Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sony VAIO, Windows XP won't boot after Malware Removal. [Solved]


  • This topic is locked This topic is locked

#1
ferhampshire

ferhampshire

    Member

  • Member
  • PipPip
  • 29 posts
Hello there!!

I have a SONY VAIO laptop (MODEL:PCG-4T1L) that runs in Windows XP and it won't start. I had a Malware problem and after following an on-line guide I ran HitmanPRO, after running a scan, it asked me to restart my laptop. When I did so, I'm taken to a screen where it says that Windows is not installed and that I have to do a Sony Vaio Recovery, but it says that continuing with it, I will loose all my data and the disk will go back to it's original factory setting.

I have restarted my laptop, tried using F8, FN+F8, etc... and nothing works! I'm taken back to the Sony Vaio Recovery option, it's in a loop!!

I read a few guides on this site but they all are for Windows 7 and up, nothing for Windows XP. Please help!!

Thank you in advance.
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Hello ferhampshire,

Welcome to Geekstogo.

This is a way to access your computer using a disk we will create.

Before starting you might like to print these instruction out so that you know what you are doing

  • Download OTLPE.iso and save it somewhere you can get it.
  • Insert a writable blank CD/DVD in your CD drive and click on the OTPLE.iso to burn a CD. NOTE:
  • Reboot your infected system using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • The CD needs to detect your hardware and load the operating system...can take a bit of time, just be patient :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • If asked "Do you wish to load the remote registry", select Yes
  • If asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • In the custom scans box type in the following

    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    userinit.exe
    /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
emeraldnzl, Thank you SO much for your fast response!!!!

Unfortunately I am unable to follow your instructions because my laptop does not have a CD/DVD drive....It only has the USB and SD drives! Is there any way I can do something using them?

Please let me know and thank you again!!!
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Let's try a different approach then. This one you can download to a flash drive.


IMPORTANT:
You will need a flash drive with a size of 512 Mb or bigger. Make sure that you do not leave anything important on the flash drive, as all data on it will be deleted during the following steps.

    • Download OTLPEStd.exe from one of the following links and save it to your Desktop: mirror1 or mirror2
    • Download eeepcfr.zip from the following link and save it to your Desktop: the mirror
    • Finally, if you do not have a file archiver like 7-zip or Winrar installed, please download 7-zip from the following link and install it: the mirror
  • Once you have 7-zip install, decompress OTLPEStd.exe by rightclicking on the folder and choosing the options shown in the picture below. Please use a dedicated folder, for example OTLPE, on your Desktop

    Posted Image
  • Open the folder OTLPEStd which will be created in the same location as OTLPEStd.exe and right-click OTLPE_New_Std.iso. Select 7-Zip and from the submenu select Extract files... and extract the content onto your Desktop in a OTLPE folder:

    Posted Image
  • Please also decompress eeepcfr to your systemroot (usually C:\).
  • Empty the flash drive you want to install OTLPE on.
  • Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
  • Press any key when asked to in the black window that opens.
  • As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
    For Drive Label: type in OTLPE.
    Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
    Finally check Enable File Copy.

    Posted Image
  • Click on Start, accept the disclaimers and wait for the program to finish.
Your bootable flash drive should now be ready!


  • Reboot your system using the bootable flash drive you just created.
  • Note : If you do not know how to set your computer to boot from Flash drive follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • In the custom scans box type in the following

    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    userinit.exe
    /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

  • 0

#5
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello! Thank you again for your rapid response!

I encountered an error after acepting the disclaimers on PeToUSB...It says FormatEx Error[11]: An Error Ocurred Formating the Drive.
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts

I encountered an error after acepting the disclaimers on PeToUSB...It says FormatEx Error[11]: An Error Ocurred Formating the Drive.


I think it might be because the flash drive is too big for that version.

Try the one from this link:

Hmm... when I check that link it seems to be misdirecting. Let me look at the problem and get back to you.
  • 0

#7
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Further to my last post.

That link seems to be corrupted somehow.

I have attached the file below, try that.
  • 0

#8
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thank you! I was able to sucesfully run PeToUSB and now my flash drive is ready.

