System Check virus help needed

Solved
By toffee801
Jan 3, 2012
  1. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    See my topic here: http://www.smartestcomputing.us.com/topic/49859-missing-items-from-main-start-menu-window-fix/

    Combofix log looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  2. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    Hi Broni,

    Computer is good/much better. Earlier today when I tried to go to 'techspot' for example, I would get sent to odd sites (like 'carbusiness.com') instead of the site I'm trying to get to. It hasn't happened now. :)

    Thanks so much for your help thus far. :grinthumb You're amazing for keeping up with all our posts.

    I will do the OTL items and let you know.
  3. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Good news :)
  4. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    OTL.Txt log

    OTL logfile created on: 03/01/2012 9:36:43 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sharon\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.87 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 58.49% Memory free
    5.95 Gb Paging File | 4.86 Gb Available in Paging File | 81.70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 224.41 Gb Total Space | 96.43 Gb Free Space | 42.97% Space Free | Partition Type: NTFS
    Drive G: | 449.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive H: | 477.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: SHARON-PC | User Name: Sharon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/01/03 21:32:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
    PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
    PRC - [2010/01/25 21:21:00 | 000,906,640 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    PRC - [2009/11/13 10:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    PRC - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    PRC - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
    PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/04/10 22:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
    PRC - [2008/10/17 18:21:46 | 000,203,616 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2008/10/17 18:19:22 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2008/10/17 17:16:54 | 000,415,584 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    PRC - [2008/10/17 02:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
    PRC - [2008/09/29 16:07:40 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\Program Files\Sony\VAIO Care\collsvc.exe
    PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
    PRC - [2008/09/09 12:57:52 | 000,077,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
    PRC - [2008/09/08 09:59:54 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    PRC - [2008/09/08 09:59:52 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2008/09/05 10:54:58 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    PRC - [2008/09/03 17:36:04 | 000,446,464 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    PRC - [2008/08/28 20:21:36 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
    PRC - [2008/05/20 13:48:32 | 000,024,576 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
    PRC - [2008/04/03 20:32:48 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/13 17:40:17 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\09d9d35b68b4fe07c1d2f25e2533f21e\System.IdentityModel.Selectors.ni.dll
    MOD - [2011/10/13 17:40:15 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\dbcb4baf3d2ed9e62645bd332fc221f2\System.IdentityModel.ni.dll
    MOD - [2011/10/13 17:40:14 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll
    MOD - [2011/10/13 17:40:11 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll
    MOD - [2011/10/13 17:40:09 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6b2ee1fdc6a182722db04af9c3cd10c3\System.ServiceModel.ni.dll
    MOD - [2011/10/13 17:38:36 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
    MOD - [2011/10/13 17:38:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
    MOD - [2011/10/13 17:36:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
    MOD - [2011/10/13 17:35:43 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
    MOD - [2011/10/13 17:35:32 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
    MOD - [2011/10/13 17:34:16 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
    MOD - [2011/10/13 17:33:32 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
    MOD - [2010/03/15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2010/01/25 21:20:40 | 000,880,640 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\fsk.dll
    MOD - [2010/01/25 21:19:22 | 000,007,680 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\connectionDetector.dll
    MOD - [2010/01/25 21:17:36 | 000,011,264 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookDeviceNotifier.dll
    MOD - [2010/01/25 21:14:42 | 000,010,240 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\FskMobileMediaDevice.dll
    MOD - [2010/01/25 21:14:38 | 000,233,472 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\Fskin.dll
    MOD - [2009/12/12 15:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2009/11/09 20:14:32 | 000,086,016 | ---- | M] () -- C:\Program Files\Sony\Reader\Data\bin\launcher\ebookUsb.dll
    MOD - [2008/10/29 15:26:39 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
    MOD - [2008/10/29 15:26:38 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
    MOD - [2008/10/17 18:19:22 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/10/10 21:30:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
    SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/11/13 10:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
    SRV - [2009/11/09 20:46:24 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper Service)
    SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
    SRV - [2008/10/21 10:52:38 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
    SRV - [2008/10/21 10:52:38 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
    SRV - [2008/10/21 10:52:36 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
    SRV - [2008/10/17 18:21:46 | 000,203,616 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2008/10/17 17:16:54 | 000,415,584 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV - [2008/10/17 02:50:42 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
    SRV - [2008/09/29 16:07:40 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel(R)
    SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2008/09/08 09:59:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2008/09/08 09:59:54 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2008/09/08 09:59:52 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2008/09/03 17:36:04 | 000,446,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2008/06/11 23:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV - [2008/06/11 23:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
    SRV - [2008/05/20 01:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2008/05/20 01:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2008/05/20 01:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
    SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
    DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2011/10/14 15:10:08 | 000,818,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111027.001\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/08/22 23:17:32 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111104.030\IDSvix86.sys -- (IDSVix86)
    DRV - [2011/08/03 17:50:52 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111106.009\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/08/03 17:50:52 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111106.009\NAVENG.SYS -- (NAVENG)
    DRV - [2011/07/27 17:31:33 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/05/26 19:47:35 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/03/30 19:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
    DRV - [2011/03/30 19:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/21 16:39:49 | 000,331,384 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2011/03/14 18:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
    DRV - [2011/01/26 22:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
    DRV - [2011/01/26 21:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
    DRV - [2009/02/24 17:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2009/02/13 10:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
    DRV - [2008/10/06 17:47:20 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/10/02 16:00:56 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
    DRV - [2008/08/22 15:22:42 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
    DRV - [2008/08/21 16:06:22 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2008/06/27 16:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2008/06/09 16:04:47 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/06/06 16:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2008/04/24 14:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV - [2008/01/24 18:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sonystyle.ca/vaio [binary data]
    IE - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    IE - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@sony.com/eBookLibrary: C:\Program Files\Sony\Reader\Data\bin\npebldetectmoz.dll (Sony Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/09/28 21:05:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_4_3 [2012/01/03 19:58:43 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/10 01:25:32 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/25 16:31:39 | 000,000,000 | ---D | M]

