Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I seem to have a nasty Virus.

Started by Sawson Salehpour , Oct 14 2011 09:14 PM

This topic is locked

#1
Sawson Salehpour

Posted 14 October 2011 - 09:14 PM

Member

Member
16 posts

I seem to have gotten a virus that deleted everything off my desktop and also has deleted my background. Additionally I am unable to access the many of my files and I was unable to execute programs from my normal user. I went onto the guest user and downloaded Malewarebytes and removed some infected files which seemed to have alleviated some of the problems but my desktop is still empty and many of the pictures my wife saved to this computer, which were on the desktop are no longer able to be found.

I needed to go onto the guest user to download and use malewareytes because I was unable to download anything on firefox on my main user account. It would open the download box but quickly tell me it was downloaded but it cleared the files quickly after downloading them, so I was unable to execute them.

My start menu only has my shut down buttons, all programs, and computer options. It does not have any of the quick program links or control panel, etc. I am using Windows Vista and my friend came over and used hijack this to stop a program called windows defender while in the guest user. He told me that is a common virus.

After fixing the 5 infected files detected on my guest user I was then able to do much more on my normal user, but I am still not able to access many of the files in conventional ways. I had to search for a word document my wife needed for class, but I could not find it in gmail to add it as an attachment, so I was able to drag and drop it from the search that I used on the start menu and I emailed it from there. I know there are other functions that are odd or unable to work but I am unable to articulate them at the moment because it is almost overwhelming. I hope this is enough information to get me started. Thanks for any help you might be able to provide, I am doing another malewarebyte scan as we speak on the main user that was infected.

Thanks in advance
Sawson

[Edit] Additionally Windows now has to ask me for permission to perform most actions like execute programs and use utilities.

Edited by Sawson Salehpour, 14 October 2011 - 09:16 PM.

#2
Sawson Salehpour

Posted 14 October 2011 - 09:26 PM

Member

Topic Starter
Member
16 posts

Here are my logs. It also has an Extras.txt as well... I will post that as well.

OTL logfile created on: 10/14/2011 11:20:33 PM - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Colin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 39.05% Memory free
6.18 Gb Paging File | 4.39 Gb Available in Paging File | 71.06% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.44 Gb Total Space | 32.04 Gb Free Space | 14.21% Space Free | Partition Type: NTFS

Computer Name: THE-TRAVELLER | User Name: Colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/14 23:20:30 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
PRC - [2011/10/01 14:36:36 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/31 17:00:48 | 001,047,208 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/02 17:28:19 | 000,323,392 | -H-- | M] (BitTorrent, Inc.) -- C:\Users\Colin\Program Files\DNA\btdna.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/31 21:39:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/03/31 14:08:40 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2008/03/07 14:48:38 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/02/22 20:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/02/22 20:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2008/02/22 20:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2008/02/19 14:25:44 | 000,024,576 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
PRC - [2008/02/15 14:56:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008/02/15 14:56:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/11/21 15:38:28 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/11/12 23:59:54 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/08/14 23:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 23:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/07/12 15:59:00 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vspc1000.exe
PRC - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/13 20:32:44 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 20:32:25 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 20:30:36 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 20:30:21 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/01 14:36:36 | 001,015,256 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/06/25 15:52:50 | 006,271,136 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/05/18 11:53:44 | 001,496,576 | -H-- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\hrs184uz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2011/05/18 11:53:44 | 000,346,112 | -H-- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\hrs184uz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/10/14 09:39:00 | 001,077,248 | ---- | M] () -- C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
MOD - [2008/09/10 20:36:50 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/02/04 20:08:45 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/08/14 23:05:18 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/03/31 21:39:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/03/04 23:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/03/04 23:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/03/04 23:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/03/03 17:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/03/03 16:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/02/15 14:56:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008/02/15 14:56:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/02/15 14:56:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 05:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007/11/28 05:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007/11/28 04:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/11/12 23:59:54 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/14 23:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 10:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/10/14 22:30:22 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/10/14 22:27:39 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23F6C359-AF9B-459D-B980-F76D4EAF058D}\MpKsledc14313.sys -- (MpKsledc14313)
DRV - [2011/10/14 21:13:27 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23F6C359-AF9B-459D-B980-F76D4EAF058D}\MpKsl44afa57d.sys -- (MpKsl44afa57d)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/10/29 21:14:54 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/02/22 20:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/02/05 20:06:19 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/12/16 21:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/12/13 20:40:06 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/07/12 16:00:00 | 003,033,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spc1000.sys -- (SPC1000) USB2.0 PC Camera (SPC1000)
DRV - [2007/07/12 15:58:00 | 000,088,320 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr)
DRV - [2007/06/05 20:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/26 04:03:06 | 000,128,104 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.5
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Colin\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@e-academy.com/Host SDM Plugin; version=1.0.0.0: C:\Users\Colin\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 14:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/01 14:36:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Colin\Program Files\DNA [2011/10/14 22:28:08 | 000,000,000 | -H-D | M]

