 21:44 - 0057320 ____A C:\Users\Sharon\Desktop\Extras.Txt
2012-01-03 21:42 - 2012-01-03 21:42 - 0091976 ____A C:\Users\Sharon\Desktop\OTL.Txt
2012-01-03 21:32 - 2012-01-03 21:32 - 0584192 ____A (OldTimer Tools) C:\Users\Sharon\Desktop\OTL.exe.part
2012-01-03 21:32 - 2012-01-03 21:32 - 0584192 ____A (OldTimer Tools) C:\Users\Sharon\Desktop\OTL.exe
2012-01-03 20:13 - 2012-01-03 20:13 - 0000000 ____D C:\Users\Sharon\Desktop\bootkit_remover
2012-01-03 19:55 - 2012-01-03 19:55 - 1932256 ____A (Symantec Corporation) C:\Users\Sharon\Desktop\FixTDSS.exe
2012-01-03 19:36 - 2012-01-04 21:15 - 0000000 ___DC C:\FRST
2012-01-03 19:35 - 2012-01-04 21:14 - 0858478 ____A C:\Users\Sharon\Desktop\FRST.exe
2012-01-03 19:23 - 2012-01-03 19:26 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Sharon\Desktop\tdsskiller.exe
2012-01-03 18:05 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
2012-01-03 18:05 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
2012-01-03 18:05 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-01-03 18:05 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-01-03 18:05 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-01-03 18:05 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
2012-01-03 18:05 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
2012-01-03 18:05 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
2012-01-03 18:01 - 2012-01-04 19:02 - 4370643 ____R (Swearware) C:\Users\Sharon\Desktop\ComboFix.exe
2012-01-03 17:51 - 2012-01-04 19:00 - 0002097 ____A C:\Users\Sharon\Desktop\aswMBR.txt
2012-01-03 17:46 - 2012-01-04 18:59 - 4704768 ____A (AVAST Software) C:\Users\Sharon\Desktop\aswMBR.exe
2012-01-03 17:44 - 2012-01-03 17:44 - 0000555 ____A C:\Users\Sharon\Documents\aswMBR.txt
2012-01-02 23:07 - 2012-01-02 23:07 - 0607260 ____R (Swearware) C:\Users\Sharon\Desktop\dds.scr
2012-01-02 23:04 - 2012-01-02 23:04 - 0000746 ____A C:\Users\Sharon\Desktop\gmer.log
2012-01-02 22:22 - 2012-01-02 22:22 - 0302592 ____A C:\Users\Sharon\Desktop\mntdhvp6.exe
2012-01-02 21:03 - 2012-01-02 21:03 - 0000000 ____D C:\Users\All Users\WindowsSearch
2012-01-02 21:03 - 2012-01-02 21:03 - 0000000 ____D C:\ProgramData\WindowsSearch
2012-01-02 20:32 - 2012-01-02 20:32 - 0000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-02 20:32 - 2012-01-02 20:32 - 0000000 ___DC C:\Program Files\Malwarebytes' Anti-Malware
2012-01-02 20:32 - 2011-12-10 15:24 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-01-02 20:31 - 2012-01-03 18:55 - 0000000 ____D C:\Windows\ERDNT
2012-01-02 20:27 - 2012-01-04 20:19 - 0000000 ___DC C:\Qoobox
2012-01-02 19:59 - 2012-01-02 19:59 - 0000000 ____D C:\found.000
2011-12-31 15:10 - 2011-12-31 15:10 - 0437399 ____A C:\Users\Sharon\Downloads\Confirmation.pdf
2011-12-13 18:12 - 2011-11-23 05:37 - 2043904 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-12-13 18:12 - 2011-11-08 06:42 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-12-13 18:12 - 2011-11-02 22:22 - 0916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-13 18:12 - 2011-11-02 22:21 - 1212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-13 18:12 - 2011-11-02 22:21 - 0105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-13 18:12 - 2011-11-02 22:20 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-12-13 18:12 - 2011-11-02 22:18 - 5978112 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-13 18:12 - 2011-11-02 22:18 - 0611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-12-13 18:12 - 2011-11-02 22:18 - 0602112 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-12-13 18:12 - 2011-11-02 22:18 - 0066560 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-13 18:12 - 2011-11-02 22:18 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-12-13 18:12 - 2011-11-02 22:17 - 2000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-13 18:12 - 2011-11-02 22:17 - 1469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-13 18:12 - 2011-11-02 22:17 - 11081728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-13 18:12 - 2011-11-02 22:17 - 0387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-12-13 18:12 - 2011-11-02 22:17 - 0184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-12-13 18:12 - 2011-11-02 22:17 - 0164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-13 18:12 - 2011-11-02 22:17 - 0109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-12-13 18:12 - 2011-11-02 22:17 - 0071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-12-13 18:12 - 2011-11-02 22:17 - 0055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-12-13 18:12 - 2011-11-02 22:17 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-12-13 18:12 - 2011-11-02 22:17 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-13 18:12 - 2011-11-02 21:22 - 0385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-12-13 18:12 - 2011-11-02 20:45 - 0174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-12-13 18:12 - 2011-11-02 20:45 - 0133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-12-13 18:12 - 2011-11-02 20:44 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-12-13 18:12 - 2011-11-02 20:43 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-13 18:12 - 2011-10-27 00:01 - 3602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2011-12-13 18:12 - 2011-10-27 00:01 - 3550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-12-13 18:12 - 2011-10-25 07:56 - 0049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-12-13 18:12 - 2011-10-14 08:02 - 0429056 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-12-05 00:08 - 2011-12-05 00:08 - 26819850 ____A C:\Users\Sharon\Downloads\?? (how great is your love) - SNSD LyricsEng. Sub.mp4