    [2011/05/10 19:02:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Extensions
    [2012/01/03 20:17:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\d5g5p1ue.default\extensions
    [2011/05/28 00:20:48 | 000,002,469 | ---- | M] () -- C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\d5g5p1ue.default\searchplugins\safesearch.xml
    [2012/01/03 19:12:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/11/10 01:25:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/04/14 04:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/06/21 19:23:51 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2011/06/21 19:23:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/06/21 19:23:51 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2011/06/21 19:23:51 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2011/06/21 19:23:51 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: ([2012/01/03 21:06:22 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\IPS\IPSBHO.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\CoIEPlg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [eBook Library Launcher] C:\Program Files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe (Sony Corporation)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\VAIO Sat Survey.exe ()
    O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
    O4 - HKU\S-1-5-21-3089448421-401795078-1939485088-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4 - Startup: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3089448421-401795078-1939485088-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 75.153.176.9
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D10402C1-9CDE-4582-A6B7-6C0D33B0E7BC}: DhcpNameServer = 192.168.1.254 75.153.176.9
    O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/03 21:32:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
    [2012/01/03 21:32:08 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe.part
    [2012/01/03 21:19:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/01/03 21:19:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/01/03 21:19:06 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Local\temp
    [2012/01/03 20:13:05 | 000,000,000 | ---D | C] -- C:\Users\Sharon\Desktop\bootkit_remover
    [2012/01/03 19:55:51 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Sharon\Desktop\FixTDSS.exe
    [2012/01/03 19:36:23 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/01/03 19:23:31 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Sharon\Desktop\tdsskiller.exe
    [2012/01/03 18:05:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/01/03 18:05:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/01/03 18:05:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/01/03 18:01:50 | 004,368,434 | R--- | C] (Swearware) -- C:\Users\Sharon\Desktop\ComboFix.exe
    [2012/01/03 17:46:50 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\Sharon\Desktop\aswMBR.exe
    [2012/01/02 23:07:01 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Sharon\Desktop\dds.scr
    [2012/01/02 21:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
    [2012/01/02 20:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/02 20:32:37 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/01/02 20:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/01/02 20:31:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/01/02 20:27:24 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/01/02 20:04:08 | 000,000,000 | ---D | C] -- C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
    [2012/01/02 19:59:53 | 000,000,000 | ---D | C] -- C:\found.000

    ========== Files - Modified Within 30 Days ==========

    [2012/01/03 21:32:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
    [2012/01/03 21:32:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe.part
    [2012/01/03 21:06:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/01/03 20:16:16 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Sharon\Desktop\aswMBR.exe
    [2012/01/03 20:12:36 | 000,044,607 | ---- | M] () -- C:\Users\Sharon\Desktop\bootkit_remover.zip
    [2012/01/03 20:11:52 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/01/03 20:11:52 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/01/03 19:58:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/01/03 19:58:13 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
    [2012/01/03 19:55:52 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Sharon\Desktop\FixTDSS.exe
    [2012/01/03 19:35:57 | 000,858,430 | ---- | M] () -- C:\Users\Sharon\Desktop\FRST.exe
    [2012/01/03 19:26:03 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sharon\Desktop\tdsskiller.exe
    [2012/01/03 18:02:08 | 004,368,434 | R--- | M] (Swearware) -- C:\Users\Sharon\Desktop\ComboFix.exe
    [2012/01/02 23:07:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Sharon\Desktop\dds.scr
    [2012/01/02 22:22:31 | 000,302,592 | ---- | M] () -- C:\Users\Sharon\Desktop\mntdhvp6.exe
    [2012/01/02 20:32:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/02 20:17:50 | 000,609,196 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/01/02 20:17:49 | 000,108,672 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/01/02 20:12:29 | 000,000,629 | ---- | M] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/12/22 20:24:42 | 000,136,704 | ---- | M] () -- C:\Users\Sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/12/14 13:28:54 | 000,419,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/01/03 20:10:06 | 000,044,607 | ---- | C] () -- C:\Users\Sharon\Desktop\bootkit_remover.zip
    [2012/01/03 19:35:57 | 000,858,430 | ---- | C] () -- C:\Users\Sharon\Desktop\FRST.exe
    [2012/01/03 18:05:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/01/03 18:05:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/01/03 18:05:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/01/03 18:05:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/01/03 18:05:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/01/02 22:22:29 | 000,302,592 | ---- | C] () -- C:\Users\Sharon\Desktop\mntdhvp6.exe
    [2012/01/02 20:32:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/02 20:12:27 | 000,000,629 | ---- | C] () -- C:\Users\Sharon\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk
    [2011/08/14 17:56:39 | 000,002,554 | ---- | C] () -- C:\Windows\WAVEMIX.INI
    [2011/05/18 17:02:51 | 000,001,940 | ---- | C] () -- C:\Users\Sharon\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2010/06/02 22:36:23 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2010/06/02 22:36:22 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/03/04 15:40:48 | 000,000,680 | ---- | C] () -- C:\Users\Sharon\AppData\Local\d3d9caps.dat
    [2009/09/11 00:15:36 | 000,136,704 | ---- | C] () -- C:\Users\Sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/09/11 00:10:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/11 00:10:35 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2008/11/14 23:51:31 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
    [2008/10/29 15:12:05 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
    [2008/10/29 15:12:05 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
    [2008/10/29 15:12:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
    [2008/10/29 15:12:05 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
    [2008/10/29 15:11:26 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008/10/29 15:11:15 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
    [2008/10/29 15:11:15 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2008/10/29 15:11:14 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2008/10/29 15:11:14 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
    [2008/10/29 15:09:18 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2008/10/29 14:38:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/01/20 18:24:38 | 000,033,794 | ---- | C] () -- C:\Windows\System32\in2kwun.dll
    [2006/11/02 04:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 04:47:37 | 000,419,664 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 02:33:01 | 000,609,196 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 02:33:01 | 000,108,672 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

    ========== LOP Check ==========

    [2010/09/29 17:50:26 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Auslogics
    [2011/08/14 18:03:07 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\GetRightToGo
    [2011/05/23 00:41:15 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\InterVideo
    [2010/06/21 21:51:57 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Stereoscopic Player
    [2012/01/03 20:52:48 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\uTorrent
    [2010/09/26 14:20:51 | 000,000,000 | ---D | M] -- C:\Users\Sharon\AppData\Roaming\Western Digital
    [2012/01/03 19:57:31 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2008/10/29 15:09:57 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012/01/03 21:18:52 | 000,011,242 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2012/01/03 19:58:13 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
    [2008/11/14 23:42:29 | 000,000,187 | ---- | M] () -- C:\Installer_Setup.log
    [2011/08/14 17:55:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/08/14 17:55:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2012/01/03 19:58:11 | 3395,616,768 | -HS- | M] () -- C:\pagefile.sys
    [2008/11/14 23:52:11 | 000,386,492 | ---- | M] () -- C:\vcredist_x86.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 04:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 04:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 04:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/05/04 18:20:19 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/20 18:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 04:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/20 18:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 19:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 19:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 19:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2012/01/03 20:16:16 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Sharon\Desktop\aswMBR.exe
    [2012/01/03 18:02:08 | 004,368,434 | R--- | M] (Swearware) -- C:\Users\Sharon\Desktop\ComboFix.exe
    [2012/01/03 19:55:52 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Sharon\Desktop\FixTDSS.exe
    [2012/01/03 19:35:57 | 000,858,430 | ---- | M] () -- C:\Users\Sharon\Desktop\FRST.exe
    [2012/01/02 22:22:31 | 000,302,592 | ---- | M] () -- C:\Users\Sharon\Desktop\mntdhvp6.exe
    [2012/01/03 21:32:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Sharon\Desktop\OTL.exe
    [2012/01/03 19:26:03 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Sharon\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/09/10 14:27:24 | 000,000,402 | -HS- | M] () -- C:\Users\Sharon\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
  5. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    Extras.Txt log