[2008/09/22 14:54:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions
[2011/10/14 19:57:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\hrs184uz.default\extensions
[2010/09/10 13:37:37 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\hrs184uz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/25 20:44:03 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\hrs184uz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/10/29 21:18:31 | 000,000,523 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\hrs184uz.default\searchplugins\daemon-search.xml
[2008/12/08 10:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/10/29 21:18:53 | 000,000,000 | ---D | M] (DAEMON Tools Toolbar) -- C:\PROGRAM FILES\DAEMON TOOLS TOOLBAR\FIREFOXDTT
[2011/10/14 22:28:08 | 000,000,000 | -H-D | M] (No name found) -- C:\USERS\COLIN\PROGRAM FILES\DNA
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Search Assistant BHO) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [spc1000] C:\Windows\vspc1000.exe (Sonix)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIOMyMemCenter] C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe ()
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\Colin\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} http://support.korne...peedNewCtrl.cab (KTCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33D40093-715E-4E4E-919C-9A1AD3479256}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53D9ACF5-0346-4E2B-9722-D525BE9B1D84}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Colin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Colin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{61290118-a620-11dd-9fa8-001a80fafe77}\Shell - "" = AutoRun
O33 - MountPoints2\{61290118-a620-11dd-9fa8-001a80fafe77}\Shell\AutoRun\command - "" = G:\autoplay.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/14 23:19:32 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
[2011/10/14 23:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/10/14 22:30:22 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/14 21:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/14 21:24:45 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Malwarebytes
[2011/10/14 21:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/14 21:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/14 21:24:29 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/14 21:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/14 20:11:13 | 000,000,000 | -H-D | C] -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/09/28 22:27:16 | 000,000,000 | ---D | C] -- C:\2d32536e854bd063e508598f802c
[2008/11/24 16:45:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc1000.dll