============ 3 Months Modified Files and Folders ===============

2012-01-04 21:15 - 2012-01-03 19:36 - 0000000 ___DC C:\FRST
2012-01-04 21:14 - 2012-01-03 19:35 - 0858478 ____A C:\Users\Sharon\Desktop\FRST.exe
2012-01-04 20:39 - 2006-11-02 04:47 - 0003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-04 20:39 - 2006-11-02 04:47 - 0003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-04 20:22 - 2012-01-04 20:22 - 0044607 ____A C:\Users\Sharon\Desktop\bootkit_remover.zip
2012-01-04 20:19 - 2012-01-04 20:19 - 0011224 ___AC C:\ComboFix.txt
2012-01-04 20:19 - 2012-01-04 19:25 - 0000000 ___DC C:\ComboFix
2012-01-04 20:19 - 2012-01-02 20:27 - 0000000 ___DC C:\Qoobox
2012-01-04 20:15 - 2012-01-04 20:15 - 0000000 _SHDC C:\$RECYCLE.BIN
2012-01-04 20:04 - 2006-11-02 02:23 - 0000249 ___AC C:\Windows\system.ini
2012-01-04 19:43 - 2011-03-06 01:54 - 0000000 ____D C:\Users\Sharon\AppData\Local\CrashDumps
2012-01-04 19:26 - 2009-08-11 21:29 - 1684176 ____A C:\Windows\WindowsUpdate.log
2012-01-04 19:14 - 2010-11-05 19:41 - 0000000 ____D C:\Program Files\Norton 360
2012-01-04 19:14 - 2010-11-05 19:41 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-01-04 19:14 - 2010-11-05 19:31 - 0000000 ____D C:\Users\All Users\Norton
2012-01-04 19:14 - 2010-11-05 19:31 - 0000000 ____D C:\ProgramData\Norton
2012-01-04 19:13 - 2010-11-05 19:41 - 0000000 ____D C:\Users\All Users\NortonInstaller
2012-01-04 19:13 - 2010-11-05 19:41 - 0000000 ____D C:\ProgramData\NortonInstaller
2012-01-04 19:02 - 2012-01-03 18:01 - 4370643 ____R (Swearware) C:\Users\Sharon\Desktop\ComboFix.exe
2012-01-04 19:00 - 2012-01-03 17:51 - 0002097 ____A C:\Users\Sharon\Desktop\aswMBR.txt
2012-01-04 18:59 - 2012-01-03 17:46 - 4704768 ____A (AVAST Software) C:\Users\Sharon\Desktop\aswMBR.exe
2012-01-04 18:39 - 2010-10-10 00:31 - 3079716864 __ASH C:\hiberfil.sys
2012-01-04 18:39 - 2006-11-02 05:01 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-03 23:10 - 2006-11-02 05:01 - 0032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-03 23:01 - 2009-08-29 14:22 - 0000000 ____D C:\Users\Sharon\AppData\Roaming\uTorrent
2012-01-03 23:00 - 2012-01-03 23:00 - 2322184 ____A (ESET) C:\Users\Sharon\Downloads\esetsmartinstaller_enu.exe
2012-01-03 22:51 - 2012-01-03 22:51 - 0446464 ____A (OldTimer Tools) C:\Users\Sharon\Desktop\TFC.exe
2012-01-03 22:37 - 2012-01-03 22:37 - 0869194 ____A C:\Users\Sharon\Desktop\SecurityCheck.exe
2012-01-03 22:29 - 2008-01-20 18:47 - 0046648 ____A C:\Windows\PFRO.log
2012-01-03 22:25 - 2012-01-03 22:24 - 0006266 ___AC C:\JavaRa.log
2012-01-03 22:24 - 2008-10-29 15:26 - 0000000 ____D C:\Program Files\Java
2012-01-03 21:44 - 2012-01-03 21:44 - 0057320 ____A C:\Users\Sharon\Desktop\Extras.Txt
2012-01-03 21:42 - 2012-01-03 21:42 - 0091976 ____A C:\Users\Sharon\Desktop\OTL.Txt
2012-01-03 21:32 - 2012-01-03 21:32 - 0584192 ____A (OldTimer Tools) C:\Users\Sharon\Desktop\OTL.exe.part
2012-01-03 21:32 - 2012-01-03 21:32 - 0584192 ____A (OldTimer Tools) C:\Users\Sharon\Desktop\OTL.exe
2012-01-03 21:06 - 2006-11-02 02:23 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2012-01-03 20:13 - 2012-01-03 20:13 - 0000000 ____D C:\Users\Sharon\Desktop\bootkit_remover