Now, I'm unsure on the next steps on your tutorial. Should I reboot the Desktop I'm using to follow this steps or should I do it on the laptop that isn't working?
  • 0

#9
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Have you installed OTLPE on the flash drive?

This part:

  • Empty the flash drive you want to install OTLPE on.
  • Go to C:\eeecpfr and double-click usb_prep8.cmd to launch it.
  • Press any key when asked to in the black window that opens.
  • As indicated in the image, make sure you have selected the correct flash drive, before proceeding.
    For Drive Label: type in OTLPE.
    Under Source Path to built BartPE/WinPE Files click ... and select the folder OTLPE that you created on your Desktop.
    Finally check Enable File Copy.

    Posted Image
  • Click on Start, accept the disclaimers and wait for the program to finish.
Your bootable flash drive should now be ready!

--------------------------------------------------------------

If you have got to this point instead of following my earlier instruction do the following. A colleague has kindly alerted me to a newer method of doing this which I think will speed things up.


  • Download Farbar Recovery Scan Tool and save it to the flash drive.
  • Reboot your infected system using the boot USB you just created.
    Note : If you do not know how to set your computer to boot from USB follow the steps here
  • As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
  • Locate the flash drive and run FSRT
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#10
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Perfect! It all worked! Now, here is the log I got:



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2013 (ATTENTION: FRST version is 24 days old)
Ran by SYSTEM at 06-04-2013 19:57:42
Running from X:\
Microsoft Windows XP (X86) OS Language: English(US)
The current controlset is ControlSet001

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2013-04-06 19:56 - 2013-04-06 19:56 - 00000000 ____D C:\FRST
2013-04-05 23:48 - 2013-04-05 23:48 - 00034432 ____A C:\Windows\System32\.crusader
2013-04-05 23:48 - 2013-04-05 23:48 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-04-05 23:48 - 2013-04-05 23:48 - 00000528 ____A C:\Windows\System32\bootdelete.lst
2013-04-05 23:40 - 2013-04-05 23:48 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-04-05 22:08 - 2013-04-05 22:09 - 09096848 ____A (SurfRight B.V.) C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe
2013-04-05 22:03 - 2013-04-05 22:03 - 00000000 ____D C:\Documents and Settings\Marita XoXo\Application Data\Malwarebytes
2013-04-05 21:37 - 2013-04-05 21:37 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2013-04-05 21:36 - 2013-04-05 21:36 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-05 21:36 - 2013-04-05 21:36 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-04-05 21:36 - 2013-04-05 21:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2013-04-05 21:36 - 2012-12-14 19:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-04-05 21:27 - 2013-04-05 21:27 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-04-05 21:26 - 2013-04-05 21:28 - 00004848 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2013-04-05 21:25 - 2013-04-05 21:25 - 00000000 __SHD C:\Documents and Settings\NetworkService\IETldCache
2013-04-05 21:25 - 2013-04-05 21:25 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-04-05 21:23 - 2013-04-05 21:23 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-04-05 21:23 - 2013-04-05 21:23 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-04-05 21:22 - 2013-04-05 21:22 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache
2013-04-05 21:21 - 2013-04-05 22:01 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-04-05 21:21 - 2013-04-05 21:21 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-04-05 21:21 - 2009-06-24 08:41 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2013-04-05 21:21 - 2009-06-24 08:41 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe
2013-04-05 21:21 - 2009-06-24 08:31 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-04-05 21:21 - 2009-06-24 07:36 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Seven Zip
2013-04-05 21:21 - 2009-06-24 07:32 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
2013-04-05 21:21 - 2009-06-24 07:07 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia
2013-04-05 21:21 - 2009-06-24 06:48 - 00013104 ___AH C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-04-05 21:21 - 2009-06-24 06:46 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\TempRAID
2013-04-05 21:21 - 2009-06-24 06:46 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Sony Corporation
2013-04-05 21:21 - 2009-06-24 06:43 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
2013-04-05 21:21 - 2009-06-24 06:26 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
2013-04-05 21:21 - 2009-06-24 06:14 - 00000000 ___HD C:\Documents and Settings\Administrator\My Documents\Bluetooth Exchange Folder
2013-04-05 21:21 - 2009-06-24 06:14 - 00000000 ____D C:\Documents and Settings\Administrator\Bluetooth Software
2013-04-05 21:21 - 2009-06-24 05:33 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\InstallShield
2013-04-05 21:21 - 2009-06-23 05:57 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2013-04-04 22:13 - 2013-04-04 22:13 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-04-04 22:11 - 2013-04-04 22:11 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-04-04 22:08 - 2013-04-05 19:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
2013-03-17 20:09 - 2013-03-31 16:00 - 00002265 ____A C:\Documents and Settings\All Users\Desktop\Skype.lnk
2013-03-17 20:09 - 2013-03-17 20:09 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-03-10 14:45 - 2013-03-10 14:46 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-03-08 05:33 - 2013-03-10 14:43 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders ========