========== Files - Modified Within 30 Days ==========

[2011/10/14 23:20:30 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
[2011/10/14 22:30:22 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/10/14 22:27:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/14 22:27:38 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/14 22:27:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/14 22:27:24 | 3209,109,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/14 21:24:35 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/14 20:20:42 | 000,000,633 | -H-- | M] () -- C:\Users\Colin\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/14 20:11:18 | 000,000,609 | -H-- | M] () -- C:\Users\Colin\Desktop\System Restore.lnk
[2011/10/14 20:11:17 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/14 20:11:17 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/14 20:11:09 | 000,000,336 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/10/13 20:29:51 | 001,760,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/08 19:41:46 | 000,597,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/08 19:41:46 | 000,102,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/10/14 21:24:35 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/14 20:20:42 | 000,000,633 | -H-- | C] () -- C:\Users\Colin\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/14 20:11:18 | 000,000,609 | -H-- | C] () -- C:\Users\Colin\Desktop\System Restore.lnk
[2011/10/14 20:11:17 | 000,000,296 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/14 20:11:17 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/14 20:11:09 | 000,000,336 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2010/09/09 21:27:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/09 21:27:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/17 06:54:18 | 000,000,908 | -H-- | C] () -- C:\Users\Colin\AppData\Roaming\wklnhst.dat
[2008/12/10 10:57:38 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2008/12/10 10:57:37 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2008/11/24 16:45:56 | 003,033,856 | ---- | C] () -- C:\Windows\System32\drivers\spc1000.sys
[2008/11/24 16:45:56 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc1000c.sys
[2008/11/24 16:45:56 | 000,015,497 | ---- | C] () -- C:\Windows\spc1000.ini
[2008/11/22 13:34:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/12 19:56:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 17:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/03/31 14:16:54 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/03/31 13:29:44 | 000,000,033 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2008/03/31 13:12:57 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/31 13:12:57 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/31 13:12:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/06/05 16:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 001,760,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,597,784 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,102,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/07/07 23:59:12 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\BitTorrent
[2008/10/29 21:14:36 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\DAEMON Tools
[2011/10/14 23:18:13 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\DNA
[2011/07/11 18:23:52 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\e-academy Inc
[2009/02/28 07:28:36 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\InterVideo
[2008/09/22 16:34:23 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\SystemRequirementsLab
[2009/01/17 06:54:37 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\Template
[2011/10/14 22:26:27 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#3
Sawson Salehpour

Posted 14 October 2011 - 09:28 PM

Member

Topic Starter
Member
16 posts

Here is that Extras.txt that popped up with my OTL.txt

OTL Extras logfile created on: 10/14/2011 11:20:33 PM - Run 1
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Colin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 39.05% Memory free
6.18 Gb Paging File | 4.39 Gb Available in Paging File | 71.06% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.44 Gb Total Space | 32.04 Gb Free Space | 14.21% Space Free | Partition Type: NTFS