    OTL Extras logfile created on: 03/01/2012 9:36:43 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Sharon\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19170)
    Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.87 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 58.49% Memory free
    5.95 Gb Paging File | 4.86 Gb Available in Paging File | 81.70% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 224.41 Gb Total Space | 96.43 Gb Free Space | 42.97% Space Free | Partition Type: NTFS
    Drive G: | 449.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    Drive H: | 477.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: SHARON-PC | User Name: Sharon | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-3089448421-401795078-1939485088-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1F023661-4DE9-4EB7-A38C-0446BB22BC66}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{4674A079-D04E-410B-ACC0-BA011877B706}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{664F94EF-A24B-4240-A815-A61CFB5204F0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{7A9E61FA-C57D-465A-9680-DA6EA7B8B1B2}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{C55274F7-36E6-4017-9448-6F1889715499}" = lport=63331 | protocol=6 | dir=in | name=windows live onecare |
    "{F09827DA-6B54-4705-A876-3D240C311885}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{04E33974-6387-41DA-A245-F1DFBF2BE71E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{13488C58-A308-48D7-B5C6-8A24F15E5900}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
    "{1C1D7D24-16C2-4086-A76F-87CE62B0B8DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{419BE742-B2A0-4426-8918-C514D1763F05}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{481CDBB9-4A50-423D-AC97-F6E0E0434BB3}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{64B3E398-567A-4A3F-B1F8-2C2F2B78B913}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{87C24DE1-FE01-435D-9EBD-9490ED91C0C1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{9120FAAF-1CC2-4CB7-B654-0DD26AEE9B85}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{9FCC7ECD-5285-4CBD-BE79-99170207FBF9}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\toolbar\dtuser.exe |
    "{A22F5B4E-43D4-42BA-A0A5-9A98A65322AE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{B65B578C-74E5-43BF-B8B3-D446C739C75A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{CAA5EA77-40F3-488A-AED2-1D2FFD3222BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{E0312C94-B167-4D56-953E-80B50137BC42}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{F7FD2F03-9661-4387-9CED-3217B5EC2256}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{FF4B4F03-5247-4F97-8783-B0C71851D656}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "TCP Query User{984FE99E-3AD9-4D65-BF56-E360B2999343}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "UDP Query User{4CA97E7C-8614-4765-B0F9-8858C324D282}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
    "{088C7311-A3BB-43C5-B046-C114D2F9728C}" = VAIO Media plus
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
    "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
    "{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
    "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
    "{24AE6B5B-3D5A-488C-9224-1BEE11F75DD9}" = TurboTax 2010
    "{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 25
    "{2F839384-6AB0-449B-8772-25E607036357}" = VAIO Help and Support
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
    "{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
    "{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
    "{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{5E299E6E-78B6-4D4D-9A44-907240E92CFD}" = Stereoscopic Player
    "{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{63AF7EF8-0416-4465-9DAD-2678780F05D5}" = Reader Library by Sony
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
    "{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
    "{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{6D4673B7-A982-43E5-82E9-13E037681478}" = Click to Disc
    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{72B5983C-80C7-4225-BA72-E92AE1D59C62}" = VAIO My Memory Center
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{75F52FAC-16CE-4A2A-B89A-9742F39A1864}" = VAIO Movie Story
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
    "{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91F2D688-B8CB-4461-A92D-6B35279DAE8F}" = VAIO Content Folder Watcher
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
    "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
    "{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
    "{A2052C95-48CC-4AC9-A8D4-FCD89DDD8F2C}" = VAIO Content Folder Watcher
    "{A212E6C2-20F7-4A8E-BD8E-DC3EE7483FA2}" = PRS-500 USB driver
    "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
    "{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
    "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
    "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
    "{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
    "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D589544A-31B1-4479-B88F-A51B1D47B214}" = VitalSource Bookshelf
    "{D5FBA9C1-21D3-4210-A604-CF9E38238F35}" = VAIO Entertainment Platform
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
    "{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
    "{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
    "75070B1806113224B16C70296B90DD1AD8A53479" = Windows Driver Package - Sony Corporation (PRSUSB) USB (08/08/2006 1.0.03.08080)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "GOM Player" = GOM Player
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 8.0 (x86 en-GB)" = Mozilla Firefox 8.0 (x86 en-GB)
    "N360" = Norton 360
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "uTorrent" = µTorrent
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Xvid_is1" = Xvid 1.2.2 final uninstall

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 04/01/2012 12:54:55 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 04/01/2012 12:54:55 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 04/01/2012 12:54:56 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 04/01/2012 12:54:56 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 04/01/2012 1:19:21 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 04/01/2012 1:19:21 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 04/01/2012 1:19:21 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 04/01/2012 1:19:21 AM | Computer Name = Sharon-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
    Dependent
    Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 04/01/2012 1:39:06 AM | Computer Name = Sharon-PC | Source = SPP | ID = 16387
    Description =

    Error - 04/01/2012 1:39:06 AM | Computer Name = Sharon-PC | Source = System Restore | ID = 8193
    Description =

    [ Media Center Events ]
    Error - 25/07/2011 4:20:00 PM | Computer Name = Sharon-PC | Source = MCUpdate | ID = 0
    Description = Error connecting to the internet. (3744.1128)

    Error - 25/07/2011 4:20:00 PM | Computer Name = Sharon-PC | Source = MCUpdate | ID = 0
    Description = Unable to contact server.. (3744.1129)

    [ System Events ]
    Error - 04/01/2012 12:53:36 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 04/01/2012 12:53:36 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 04/01/2012 12:53:37 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 04/01/2012 12:54:14 AM | Computer Name = Sharon-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 04/01/2012 12:58:16 AM | Computer Name = Sharon-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 04/01/2012 1:06:40 AM | Computer Name = Sharon-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 04/01/2012 1:38:57 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 04/01/2012 1:38:57 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 04/01/2012 1:38:57 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .

    Error - 04/01/2012 1:39:05 AM | Computer Name = Sharon-PC | Source = Ntfs | ID = 262199
    Description = The file system structure on the disk is corrupt and unusable. Please
    run the chkdsk utility on the volume .


    < End of report >
  6. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    Forgot to add my thanks....
  7. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    OTL log is clean :)

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ==========================================================

    Last checks....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.

    See you tomorrow :)
  8. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    Thank you Broni.

    I will update you on my progress tomorrow! Have a good night.
  9. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    Hi Broni,

    Unfortunately my problems appeared again - I tried to download Java but an error always pops up. "Unable to download"

    Also, when I visit a site, I get sent to random sites again. Like hipnoza.com :(

    Below is the Security Check log:

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 25
    Java(TM) SE Runtime Environment 6
    Out of date Java installed!
    Adobe Flash Player ( 10.2.152.32) Flash Player Out of Date!
    Mozilla Firefox (x86 en-GB..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    ``````````End of Log````````````
  10. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    Hi Broni,

    Not sure why, but now I think I have a redirect virus, or maybe that is part of the Systems Check Virus....?

    I'm getting redirected to all sorts of odd sites now.

    I am not able to install Java and it might be because of that.