2012-01-03 19:55 - 2012-01-03 19:55 - 1932256 ____A (Symantec Corporation) C:\Users\Sharon\Desktop\FixTDSS.exe
2012-01-03 19:26 - 2012-01-03 19:23 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Sharon\Desktop\tdsskiller.exe
2012-01-03 19:10 - 2006-11-02 03:18 - 0000000 ___RD C:\users\Public
2012-01-03 19:10 - 2006-11-02 03:18 - 0000000 ___RD C:\users\Default
2012-01-03 18:55 - 2012-01-02 20:31 - 0000000 ____D C:\Windows\ERDNT
2012-01-03 17:44 - 2012-01-03 17:44 - 0000555 ____A C:\Users\Sharon\Documents\aswMBR.txt
2012-01-02 23:07 - 2012-01-02 23:07 - 0607260 ____R (Swearware) C:\Users\Sharon\Desktop\dds.scr
2012-01-02 23:04 - 2012-01-02 23:04 - 0000746 ____A C:\Users\Sharon\Desktop\gmer.log
2012-01-02 22:22 - 2012-01-02 22:22 - 0302592 ____A C:\Users\Sharon\Desktop\mntdhvp6.exe
2012-01-02 21:03 - 2012-01-02 21:03 - 0000000 ____D C:\Users\All Users\WindowsSearch
2012-01-02 21:03 - 2012-01-02 21:03 - 0000000 ____D C:\ProgramData\WindowsSearch
2012-01-02 20:32 - 2012-01-02 20:32 - 0000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-02 20:32 - 2012-01-02 20:32 - 0000000 ___DC C:\Program Files\Malwarebytes' Anti-Malware
2012-01-02 20:31 - 2009-12-31 16:23 - 0000000 ____D C:\Users\All Users\WinZip
2012-01-02 20:31 - 2009-12-31 16:23 - 0000000 ____D C:\ProgramData\WinZip
2012-01-02 20:17 - 2006-11-02 02:33 - 0703388 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-02 20:12 - 2009-08-11 21:35 - 0000000 ____D C:\Users\Sharon\AppData\Local\VirtualStore
2012-01-02 19:59 - 2012-01-02 19:59 - 0000000 ____D C:\found.000
2012-01-01 23:17 - 2011-03-05 19:54 - 0000000 ____D C:\Users\Sharon\GG pictures
2011-12-31 15:10 - 2011-12-31 15:10 - 0437399 ____A C:\Users\Sharon\Downloads\Confirmation.pdf
2011-12-31 14:40 - 2011-12-31 14:33 - 747152984 ____A C:\Users\Sharon\Downloads\[111230].KBS.Gayo Daejun.111230.HDTV.1080i.The.Boys.tp
2011-12-26 00:17 - 2011-12-26 00:17 - 6159131 ____A C:\Users\Sharon\Downloads\[fancam]110720 kimpo airport SNSD TIFFANY.flv
2011-12-22 20:24 - 2009-09-11 00:15 - 0136704 ____A C:\Users\Sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-14 13:45 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\rescache
2011-12-14 13:28 - 2006-11-02 04:47 - 0419664 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-14 12:25 - 2008-11-14 23:30 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-14 12:25 - 2008-11-14 23:30 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-14 12:22 - 2006-11-02 02:24 - 52988224 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2011-12-11 18:00 - 2011-12-11 18:00 - 9547328 ____A C:\Users\Sharon\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba].zip
2011-12-10 15:24 - 2012-01-02 20:32 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-05 02:10 - 2011-12-05 02:07 - 275352696 ____A C:\Users\Sharon\Downloads\[Kra] Sunny - Tiffany Dont Forget Me.ts
2011-12-05 00:14 - 2011-12-05 00:14 - 33736029 ____A C:\Users\Sharon\Downloads\Dear Mom - SNSD ???? LyricsEng. Sub.mp4