Computer Name: THE-TRAVELLER | User Name: Colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B581EDD9-EC17-4B96-B390-B6B54FFDB8F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1539874A-D112-4167-A6A0-BA5E8F83EFF2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{1636C97A-10C9-40C8-AEAA-D4701E47DA18}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E9DAFB1-3E39-4283-A5DB-A5847D480447}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{50485667-0BFB-46FE-9DAA-DC7F3C655C34}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E3BEAFB-057D-4D26-AE9C-FD2C8EB384BD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{669C5CC0-3C6B-4AA7-8739-E6D8F8E4C47D}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8630E260-005B-489C-BAE0-CCD350F9DC67}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{A928C2AE-BB37-4202-8055-A49646CD2DA1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{ABAF9FEB-4723-4E8E-A74D-D515486F592B}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{C3FD7DE7-496E-42E3-9A50-276088A9A7E7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C7662145-5C58-4DA6-9F5D-C31B2D11BD7D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{CAF5E3F7-5FA5-4B0C-A471-8F3755ABC9FC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CDF243EF-E592-4C86-824C-31BF6984AB48}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{E6C4735F-E4B0-4B14-8FF9-39BA473C3158}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{F7DF3773-FA93-4BCE-8783-E398A51E6452}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{2338F635-51D4-4122-A542-6F8A7C61BD99}C:\users\colin\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\colin\program files\dna\btdna.exe |
"TCP Query User{60416BF6-9CA7-4090-AB96-52CA2281A558}C:\users\colin\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\colin\program files\dna\btdna.exe |
"UDP Query User{968FF4F0-1547-42BA-8084-B1848CE7A39F}C:\users\colin\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\colin\program files\dna\btdna.exe |
"UDP Query User{CC5A9D46-1ED6-43EE-9F8B-9E971F8F8275}C:\users\colin\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\colin\program files\dna\btdna.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{059CF2AE-188F-45D3-8231-B79A131AC8C2}" = Philips SPC1000NC Webcam
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{27A2ABE9-E4C4-45DD-B9A8-CEEEE380E7E1}" = VAIO Content Metadata Intelligent Analyzing Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4AF9E60E-0C91-4E25-A264-6E47EB1CC25C}" = Secure Download Manager
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{617505DF-6F0A-4F2F-949F-FD156A32DA24}" = Fiesta
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{757CC5BA-BF08-46A5-8D10-64C6FDF659C6}" = VAIO Content Metadata Manager Setting
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
"{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9C71059E-6DDD-4958-9251-7A5F865B6BA0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A33E457B-5369-481F-8B53-71108AE2EB5B}" = Roxio Easy Media Creator 10 LJ
"{A4399CF4-7A3F-4E84-B763-AD352640203D}" = VAIO Content Metadata XML Interface Library
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC56A2CB-EC09-4175-B8BD-93E2440D410B}" = VAIO Content Metadata Manager Setting
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D06F5884-B439-440B-A58D-6C057C2FF8EB}" = Click to Disc
"{D0AE373E-C276-432B-9A95-F8DD356A8242}" = VAIO Movie Story
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D90507A2-6183-497D-9075-951DC80362DA}" = VAIO Media plus
"{DEBA60A3-7CDE-48D7-993D-7C68663AEE68}" = VAIO Content Metadata Intelligent Analyzing Manager
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E1D25278-B51A-4163-BC3D-20A4D2D09F98}" = VAIO My Memory Center
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FACD3674-FC12-4B6C-A923-E1D687704E9B}" = VAIO Content Metadata XML Interface Library
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"4DF2CED4A3F0255B2228A629BC8B64D5D47A37C4" = Windows Driver Package - Philips (SPC1000) Image (07/06/2007 5.8.8.028)
"AB076FF359D7ED09338BED944754FA8949B67836" = Windows Driver Package - Philips CE (phaudlwr) MEDIA (06/19/2007 1.0.0.7)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"AOL Toolbar" = AOL Toolbar 5.0
"AskPBar Uninstall" = Ask Toolbar
"AviSynth" = AviSynth 2.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{8ED3A392-28F1-4375-97AC-BF275B5855F9}" = OpenMG Secure Module 5.0.00
"Magic ISO Maker v5.4 (build 0239)" = Magic ISO Maker v5.4 (build 0239)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Soulseek" = SoulSeek Client 156c
"SystemRequirementsLab" = System Requirements Lab
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"SAGA" = SAGA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/2/2011 3:22:13 PM | Computer Name = The-Traveller | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/2/2011 3:22:13 PM | Computer Name = The-Traveller | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/2/2011 3:22:13 PM | Computer Name = The-Traveller | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/2/2011 3:22:13 PM | Computer Name = The-Traveller | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 10/3/2011 5:32:48 PM | Computer Name = The-Traveller | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 10/3/2011 5:33:38 PM | Computer Name = The-Traveller | Source = WinMgmt | ID = 10
Description =

Error - 10/3/2011 5:33:50 PM | Computer Name = The-Traveller | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 10/5/2011 3:54:08 PM | Computer Name = The-Traveller | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 10/5/2011 3:55:29 PM | Computer Name = The-Traveller | Source = WinMgmt | ID = 10
Description =

Error - 10/5/2011 10:03:52 PM | Computer Name = The-Traveller | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

[ Media Center Events ]
Error - 4/29/2009 11:05:05 PM | Computer Name = The-Traveller | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/1/2009 9:24:00 AM | Computer Name = The-Traveller | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/6/2009 8:56:28 AM | Computer Name = The-Traveller | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/18/2009 11:05:50 PM | Computer Name = The-Traveller | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2009 3:56:23 AM | Computer Name = The-Traveller | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/24/2009 10:39:47 PM | Computer Name = The-Traveller | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/25/2009 10:16:22 PM | Computer Name = The-Traveller | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/28/2009 10:11:18 PM | Computer Name = The-Traveller | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/29/2009 4:45:51 AM | Computer Name = The-Traveller | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/27/2009 5:31:42 AM | Computer Name = The-Traveller | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 10/14/2011 8:09:45 PM | Computer Name = The-Traveller | Source = Service Control Manager | ID = 7000
Description =