    Thanks!
  11. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Post fresh aswMBR and Combofix logs.
     
  12. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    aswMBR

    aswMBR version 0.9.9.1156 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-04 18:59:55
    -----------------------------
    18:59:55.814 OS Version: Windows 6.0.6002 Service Pack 2
    18:59:55.815 Number of processors: 2 586 0xF0D
    18:59:55.817 ComputerName: SHARON-PC UserName: Sharon
    18:59:57.259 Initialze error 0 - driver not loaded
    18:59:59.747 AVAST engine download error: 0
    19:00:12.124 The log file has been saved successfully to "C:\Users\Sharon\Desktop\aswMBR.txt"


    Still have this msg :(

    Thanks
  13. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  14. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    Oops sorry, I went off to run the Combofix...

    For some reason my Windows Security Alerts kept popping up during the Combofix even though it was exited before I started. Not sure if that is known to happen but it didn't seem to happen before.

    Here is the Combofix (before I do the Bootkit Remover)

    Thanks Broni...!


    ComboFix 12-01-04.03 - Sharon 04/01/2012 19:32:18.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.2.1033.18.2938.1761 [GMT -8:00]
    Running from: c:\users\Sharon\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-05 04:03 . 2012-01-05 04:04 -------- d-----w- c:\users\Sharon\AppData\Local\temp
    2012-01-05 04:03 . 2012-01-05 04:03 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-04 03:36 . 2012-01-04 03:39 -------- dc----w- C:\FRST
    2012-01-03 05:03 . 2012-01-03 05:03 -------- d-----w- c:\programdata\WindowsSearch
    2012-01-03 04:32 . 2012-01-03 04:32 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-03 04:32 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-03 03:59 . 2012-01-03 03:59 -------- d-----w- C:\found.000
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-10 09:25 . 2011-05-14 05:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-04_02.52.02 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 01:58 . 2012-01-05 02:41 58856 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 13:05 . 2012-01-05 02:41 84418 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
    - 2009-08-12 05:37 . 2012-01-04 01:51 12494 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3089448421-401795078-1939485088-1000_UserData.bin
    + 2009-08-12 05:37 . 2012-01-05 02:41 12494 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3089448421-401795078-1939485088-1000_UserData.bin
    + 2008-11-15 07:26 . 2012-01-05 02:42 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-11-15 07:26 . 2012-01-04 01:51 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-01-05 02:42 . 2012-01-05 02:42 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-11-15 07:26 . 2012-01-04 01:51 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-11-15 07:26 . 2012-01-05 02:42 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-12-07 00:25 . 2012-01-04 01:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-12-07 00:25 . 2012-01-05 02:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2012-01-03 04:14 . 2012-01-05 02:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2012-01-03 04:14 . 2012-01-04 01:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    + 2012-01-03 04:14 . 2012-01-05 02:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    - 2012-01-03 04:14 . 2012-01-04 01:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2012-01-03 04:14 . 2012-01-05 02:41 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    - 2012-01-03 04:14 . 2012-01-04 01:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    - 2009-12-07 00:25 . 2012-01-04 01:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-12-07 00:25 . 2012-01-05 02:41 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-12-07 00:25 . 2012-01-05 02:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-12-07 00:25 . 2012-01-04 01:50 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-11-26 02:24 . 2012-01-04 01:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-11-26 02:24 . 2012-01-05 02:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-11-26 02:24 . 2012-01-05 02:39 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-11-26 02:24 . 2012-01-04 01:50 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2012-01-04 01:49 . 2012-01-04 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-01-05 02:39 . 2012-01-05 02:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-01-05 02:39 . 2012-01-05 02:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-01-04 01:49 . 2012-01-04 01:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2010-03-07 00:47 . 2012-01-04 01:51 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2010-03-07 00:47 . 2012-01-04 03:09 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2010-11-18 22:51 . 2012-01-04 01:49 408212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2010-11-18 22:51 . 2012-01-04 07:10 408212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2012-01-04 03:57 . 2012-01-04 06:28 408980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3089448421-401795078-1939485088-1000-12288.dat
    - 2010-11-18 22:51 . 2012-01-04 01:49 1386036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3089448421-401795078-1939485088-1000-8192.dat
    + 2010-11-18 22:51 . 2012-01-04 07:10 1386036 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3089448421-401795078-1939485088-1000-8192.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 6295552]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 145944]
    "VAIOSurvey"="c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe" [2008-07-25 385024]
    "VWLASU"="c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe" [2008-05-20 24576]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "eBook Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-01-26 906640]
    "Skytel"="Skytel.exe" [2008-10-17 1826816]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
    .
    c:\users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-10-10 576000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
    WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2008-10-18 02:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - aswMBR
    *Deregistered* - BHDrvx86
    *Deregistered* - NAVENG
    *Deregistered* - NAVEX15
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ca/
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYR&bmod=SNYR
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.254 75.153.176.9
    FF - ProfilePath - c:\users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\d5g5p1ue.default\
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-04 20:04
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
    "ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-01-04 20:18:59
    ComboFix-quarantined-files.txt 2012-01-05 04:18
    ComboFix2.txt 2012-01-04 05:18
    ComboFix3.txt 2012-01-04 03:10
    .
    Pre-Run: 102,592,077,824 bytes free
    Post-Run: 102,565,502,976 bytes free
    .
    - - End Of File - - 2B33618B03909EFCD7A1070F8E0DCC79
  15. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    rootkit

    Reply to below :(

    232 GB \\.\PHysical Drive0 controlled by rootkit!


    Boot code on some of your physical disks is hidden by a rootkit.




  16. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.
    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your desktop.

    • Double click on downloaded file to run it.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will produce a log (FRST.txt) on your desktop.
    • Please copy and paste it to your reply.
  17. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    Farbar log

    Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2
    Ran by Sharon at 2012-01-04 21:15:11
    Running from C:\Users\Sharon\Desktop
    Service Pack 2 (X86) OS Language: English(US)
    Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

    ========================== Registry (Whitelisted) =============

    HKU\Default\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
    HKU\Default User\...\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter [x]
    HKLM\...\Winlogon: [Userinit] [x]
    HKLM\...\Winlogon: [Shell]