2011-12-05 00:08 - 2011-12-05 00:08 - 26819850 ____A C:\Users\Sharon\Downloads\?? (how great is your love) - SNSD LyricsEng. Sub.mp4
2011-12-03 20:28 - 2011-10-10 20:33 - 0000000 ____D C:\Users\Sharon\Downloads\Rosetta Stone V3 - Chinese (Mandarin)
2011-12-03 20:25 - 2011-09-24 22:45 - 0000000 ____D C:\Users\Sharon\Downloads\Butterfly Hu Die
2011-12-01 19:10 - 2011-12-01 18:53 - 0010860 ____A C:\Users\Sharon\Documents\hmm.xlsx
2011-11-30 13:36 - 2011-11-30 13:36 - 3388326 ____A C:\Users\Sharon\Downloads\logic_games_explanations_for_pt29-38.pdf
2011-11-29 12:57 - 2011-11-29 12:25 - 0000000 ____D C:\Users\Sharon\Downloads\Sunny.2011.720p.HDRip.x264.AC3-ZERO
2011-11-29 11:28 - 2011-11-29 11:28 - 2843930 ____A C:\Users\Sharon\Downloads\lg_explanations_for_preptests_52-61.pdf
2011-11-28 12:56 - 2011-11-28 12:56 - 0296524 ____A C:\Users\Sharon\Desktop\https___os.lsac.org_Release_Share_DisplayPDFs.pdf
2011-11-26 22:01 - 2011-11-15 21:16 - 0056981 ____A C:\Users\Sharon\Desktop\1L questionnaire.pdf
2011-11-23 05:37 - 2011-12-13 18:12 - 2043904 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-14 19:59 - 2011-11-14 19:59 - 3596358 ____A C:\Users\Sharon\Downloads\03 Say yes.mp3
2011-11-10 19:03 - 2006-11-02 03:18 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-10 01:25 - 2010-04-10 12:23 - 0000000 ____D C:\Program Files\Mozilla Firefox
2011-11-08 21:14 - 2006-11-02 04:52 - 0063335 ____A C:\Windows\setupact.log
2011-11-08 17:29 - 2011-11-08 17:29 - 0496648 ____A C:\Users\Sharon\2qjkkk8.gif
2011-11-08 17:29 - 2009-08-11 21:35 - 0000000 ____D C:\users\Sharon
2011-11-08 17:28 - 2011-11-08 17:28 - 0049007 ____A C:\Users\Sharon\tumblr_lhh1rlbZBM1qc9s1uo1_500.jpg
2011-11-08 06:42 - 2011-12-13 18:12 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-06 14:10 - 2011-10-10 21:31 - 0000000 ____D C:\Users\All Users\FLEXnet
2011-11-06 14:10 - 2011-10-10 21:31 - 0000000 ____D C:\ProgramData\FLEXnet
2011-11-02 22:31 - 2011-11-02 22:31 - 11142660 ____A C:\Users\Sharon\Downloads\????? ??_???.mp4
2011-11-02 22:29 - 2011-11-02 22:29 - 12072567 ____A C:\Users\Sharon\Downloads\????? ??_???.mp4
2011-11-02 22:26 - 2011-11-02 22:26 - 11869656 ____A C:\Users\Sharon\Downloads\????? ??_???.mp4
2011-11-02 22:22 - 2011-12-13 18:12 - 0916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-02 22:21 - 2011-12-13 18:12 - 1212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-02 22:21 - 2011-12-13 18:12 - 0105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-02 22:20 - 2011-12-13 18:12 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2011-11-02 22:18 - 2011-12-13 18:12 - 5978112 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-02 22:18 - 2011-12-13 18:12 - 0611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-11-02 22:18 - 2011-12-13 18:12 - 0602112 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-11-02 22:18 - 2011-12-13 18:12 - 0066560 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-02 22:18 - 2011-12-13 18:12 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-11-02 22:17 - 2011-12-13 18:12 - 2000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-02 22:17 - 2011-12-13 