Error - 10/14/2011 8:18:19 PM | Computer Name = The-Traveller | Source = Microsoft-Windows-Eventlog | ID = 22
Description =

Error - 10/14/2011 8:18:59 PM | Computer Name = The-Traveller | Source = Service Control Manager | ID = 7000
Description =

Error - 10/14/2011 8:25:32 PM | Computer Name = The-Traveller | Source = DCOM | ID = 10010
Description =

Error - 10/14/2011 9:01:27 PM | Computer Name = The-Traveller | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:35:08 PM on 10/14/2011 was unexpected.

Error - 10/14/2011 9:01:28 PM | Computer Name = The-Traveller | Source = Microsoft-Windows-Eventlog | ID = 22
Description =

Error - 10/14/2011 9:02:02 PM | Computer Name = The-Traveller | Source = Service Control Manager | ID = 7000
Description =

Error - 10/14/2011 9:18:10 PM | Computer Name = The-Traveller | Source = DCOM | ID = 10010
Description =

Error - 10/14/2011 10:27:28 PM | Computer Name = The-Traveller | Source = Microsoft-Windows-Eventlog | ID = 22
Description =

Error - 10/14/2011 10:28:04 PM | Computer Name = The-Traveller | Source = Service Control Manager | ID = 7000
Description =

< End of report >

#4
Essexboy

Posted 15 October 2011 - 07:15 AM

GeekU Moderator

Retired Staff
69,964 posts

Hi there on completion of these runs let me know if the files/icons/desktop have returned

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
When prompted, type 6 and validate
The RKreport.txt shall be generated next to the executable.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next Reply.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2011/10/14 20:11:13 | 000,000,000 | -H-D | C] -- C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011/10/14 20:20:42 | 000,000,633 | -H-- | M] () -- C:\Users\Colin\Application Data\Microsoft\Internet Explorer\Quick Launch\System Restore.lnk
[2011/10/14 20:11:18 | 000,000,609 | -H-- | M] () -- C:\Users\Colin\Desktop\System Restore.lnk
[2011/10/14 20:11:17 | 000,000,296 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/14 20:11:17 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/14 20:11:09 | 000,000,336 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#5
Sawson Salehpour

Posted 15 October 2011 - 07:32 AM

Member

Topic Starter
Member
16 posts

Thank you for your speedy reply. I ran Roguekiller and typed 6 and pressed enter. Here is the log you requested.

RogueKiller V6.1.3 [10/14/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Colin [Admin rights]
Mode: Shortcuts HJfix -- Date : 10/15/2011 09:30:36

Bad processes: 2
[SUSP PATH] vspc1000.exe -- c:\windows\vspc1000.exe -> KILLED [TermProc]
[SUSP PATH] VPro1000.exe -- c:\windows\vpro1000.exe -> KILLED [TermProc]

Driver: [LOADED]

File attributes restored:
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 0 / Fail 0
Backup: [FOUND] Success 0 / Fail 0

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x2 --> Restored
[E:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[F:] \Device\CdRom0 -- 0x5 --> Skipped
[G:] \Device\CdRom1 -- 0x5 --> Skipped

Finished : << RKreport[1].txt >>
RKreport[1].txt

#6
Sawson Salehpour

Posted 15 October 2011 - 07:48 AM

Member

Topic Starter
Member
16 posts

I can now see my desktop icons. My desktop background was not restored and all my icons that were previously missing are now grayed out as if they are now hidden files that are being shown. Again I really appreciate your help and here is the log file that OTL compiled after I restarted the computer.