    ================================ Services (Whitelisted) ==================


    ========================== Drivers (Whitelisted) =============


    ========================== NetSvcs (Whitelisted) ===========

    ============ One Month Created Files and Folders ==============

    2012-01-04 20:22 - 2012-01-04 20:22 - 0044607 ____A C:\Users\Sharon\Desktop\bootkit_remover.zip
    2012-01-04 20:19 - 2012-01-04 20:19 - 0011224 ___AC C:\ComboFix.txt
    2012-01-04 20:15 - 2012-01-04 20:15 - 0000000 _SHDC C:\$RECYCLE.BIN
    2012-01-04 19:25 - 2012-01-04 20:19 - 0000000 ___DC C:\ComboFix
    2012-01-03 23:00 - 2012-01-03 23:00 - 2322184 ____A (ESET) C:\Users\Sharon\Downloads\esetsmartinstaller_enu.exe
    2012-01-03 22:51 - 2012-01-03 22:51 - 0446464 ____A (OldTimer Tools) C:\Users\Sharon\Desktop\TFC.exe
    2012-01-03 22:37 - 2012-01-03 22:37 - 0869194 ____A C:\Users\Sharon\Desktop\SecurityCheck.exe
    2012-01-03 22:24 - 2012-01-03 22:25 - 0006266 ___AC C:\JavaRa.log
    2012-01-03 21:44 - 2012-01-03 21:44 - 0057320 ____A C:\Users\Sharon\Desktop\Extras.Txt
    2012-01-03 21:42 - 2012-01-03 21:42 - 0091976 ____A C:\Users\Sharon\Desktop\OTL.Txt
    2012-01-03 21:32 - 2012-01-03 21:32 - 0584192 ____A (OldTimer Tools) C:\Users\Sharon\Desktop\OTL.exe.part
    2012-01-03 21:32 - 2012-01-03 21:32 - 0584192 ____A (OldTimer Tools) C:\Users\Sharon\Desktop\OTL.exe
    2012-01-03 20:13 - 2012-01-03 20:13 - 0000000 ____D C:\Users\Sharon\Desktop\bootkit_remover
    2012-01-03 19:55 - 2012-01-03 19:55 - 1932256 ____A (Symantec Corporation) C:\Users\Sharon\Desktop\FixTDSS.exe
    2012-01-03 19:36 - 2012-01-04 21:15 - 0000000 ___DC C:\FRST
    2012-01-03 19:35 - 2012-01-04 21:14 - 0858478 ____A C:\Users\Sharon\Desktop\FRST.exe
    2012-01-03 19:23 - 2012-01-03 19:26 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Sharon\Desktop\tdsskiller.exe
    2012-01-03 18:05 - 2011-06-25 22:45 - 0256000 ____A C:\Windows\PEV.exe
    2012-01-03 18:05 - 2010-11-07 09:20 - 0208896 ____A C:\Windows\MBR.exe
    2012-01-03 18:05 - 2009-04-19 20:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
    2012-01-03 18:05 - 2000-08-30 16:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
    2012-01-03 18:05 - 2000-08-30 16:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
    2012-01-03 18:05 - 2000-08-30 16:00 - 0098816 ____A C:\Windows\sed.exe
    2012-01-03 18:05 - 2000-08-30 16:00 - 0080412 ____A C:\Windows\grep.exe
    2012-01-03 18:05 - 2000-08-30 16:00 - 0068096 ____A C:\Windows\zip.exe
    2012-01-03 18:01 - 2012-01-04 19:02 - 4370643 ____R (Swearware) C:\Users\Sharon\Desktop\ComboFix.exe
    2012-01-03 17:51 - 2012-01-04 19:00 - 0002097 ____A C:\Users\Sharon\Desktop\aswMBR.txt
    2012-01-03 17:46 - 2012-01-04 18:59 - 4704768 ____A (AVAST Software) C:\Users\Sharon\Desktop\aswMBR.exe
    2012-01-03 17:44 - 2012-01-03 17:44 - 0000555 ____A C:\Users\Sharon\Documents\aswMBR.txt
    2012-01-02 23:07 - 2012-01-02 23:07 - 0607260 ____R (Swearware) C:\Users\Sharon\Desktop\dds.scr
    2012-01-02 23:04 - 2012-01-02 23:04 - 0000746 ____A C:\Users\Sharon\Desktop\gmer.log
    2012-01-02 22:22 - 2012-01-02 22:22 - 0302592 ____A C:\Users\Sharon\Desktop\mntdhvp6.exe
    2012-01-02 21:03 - 2012-01-02 21:03 - 0000000 ____D C:\Users\All Users\WindowsSearch
    2012-01-02 21:03 - 2012-01-02 21:03 - 0000000 ____D C:\ProgramData\WindowsSearch
    2012-01-02 20:32 - 2012-01-02 20:32 - 0000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-01-02 20:32 - 2012-01-02 20:32 - 0000000 ___DC C:\Program Files\Malwarebytes' Anti-Malware
    2012-01-02 20:32 - 2011-12-10 15:24 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-01-02 20:31 - 2012-01-03 18:55 - 0000000 ____D C:\Windows\ERDNT
    2012-01-02 20:27 - 2012-01-04 20:19 - 0000000 ___DC C:\Qoobox
    2012-01-02 19:59 - 2012-01-02 19:59 - 0000000 ____D C:\found.000
    2011-12-31 15:10 - 2011-12-31 15:10 - 0437399 ____A C:\Users\Sharon\Downloads\Confirmation.pdf
    2011-12-13 18:12 - 2011-11-23 05:37 - 2043904 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-12-13 18:12 - 2011-11-08 06:42 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-12-13 18:12 - 2011-11-02 22:22 - 0916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-12-13 18:12 - 2011-11-02 22:21 - 1212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-12-13 18:12 - 2011-11-02 22:21 - 0105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-12-13 18:12 - 2011-11-02 22:20 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2011-12-13 18:12 - 2011-11-02 22:18 - 5978112 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-12-13 18:12 - 2011-11-02 22:18 - 0611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
    2011-12-13 18:12 - 2011-11-02 22:18 - 0602112 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2011-12-13 18:12 - 2011-11-02 22:18 - 0066560 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-12-13 18:12 - 2011-11-02 22:18 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2011-12-13 18:12 - 2011-11-02 22:17 - 2000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-12-13 18:12 - 2011-11-02 22:17 - 1469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2011-12-13 18:12 - 2011-11-02 22:17 - 11081728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-12-13 18:12 - 2011-11-02 22:17 - 0387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2011-12-13 18:12 - 2011-11-02 22:17 - 0184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2011-12-13 18:12 - 2011-11-02 22:17 - 0164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-12-13 18:12 - 2011-11-02 22:17 - 0109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2011-12-13 18:12 - 2011-11-02 22:17 - 0071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2011-12-13 18:12 - 2011-11-02 22:17 - 0055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2011-12-13 18:12 - 2011-11-02 22:17 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2011-12-13 18:12 - 2011-11-02 22:17 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-12-13 18:12 - 2011-11-02 21:22 - 0385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2011-12-13 18:12 - 2011-11-02 20:45 - 0174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2011-12-13 18:12 - 2011-11-02 20:45 - 0133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2011-12-13 18:12 - 2011-11-02 20:44 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2011-12-13 18:12 - 2011-11-02 20:43 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-12-13 18:12 - 2011-10-27 00:01 - 3602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2011-12-13 18:12 - 2011-10-27 00:01 - 3550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2011-12-13 18:12 - 2011-10-25 07:56 - 0049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-12-13 18:12 - 2011-10-14 08:02 - 0429056 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-12-05 00:08 - 2011-12-05 00:08 - 26819850 ____A C:\Users\Sharon\Downloads\?? (how great is your love) - SNSD LyricsEng. Sub.mp4