18:12 - 1469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-02 22:17 - 2011-12-13 18:12 - 11081728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-02 22:17 - 2011-12-13 18:12 - 0387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-11-02 22:17 - 2011-12-13 18:12 - 0184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-11-02 22:17 - 2011-12-13 18:12 - 0164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-02 22:17 - 2011-12-13 18:12 - 0109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2011-11-02 22:17 - 2011-12-13 18:12 - 0071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2011-11-02 22:17 - 2011-12-13 18:12 - 0055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2011-11-02 22:17 - 2011-12-13 18:12 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-11-02 22:17 - 2011-12-13 18:12 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-02 21:22 - 2011-12-13 18:12 - 0385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-11-02 21:15 - 2011-11-02 21:09 - 547436824 ____A C:\Users\Sharon\Downloads\[2011-10-23] The Boys (SBS Inkigayo).tp
2011-11-02 21:04 - 2011-11-02 21:01 - 69742602 ____A C:\Users\Sharon\Downloads\111021.SJ_Kiss_the_Radio.SNSD.guest.wmv
2011-11-02 21:04 - 2011-11-02 20:57 - 557664400 ____A C:\Users\Sharon\Downloads\[2011-10-22] The Boys (MBC Music Core).tp
2011-11-02 20:55 - 2011-11-02 20:48 - 200095541 ____A C:\Users\Sharon\Downloads\[SoShi Subs] SNSD - The Boys MV (Korean Ver.).mkv
2011-11-02 20:45 - 2011-12-13 18:12 - 0174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2011-11-02 20:45 - 2011-12-13 18:12 - 0133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2011-11-02 20:44 - 2011-12-13 18:12 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-11-02 20:43 - 2011-12-13 18:12 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-02 19:22 - 2011-11-02 19:20 - 205280632 ____A C:\Users\Sharon\Downloads\111102 SNSD @ ShimShimTapa Radio.mp4
2011-11-02 19:13 - 2011-11-02 19:13 - 0032114 ____A C:\Users\Sharon\tumblr_lu14ypKpUH1qj3zhso2_400.jpg
2011-11-02 17:18 - 2011-11-02 17:18 - 5158905 ____A C:\Users\Sharon\c0120174_4eb151bcafff9.gif
2011-10-28 15:52 - 2011-10-28 15:52 - 0137904 ____A C:\Windows\Minidump\Mini102811-01.dmp
2011-10-28 15:52 - 2010-09-24 20:52 - 383436647 ____A C:\Windows\MEMORY.DMP
2011-10-28 15:52 - 2010-09-24 20:52 - 0000000 ____D C:\Windows\Minidump
2011-10-27 00:01 - 2011-12-13 18:12 - 3602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2011-10-27 00:01 - 2011-12-13 18:12 - 3550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-10-25 20:45 - 2011-10-25 20:42 - 2107663704 ____A C:\Users\Sharon\Downloads\[isubs-squad.com]Running.Man.E60.720P.avi
2011-10-25 07:56 - 2011-12-13 18:12 - 0049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-23 12:26 - 2011-10-23 12:25 - 88591473 ____A C:\Users\Sharon\Downloads\SNSD - The Boys (kor ver) MV [eng sub romanization hangul].mp4
2011-10-22 14:13 - 2011-10-22 14:11 - 180720369 ____A C:\Users\Sharon\Downloads\Girls Generation _ The Boys _ Comeback Special Stage 2011.10.21 _ KBS MUSIC BANK.mp4