OTL logfile created on: 10/15/2011 9:41:38 AM - Run 2
OTL by OldTimer - Version 3.2.30.0 Folder = C:\Users\Colin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 64.21% Memory free
6.18 Gb Paging File | 5.15 Gb Available in Paging File | 83.46% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225.44 Gb Total Space | 32.04 Gb Free Space | 14.21% Space Free | Partition Type: NTFS

Computer Name: THE-TRAVELLER | User Name: Colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/14 23:20:30 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/09/02 17:28:19 | 000,323,392 | -H-- | M] (BitTorrent, Inc.) -- C:\Users\Colin\Program Files\DNA\btdna.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/08 08:11:12 | 000,490,952 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/03/31 21:39:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/03/31 14:08:40 | 000,077,824 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0\bin\jusched.exe
PRC - [2008/03/07 14:48:38 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/02/22 20:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/02/22 20:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2008/02/22 20:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2008/02/19 14:25:44 | 000,024,576 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
PRC - [2008/02/15 14:56:56 | 000,147,456 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2008/02/15 14:56:54 | 000,184,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/01/22 21:16:14 | 000,550,752 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/11/21 15:38:28 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/11/12 23:59:54 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/08/14 23:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 23:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/07/12 15:59:00 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vspc1000.exe
PRC - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/04/22 17:24:54 | 000,077,824 | ---- | M] (Philips) -- C:\Windows\VPro1000.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2011/10/13 20:32:44 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 20:32:25 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 20:30:36 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 20:30:21 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2008/08/08 08:10:48 | 000,081,920 | ---- | M] () -- C:\Program Files\DAEMON Tools Lite\Lang\ENU.dll
MOD - [2008/02/04 20:08:45 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/08/14 23:05:18 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/03/31 21:39:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/03/04 23:58:30 | 000,063,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/03/04 23:56:42 | 000,350,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/03/04 23:54:50 | 000,104,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/03/03 17:45:48 | 000,333,088 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/03/03 16:27:14 | 000,087,328 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/02/15 14:56:56 | 000,147,456 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2008/02/15 14:56:56 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/02/15 14:56:54 | 000,184,320 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/28 05:08:02 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2007/11/28 05:02:20 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2007/11/28 04:43:44 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2007/11/12 23:59:54 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/14 23:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/06/05 16:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 10:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2011/10/15 09:36:27 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{23F6C359-AF9B-459D-B980-F76D4EAF058D}\MpKsl1ba61836.sys -- (MpKsl1ba61836)
DRV - [2011/10/15 09:33:24 | 000,111,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008/10/29 21:14:54 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/02/22 20:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/02/05 20:06:19 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/12/16 21:57:23 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/12/13 20:40:06 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/07/12 16:00:00 | 003,033,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\spc1000.sys -- (SPC1000) USB2.0 PC Camera (SPC1000)
DRV - [2007/07/12 15:58:00 | 000,088,320 | ---- | M] (Philips Applied Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\phaudlwr.sys -- (phaudlwr)
DRV - [2007/06/05 20:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/26 04:03:06 | 000,128,104 | R--- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1400993077-725045684-1873149243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-21-1400993077-725045684-1873149243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1400993077-725045684-1873149243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1400993077-725045684-1873149243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1400993077-725045684-1873149243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-21-1400993077-725045684-1873149243-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1400993077-725045684-1873149243-1000\..\URLSearchHook: {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-21-1400993077-725045684-1873149243-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1400993077-725045684-1873149243-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.5
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..network.proxy.type: 2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Colin\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\@e-academy.com/Host SDM Plugin; version=1.0.0.0: C:\Users\Colin\AppData\Local\e-academy Inc\Mozilla\Firefox\plugins\npHostSdmLoader.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/01 14:36:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/01 14:36:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Colin\Program Files\DNA [2011/10/15 09:40:27 | 000,000,000 | -H-D | M]