    ============ 3 Months Modified Files and Folders ===============

    2012-01-04 21:15 - 2012-01-03 19:36 - 0000000 ___DC C:\FRST
    2012-01-04 21:14 - 2012-01-03 19:35 - 0858478 ____A C:\Users\Sharon\Desktop\FRST.exe
    2012-01-04 20:39 - 2006-11-02 04:47 - 0003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2012-01-04 20:39 - 2006-11-02 04:47 - 0003616 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2012-01-04 20:22 - 2012-01-04 20:22 - 0044607 ____A C:\Users\Sharon\Desktop\bootkit_remover.zip
    2012-01-04 20:19 - 2012-01-04 20:19 - 0011224 ___AC C:\ComboFix.txt
    2012-01-04 20:19 - 2012-01-04 19:25 - 0000000 ___DC C:\ComboFix
    2012-01-04 20:19 - 2012-01-02 20:27 - 0000000 ___DC C:\Qoobox
    2012-01-04 20:15 - 2012-01-04 20:15 - 0000000 _SHDC C:\$RECYCLE.BIN
    2012-01-04 20:04 - 2006-11-02 02:23 - 0000249 ___AC C:\Windows\system.ini
    2012-01-04 19:43 - 2011-03-06 01:54 - 0000000 ____D C:\Users\Sharon\AppData\Local\CrashDumps
    2012-01-04 19:26 - 2009-08-11 21:29 - 1684176 ____A C:\Windows\WindowsUpdate.log
    2012-01-04 19:14 - 2010-11-05 19:41 - 0000000 ____D C:\Program Files\Norton 360
    2012-01-04 19:14 - 2010-11-05 19:41 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
    2012-01-04 19:14 - 2010-11-05 19:31 - 0000000 ____D C:\Users\All Users\Norton
    2012-01-04 19:14 - 2010-11-05 19:31 - 0000000 ____D C:\ProgramData\Norton
    2012-01-04 19:13 - 2010-11-05 19:41 - 0000000 ____D C:\Users\All Users\NortonInstaller
    2012-01-04 19:13 - 2010-11-05 19:41 - 0000000 ____D C:\ProgramData\NortonInstaller
    2012-01-04 19:02 - 2012-01-03 18:01 - 4370643 ____R (Swearware) C:\Users\Sharon\Desktop\ComboFix.exe
    2012-01-04 19:00 - 2012-01-03 17:51 - 0002097 ____A C:\Users\Sharon\Desktop\aswMBR.txt
    2012-01-04 18:59 - 2012-01-03 17:46 - 4704768 ____A (AVAST Software) C:\Users\Sharon\Desktop\aswMBR.exe
    2012-01-04 18:39 - 2010-10-10 00:31 - 3079716864 __ASH C:\hiberfil.sys
    2012-01-04 18:39 - 2006-11-02 05:01 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-01-03 23:10 - 2006-11-02 05:01 - 0032564 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-01-03 23:01 - 2009-08-29 14:22 - 0000000 ____D C:\Users\Sharon\AppData\Roaming\uTorrent
    2012-01-03 23:00 - 2012-01-03 23:00 - 2322184 ____A (ESET) C:\Users\Sharon\Downloads\esetsmartinstaller_enu.exe
    2012-01-03 22:51 - 2012-01-03 22:51 - 0446464 ____A (OldTimer Tools) C:\Users\Sharon\Desktop\TFC.exe
    2012-01-03 22:37 - 2012-01-03 22:37 - 0869194 ____A C:\Users\Sharon\Desktop\SecurityCheck.exe
    2012-01-03 22:29 - 2008-01-20 18:47 - 0046648 ____A C:\Windows\PFRO.log
    2012-01-03 22:25 - 2012-01-03 22:24 - 0006266 ___AC C:\JavaRa.log
    2012-01-03 22:24 - 2008-10-29 15:26 - 0000000 ____D C:\Program Files\Java
    2012-01-03 21:44 - 2012-01-03 21:44 - 0057320 ____A C:\Users\Sharon\Desktop\Extras.Txt
    2012-01-03 21:42 - 2012-01-03 21:42 - 0091976 ____A C:\Users\Sharon\Desktop\OTL.Txt
    2012-01-03 21:32 - 2012-01-03 21:32 - 0584192 ____A (OldTimer Tools) C:\Users\Sharon\Desktop\OTL.exe.part
    2012-01-03 21:32 - 2012-01-03 21:32 - 0584192 ____A (OldTimer Tools) C:\Users\Sharon\Desktop\OTL.exe
    2012-01-03 21:06 - 2006-11-02 02:23 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
    2012-01-03 20:13 - 2012-01-03 20:13 - 0000000 ____D C:\Users\Sharon\Desktop\bootkit_remover
    2012-01-03 19:55 - 2012-01-03 19:55 - 1932256 ____A (Symantec Corporation) C:\Users\Sharon\Desktop\FixTDSS.exe
    2012-01-03 19:26 - 2012-01-03 19:23 - 1578288 ____A (Kaspersky Lab ZAO) C:\Users\Sharon\Desktop\tdsskiller.exe
    2012-01-03 19:10 - 2006-11-02 03:18 - 0000000 ___RD C:\users\Public
    2012-01-03 19:10 - 2006-11-02 03:18 - 0000000 ___RD C:\users\Default
    2012-01-03 18:55 - 2012-01-02 20:31 - 0000000 ____D C:\Windows\ERDNT
    2012-01-03 17:44 - 2012-01-03 17:44 - 0000555 ____A C:\Users\Sharon\Documents\aswMBR.txt
    2012-01-02 23:07 - 2012-01-02 23:07 - 0607260 ____R (Swearware) C:\Users\Sharon\Desktop\dds.scr
    2012-01-02 23:04 - 2012-01-02 23:04 - 0000746 ____A C:\Users\Sharon\Desktop\gmer.log
    2012-01-02 22:22 - 2012-01-02 22:22 - 0302592 ____A C:\Users\Sharon\Desktop\mntdhvp6.exe
    2012-01-02 21:03 - 2012-01-02 21:03 - 0000000 ____D C:\Users\All Users\WindowsSearch
    2012-01-02 21:03 - 2012-01-02 21:03 - 0000000 ____D C:\ProgramData\WindowsSearch
    2012-01-02 20:32 - 2012-01-02 20:32 - 0000906 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-01-02 20:32 - 2012-01-02 20:32 - 0000000 ___DC C:\Program Files\Malwarebytes' Anti-Malware
    2012-01-02 20:31 - 2009-12-31 16:23 - 0000000 ____D C:\Users\All Users\WinZip
    2012-01-02 20:31 - 2009-12-31 16:23 - 0000000 ____D C:\ProgramData\WinZip
    2012-01-02 20:17 - 2006-11-02 02:33 - 0703388 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-01-02 20:12 - 2009-08-11 21:35 - 0000000 ____D C:\Users\Sharon\AppData\Local\VirtualStore
    2012-01-02 19:59 - 2012-01-02 19:59 - 0000000 ____D C:\found.000
    2012-01-01 23:17 - 2011-03-05 19:54 - 0000000 ____D C:\Users\Sharon\GG pictures
    2011-12-31 15:10 - 2011-12-31 15:10 - 0437399 ____A C:\Users\Sharon\Downloads\Confirmation.pdf
    2011-12-31 14:40 - 2011-12-31 14:33 - 747152984 ____A C:\Users\Sharon\Downloads\[111230].KBS.Gayo Daejun.111230.HDTV.1080i.The.Boys.tp
    2011-12-26 00:17 - 2011-12-26 00:17 - 6159131 ____A C:\Users\Sharon\Downloads\[fancam]110720 kimpo airport SNSD TIFFANY.flv
    2011-12-22 20:24 - 2009-09-11 00:15 - 0136704 ____A C:\Users\Sharon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2011-12-14 13:45 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\rescache
    2011-12-14 13:28 - 2006-11-02 04:47 - 0419664 ____A C:\Windows\System32\FNTCACHE.DAT
    2011-12-14 12:25 - 2008-11-14 23:30 - 0000000 ____D C:\Users\All Users\Microsoft Help
    2011-12-14 12:25 - 2008-11-14 23:30 - 0000000 ____D C:\ProgramData\Microsoft Help
    2011-12-14 12:22 - 2006-11-02 02:24 - 52988224 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
    2011-12-11 18:00 - 2011-12-11 18:00 - 9547328 ____A C:\Users\Sharon\Downloads\Shoujo_Sect_-_Volume_01_Chapter_01_[otenba].zip
    2011-12-10 15:24 - 2012-01-02 20:32 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2011-12-05 02:10 - 2011-12-05 02:07 - 275352696 ____A C:\Users\Sharon\Downloads\[Kra] Sunny - Tiffany Dont Forget Me.ts
    2011-12-05 00:14 - 2011-12-05 00:14 - 33736029 ____A C:\Users\Sharon\Downloads\Dear Mom - SNSD ???? LyricsEng. Sub.mp4
    2011-12-05 00:08 - 2011-12-05 00:08 - 26819850 ____A C:\Users\Sharon\Downloads\?? (how great is your love) - SNSD LyricsEng. Sub.mp4
    2011-12-03 20:28 - 2011-10-10 20:33 - 0000000 ____D C:\Users\Sharon\Downloads\Rosetta Stone V3 - Chinese (Mandarin)
    2011-12-03 20:25 - 2011-09-24 22:45 - 0000000 ____D C:\Users\Sharon\Downloads\Butterfly Hu Die
    2011-12-01 19:10 - 2011-12-01 18:53 - 0010860 ____A C:\Users\Sharon\Documents\hmm.xlsx
    2011-11-30 13:36 - 2011-11-30 13:36 - 3388326 ____A C:\Users\Sharon\Downloads\logic_games_explanations_for_pt29-38.pdf
    2011-11-29 12:57 - 2011-11-29 12:25 - 0000000 ____D C:\Users\Sharon\Downloads\Sunny.2011.720p.HDRip.x264.AC3-ZERO
    2011-11-29 11:28 - 2011-11-29 11:28 - 2843930 ____A C:\Users\Sharon\Downloads\lg_explanations_for_preptests_52-61.pdf
    2011-11-28 12:56 - 2011-11-28 12:56 - 0296524 ____A C:\Users\Sharon\Desktop\https___os.lsac.org_Release_Share_DisplayPDFs.pdf