2011-10-16 23:49 - 2011-10-16 23:49 - 0256970 ____A C:\Users\Sharon\Downloads\WYWH.rar
2011-10-16 23:44 - 2011-10-16 23:44 - 0627507 ____A C:\Users\Sharon\Downloads\RememberingSunday.pdf
2011-10-16 22:46 - 2011-10-16 22:43 - 1697076516 ____A C:\Users\Sharon\Downloads\[isubs-squad.com]Running.Man.E59.720P.avi
2011-10-14 08:02 - 2011-12-13 18:12 - 0429056 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-10-13 18:10 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Microsoft.NET
2011-10-13 17:30 - 2010-11-09 23:45 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2011-10-10 21:48 - 2011-10-10 21:43 - 0000000 ___DC C:\Program Files\MagicDisc
2011-10-10 21:46 - 2011-10-10 21:46 - 1352435 ____A C:\Users\Sharon\Downloads\setup_magicdisc(1).exe
2011-10-10 21:46 - 2011-10-10 21:45 - 0000798 ____A C:\Users\Sharon\Start Menu\Programs\Startup\MagicDisc.lnk
2011-10-10 21:46 - 2011-10-10 21:45 - 0000798 ____A C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
2011-10-10 21:46 - 2011-10-10 21:45 - 0000762 ____A C:\Users\Sharon\Desktop\MagicDisc.lnk
2011-10-10 21:44 - 2011-10-10 21:44 - 1352435 ____A C:\Users\Sharon\Downloads\setup_magicdisc106.exe
2011-10-10 21:43 - 2011-10-10 21:43 - 1352435 ____A C:\Users\Sharon\Downloads\setup_magicdisc.exe
2011-10-10 21:30 - 2011-10-10 21:30 - 0000000 ____D C:\Program Files\Common Files\Macrovision Shared
2011-10-10 21:25 - 2011-10-10 21:25 - 0000000 ____D C:\Users\Sharon\AppData\Local\WinZip
2011-10-10 16:46 - 2011-10-10 16:45 - 72326400 ____A (Ingram Digital ) C:\Users\Sharon\Downloads\setup(1).exe
2011-10-08 23:06 - 2011-10-08 23:03 - 1564736508 ____A C:\Users\Sharon\Downloads\[iSUBS-squad.com]Running.Man.E58.720P.avi

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 42%
Total physical RAM: 2938.31 MB
Available physical RAM: 1686.2 MB
Total Pagefile: 6080.92 MB
Available Pagefile: 4880.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 1958.58 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:224.41 GB) (Free:95.55 GB) NTFS ==>[Drive with boot components]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 233 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 8 GB 1024 KB
Partition 2 Primary 224 GB 8 GB

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 224 GB Healthy System



==========================================================

Last Boot: 2012-01-04 18:47

======================= End Of Log ==========================
 
Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
Hi Broni,

The message is ***Infected MBR detected

Should I click the repair button to repair it?

Also, my computer is showing an error message today that MagicDisc can't open driver(mcdbus).

I want to remove MagicDisc but can't seem to (not today, but in the past).

Also, this might be a question for later, but is there a way to remove IE completely? It used to give me a lot of grief until I switched over to Firefox.

Thanks
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
D
Here's how to turn off Microsoft Edge's pesky new sidebar button
Replies
4
Views
169
ScottSoapbox
S
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back