[2008/09/22 14:54:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Extensions
[2011/10/14 19:57:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\hrs184uz.default\extensions
[2010/09/10 13:37:37 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\hrs184uz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/07/25 20:44:03 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Users\Colin\AppData\Roaming\mozilla\Firefox\Profiles\hrs184uz.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/10/29 21:18:31 | 000,000,523 | ---- | M] () -- C:\Users\Colin\AppData\Roaming\Mozilla\Firefox\Profiles\hrs184uz.default\searchplugins\daemon-search.xml
[2008/12/08 10:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/10/29 21:18:53 | 000,000,000 | ---D | M] (DAEMON Tools Toolbar) -- C:\PROGRAM FILES\DAEMON TOOLS TOOLBAR\FIREFOXDTT
[2011/10/15 09:40:27 | 000,000,000 | -H-D | M] (No name found) -- C:\USERS\COLIN\PROGRAM FILES\DNA
[2008/09/03 20:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll

O1 HOSTS File: ([2011/10/15 09:34:43 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Ask Search Assistant BHO) - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (Ask.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar BHO) - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL (Ask.com)
O3 - HKU\S-1-5-21-1400993077-725045684-1873149243-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1400993077-725045684-1873149243-1000\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [spc1000] C:\Windows\vspc1000.exe (Sonix)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VAIOMyMemCenter] C:\Program Files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe ()
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1400993077-725045684-1873149243-1000..\Run: [BitTorrent DNA] C:\Users\Colin\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1400993077-725045684-1873149243-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5CA5E00D-80A8-475A-BF08-816FD56DBC38} http://support.korne...peedNewCtrl.cab (KTCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33D40093-715E-4E4E-919C-9A1AD3479256}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53D9ACF5-0346-4E2B-9722-D525BE9B1D84}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Colin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Colin\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{61290118-a620-11dd-9fa8-001a80fafe77}\Shell - "" = AutoRun
O33 - MountPoints2\{61290118-a620-11dd-9fa8-001a80fafe77}\Shell\AutoRun\command - "" = G:\autoplay.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/15 09:34:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/15 09:29:07 | 000,000,000 | ---D | C] -- C:\Users\Colin\Desktop\RK_Quarantine
[2011/10/14 23:19:32 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
[2011/10/14 23:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/10/14 21:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/14 21:24:45 | 000,000,000 | ---D | C] -- C:\Users\Colin\AppData\Roaming\Malwarebytes
[2011/10/14 21:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/14 21:24:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/14 21:24:29 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/10/14 21:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/28 22:27:16 | 000,000,000 | ---D | C] -- C:\2d32536e854bd063e508598f802c
[2008/11/24 16:45:56 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\cspc1000.dll