    2011-11-26 22:01 - 2011-11-15 21:16 - 0056981 ____A C:\Users\Sharon\Desktop\1L questionnaire.pdf
    2011-11-23 05:37 - 2011-12-13 18:12 - 2043904 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2011-11-14 19:59 - 2011-11-14 19:59 - 3596358 ____A C:\Users\Sharon\Downloads\03 Say yes.mp3
    2011-11-10 19:03 - 2006-11-02 03:18 - 0000000 ____D C:\Program Files\Common Files\System
    2011-11-10 01:25 - 2010-04-10 12:23 - 0000000 ____D C:\Program Files\Mozilla Firefox
    2011-11-08 21:14 - 2006-11-02 04:52 - 0063335 ____A C:\Windows\setupact.log
    2011-11-08 17:29 - 2011-11-08 17:29 - 0496648 ____A C:\Users\Sharon\2qjkkk8.gif
    2011-11-08 17:29 - 2009-08-11 21:35 - 0000000 ____D C:\users\Sharon
    2011-11-08 17:28 - 2011-11-08 17:28 - 0049007 ____A C:\Users\Sharon\tumblr_lhh1rlbZBM1qc9s1uo1_500.jpg
    2011-11-08 06:42 - 2011-12-13 18:12 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2011-11-06 14:10 - 2011-10-10 21:31 - 0000000 ____D C:\Users\All Users\FLEXnet
    2011-11-06 14:10 - 2011-10-10 21:31 - 0000000 ____D C:\ProgramData\FLEXnet
    2011-11-02 22:31 - 2011-11-02 22:31 - 11142660 ____A C:\Users\Sharon\Downloads\????? ??_???.mp4
    2011-11-02 22:29 - 2011-11-02 22:29 - 12072567 ____A C:\Users\Sharon\Downloads\????? ??_???.mp4
    2011-11-02 22:26 - 2011-11-02 22:26 - 11869656 ____A C:\Users\Sharon\Downloads\????? ??_???.mp4
    2011-11-02 22:22 - 2011-12-13 18:12 - 0916992 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2011-11-02 22:21 - 2011-12-13 18:12 - 1212416 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2011-11-02 22:21 - 2011-12-13 18:12 - 0105984 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2011-11-02 22:20 - 2011-12-13 18:12 - 0206848 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
    2011-11-02 22:18 - 2011-12-13 18:12 - 5978112 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2011-11-02 22:18 - 2011-12-13 18:12 - 0611840 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
    2011-11-02 22:18 - 2011-12-13 18:12 - 0602112 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2011-11-02 22:18 - 2011-12-13 18:12 - 0066560 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2011-11-02 22:18 - 2011-12-13 18:12 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
    2011-11-02 22:17 - 2011-12-13 18:12 - 2000384 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2011-11-02 22:17 - 2011-12-13 18:12 - 1469440 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2011-11-02 22:17 - 2011-12-13 18:12 - 11081728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2011-11-02 22:17 - 2011-12-13 18:12 - 0387584 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
    2011-11-02 22:17 - 2011-12-13 18:12 - 0184320 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
    2011-11-02 22:17 - 2011-12-13 18:12 - 0164352 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2011-11-02 22:17 - 2011-12-13 18:12 - 0109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2011-11-02 22:17 - 2011-12-13 18:12 - 0071680 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2011-11-02 22:17 - 2011-12-13 18:12 - 0055808 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2011-11-02 22:17 - 2011-12-13 18:12 - 0043520 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
    2011-11-02 22:17 - 2011-12-13 18:12 - 0025600 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2011-11-02 21:22 - 2011-12-13 18:12 - 0385024 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
    2011-11-02 21:15 - 2011-11-02 21:09 - 547436824 ____A C:\Users\Sharon\Downloads\[2011-10-23] The Boys (SBS Inkigayo).tp
    2011-11-02 21:04 - 2011-11-02 21:01 - 69742602 ____A C:\Users\Sharon\Downloads\111021.SJ_Kiss_the_Radio.SNSD.guest.wmv
    2011-11-02 21:04 - 2011-11-02 20:57 - 557664400 ____A C:\Users\Sharon\Downloads\[2011-10-22] The Boys (MBC Music Core).tp
    2011-11-02 20:55 - 2011-11-02 20:48 - 200095541 ____A C:\Users\Sharon\Downloads\[SoShi Subs] SNSD - The Boys MV (Korean Ver.).mkv
    2011-11-02 20:45 - 2011-12-13 18:12 - 0174080 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2011-11-02 20:45 - 2011-12-13 18:12 - 0133632 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2011-11-02 20:44 - 2011-12-13 18:12 - 0013312 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
    2011-11-02 20:43 - 2011-12-13 18:12 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2011-11-02 19:22 - 2011-11-02 19:20 - 205280632 ____A C:\Users\Sharon\Downloads\111102 SNSD @ ShimShimTapa Radio.mp4
    2011-11-02 19:13 - 2011-11-02 19:13 - 0032114 ____A C:\Users\Sharon\tumblr_lu14ypKpUH1qj3zhso2_400.jpg
    2011-11-02 17:18 - 2011-11-02 17:18 - 5158905 ____A C:\Users\Sharon\c0120174_4eb151bcafff9.gif
    2011-10-28 15:52 - 2011-10-28 15:52 - 0137904 ____A C:\Windows\Minidump\Mini102811-01.dmp
    2011-10-28 15:52 - 2010-09-24 20:52 - 383436647 ____A C:\Windows\MEMORY.DMP
    2011-10-28 15:52 - 2010-09-24 20:52 - 0000000 ____D C:\Windows\Minidump
    2011-10-27 00:01 - 2011-12-13 18:12 - 3602816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
    2011-10-27 00:01 - 2011-12-13 18:12 - 3550080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2011-10-25 20:45 - 2011-10-25 20:42 - 2107663704 ____A C:\Users\Sharon\Downloads\[isubs-squad.com]Running.Man.E60.720P.avi
    2011-10-25 07:56 - 2011-12-13 18:12 - 0049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
    2011-10-23 12:26 - 2011-10-23 12:25 - 88591473 ____A C:\Users\Sharon\Downloads\SNSD - The Boys (kor ver) MV [eng sub romanization hangul].mp4
    2011-10-22 14:13 - 2011-10-22 14:11 - 180720369 ____A C:\Users\Sharon\Downloads\Girls Generation _ The Boys _ Comeback Special Stage 2011.10.21 _ KBS MUSIC BANK.mp4
    2011-10-16 23:49 - 2011-10-16 23:49 - 0256970 ____A C:\Users\Sharon\Downloads\WYWH.rar
    2011-10-16 23:44 - 2011-10-16 23:44 - 0627507 ____A C:\Users\Sharon\Downloads\RememberingSunday.pdf
    2011-10-16 22:46 - 2011-10-16 22:43 - 1697076516 ____A C:\Users\Sharon\Downloads\[isubs-squad.com]Running.Man.E59.720P.avi
    2011-10-14 08:02 - 2011-12-13 18:12 - 0429056 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
    2011-10-13 18:10 - 2006-11-02 03:18 - 0000000 ____D C:\Windows\Microsoft.NET
    2011-10-13 17:30 - 2010-11-09 23:45 - 0000000 ____D C:\Program Files\Microsoft Silverlight
    2011-10-10 21:48 - 2011-10-10 21:43 - 0000000 ___DC C:\Program Files\MagicDisc
    2011-10-10 21:46 - 2011-10-10 21:46 - 1352435 ____A C:\Users\Sharon\Downloads\setup_magicdisc(1).exe
    2011-10-10 21:46 - 2011-10-10 21:45 - 0000798 ____A C:\Users\Sharon\Start Menu\Programs\Startup\MagicDisc.lnk
    2011-10-10 21:46 - 2011-10-10 21:45 - 0000798 ____A C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    2011-10-10 21:46 - 2011-10-10 21:45 - 0000762 ____A C:\Users\Sharon\Desktop\MagicDisc.lnk
    2011-10-10 21:44 - 2011-10-10 21:44 - 1352435 ____A C:\Users\Sharon\Downloads\setup_magicdisc106.exe
    2011-10-10 21:43 - 2011-10-10 21:43 - 1352435 ____A C:\Users\Sharon\Downloads\setup_magicdisc.exe
    2011-10-10 21:30 - 2011-10-10 21:30 - 0000000 ____D C:\Program Files\Common Files\Macrovision Shared
    2011-10-10 21:25 - 2011-10-10 21:25 - 0000000 ____D C:\Users\Sharon\AppData\Local\WinZip
    2011-10-10 16:46 - 2011-10-10 16:45 - 72326400 ____A (Ingram Digital ) C:\Users\Sharon\Downloads\setup(1).exe
    2011-10-08 23:06 - 2011-10-08 23:03 - 1564736508 ____A C:\Users\Sharon\Downloads\[iSUBS-squad.com]Running.Man.E58.720P.avi