========== Files - Modified Within 30 Days ==========

[2011/10/15 09:36:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/15 09:36:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/15 09:36:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/15 09:36:14 | 3209,093,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/15 09:34:43 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/10/15 09:33:24 | 000,111,872 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/15 09:28:50 | 000,717,312 | ---- | M] () -- C:\Users\Colin\Desktop\RogueKiller.exe
[2011/10/14 23:20:30 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Users\Colin\Desktop\OTL.exe
[2011/10/14 21:24:35 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 20:29:51 | 001,760,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/08 19:41:46 | 000,597,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/08 19:41:46 | 000,102,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/10/15 09:29:09 | 000,111,872 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2011/10/15 09:28:49 | 000,717,312 | ---- | C] () -- C:\Users\Colin\Desktop\RogueKiller.exe
[2011/10/14 21:24:35 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/09 21:27:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/09/09 21:27:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/17 06:54:18 | 000,000,908 | -H-- | C] () -- C:\Users\Colin\AppData\Roaming\wklnhst.dat
[2008/12/10 10:57:38 | 000,230,752 | ---- | C] () -- C:\Windows\patchw32.dll
[2008/12/10 10:57:37 | 000,118,176 | ---- | C] () -- C:\Windows\patchw.dll
[2008/11/24 16:45:56 | 003,033,856 | ---- | C] () -- C:\Windows\System32\drivers\spc1000.sys
[2008/11/24 16:45:56 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\spc1000c.sys
[2008/11/24 16:45:56 | 000,015,497 | ---- | C] () -- C:\Windows\spc1000.ini
[2008/11/22 13:34:33 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/11/12 19:56:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/19 17:54:18 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/03/31 14:16:54 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/03/31 13:29:44 | 000,000,033 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2008/03/31 13:12:57 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/03/31 13:12:57 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/03/31 13:12:57 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2007/06/05 16:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 001,760,480 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,597,784 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,102,350 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/07/07 23:59:12 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\BitTorrent
[2008/10/29 21:14:36 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\DAEMON Tools
[2011/10/15 09:40:27 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\DNA
[2011/07/11 18:23:52 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\e-academy Inc
[2009/02/28 07:28:36 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\InterVideo
[2008/09/22 16:34:23 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\SystemRequirementsLab
[2009/01/17 06:54:37 | 000,000,000 | -H-D | M] -- C:\Users\Colin\AppData\Roaming\Template
[2011/10/15 09:35:33 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#7
Essexboy

Posted 15 October 2011 - 07:50 AM

GeekU Moderator

Retired Staff
69,964 posts

OK it appears that we are working with something different

Could you right click the desktop and select personalize
Change the theme
Does that return them ?

NEXT

Right click the desktop and select View
Ensure that there is a tick next to show icons
Does that restore them ?

THEN

Download, Save and Run unhide.exe from

http://download.blee...nler/unhide.exe

FINALLY

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#8
Sawson Salehpour

Posted 15 October 2011 - 08:00 AM

Member

Topic Starter
Member
16 posts

I can see and use my icons. They are there, just slightly transparent compared to the items I downloaded after the virus. I assume this is because the virus made it so most or all of my files were hidden from me. I can see them but when I right click on the files and go to properties, all the files have the hidden box check marked. I will run your new fixes you posted. I changed my theme to windows classic, it was on windows modified. And my view icons option was check marked, but I no longer had a problem viewing them after I ran the OTL fix. They were just grayed out / transparent because they are all now hidden files. I will run the rest of your fixes now.

#9
Sawson Salehpour

Posted 15 October 2011 - 08:02 AM

Member

Topic Starter
Member
16 posts

Another odd thing is in my mozilla fire fox, my download manager automatically clears my downloaded files after they have been downloaded. The items download properly it is just an annoying side effect I assume from the virus to prevent me from accessing newly downloaded content.

#10
Essexboy

Posted 15 October 2011 - 08:04 AM

GeekU Moderator

Retired Staff
69,964 posts

Yep we will look at that later, when OTL/RogueKiller run they make hidden files visible. Although Roguekiller should have reset the atttributes, unhide should do that

#11
Sawson Salehpour

Posted 15 October 2011 - 08:05 AM

Member

Topic Starter
Member
16 posts

Another thing that I noticed is still happening is "user access control" keeps popping open asking me if I want to allow every exe I try to run.

#12
Essexboy

Posted 15 October 2011 - 08:09 AM

GeekU Moderator

Retired Staff
69,964 posts

When you get a chance (between running all the programmes I ask you to

)
Go to control panel > user accounts
UAC control and check that it is at default

#13
Sawson Salehpour

Posted 15 October 2011 - 08:10 AM

Member

Topic Starter
Member
16 posts

Well I just ran the unhide.exe and it worked for the most part, the only problem is my start menu is not completely restored. It tells me that might happen and be a side effect of antivirus programs running while I execute it. I don't believe I have anything running but Microsoft Security Essentials is on and I don't know how to turn that off.