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit

    C:\Windows\System32\winlogon.exe => MD5 is legit

    C:\Windows\System32\wininit.exe => MD5 is legit

    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ========================= Memory info ======================

    Percentage of memory in use: 42%
    Total physical RAM: 2938.31 MB
    Available physical RAM: 1686.2 MB
    Total Pagefile: 6080.92 MB
    Available Pagefile: 4880.68 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1958.58 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:224.41 GB) (Free:95.55 GB) NTFS ==>[Drive with boot components]

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 233 GB 0 B
    Disk 1 No Media 0 B 0 B
    Disk 2 No Media 0 B 0 B

    Partitions of Disk 0:

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 8 GB 1024 KB
    Partition 2 Primary 224 GB 8 GB

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 224 GB Healthy System



    ==========================================================

    Last Boot: 2012-01-04 18:47

    ======================= End Of Log ==========================
  18. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
  19. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    will do, thank you.
  20. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    Hi Broni,

    The message is ***Infected MBR detected

    Should I click the repair button to repair it?

    Also, my computer is showing an error message today that MagicDisc can't open driver(mcdbus).

    I want to remove MagicDisc but can't seem to (not today, but in the past).

    Also, this might be a question for later, but is there a way to remove IE completely? It used to give me a lot of grief until I switched over to Firefox.

    Thanks
  21. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Yes.
  22. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    Thanks sorry for my silly :) questions.

    Done - it says repair succeeded.
  23. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Posy new Bootkit Remover log.
  24. toffee801

    toffee801 Newcomer, in training Topic Starter Posts: 41

    Can't paste it into Notepad, but

    232 GB \\.\PhysicalDrive0 OK <DOS/Win32 Boot code found>

    Thanks
  25. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Excellent!

    How is computer doing?


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.