2013-04-06 19:56 - 2013-04-06 19:56 - 00000000 ____D C:\FRST
2013-04-05 23:49 - 2009-06-23 13:10 - 00032434 ____A C:\Windows\SchedLgU.Txt
2013-04-05 23:49 - 2009-06-23 13:05 - 01886111 ____A C:\Windows\WindowsUpdate.log
2013-04-05 23:48 - 2013-04-05 23:48 - 00034432 ____A C:\Windows\System32\.crusader
2013-04-05 23:48 - 2013-04-05 23:48 - 00012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2013-04-05 23:48 - 2013-04-05 23:48 - 00000528 ____A C:\Windows\System32\bootdelete.lst
2013-04-05 23:48 - 2013-04-05 23:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-04-05 23:48 - 2010-01-16 16:22 - 00000178 __ASH C:\Documents and Settings\Marita XoXo\ntuser.ini
2013-04-05 23:48 - 2009-06-23 13:10 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-05 23:48 - 2009-06-23 06:00 - 00000275 ____A C:\Windows\wiadebug.log
  • 0

Advertisements


#11
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Sorry for the delay I was trying to see if I could find a work around as it looks like you don't have the Recovery Console on that machine and Farbars tool won't work properly outside the recovery environment. The scan it carried out was truncated and any fixes won't work.

It looks like we will need to do it the older way.

I wonder whether you are able to just delete Farbars Recovery Scan Tool from the usb stick and carry on as below?

If not you will have to create a new flash drive using the instructions a post number four.

If you are able to delete just FRST your bootable flash drive should still be ready and you can continue as below:


  • Reboot your system using the bootable flash drive you just created.
  • Note : If you do not know how to set your computer to boot from Flash drive follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • In the custom scans box type in the following

    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    userinit.exe
    /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

  • 0

#12
ferhampshire

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Please don't apologize for any delays, you are being of a great help and I really appreciate it :)

I was able to remove the FRST without the need of creating a new flash drive :) I ran the Scan and this is the OTL.txt




OTL logfile created on: 4/6/2013 10:40:19 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 784.00 Mb Available Physical Memory | 77.00% Memory free
902.00 Mb Paging File | 826.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.05 Gb Total Space | 33.50 Gb Free Space | 23.75% Space Free | Partition Type: NTFS
Drive X: | 7.45 Gb Total Space | 7.11 Gb Free Space | 95.39% Space Free | Partition Type: NTFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/04/05 22:09:09 | 009,096,848 | ---- | M] (SurfRight B.V.) [Auto] -- C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe -- (HitmanPro37CrusaderBoot) HitmanPro 3.7 Crusader (Boot)
SRV - [2013/03/08 05:33:42 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/31 14:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 15:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/25 16:22:19 | 000,045,056 | ---- | M] () [Auto] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2012/12/14 19:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 19:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/04/15 11:47:30 | 000,529,024 | -H-- | M] (Cisco Consumer Products LLC) [Auto] -- C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe -- (RaAutoInstSrv_AM10)
SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/03/25 16:08:56 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/03/25 16:08:56 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/03/25 16:08:56 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/03/25 16:08:56 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/03/25 16:08:56 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/03/18 12:02:10 | 000,176,128 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/21 13:07:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 13:07:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 13:07:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/14 16:38:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/12/14 19:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/23 18:53:22 | 000,816,672 | -H-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AM10XP.sys -- (AM10)
DRV - [2009/08/28 23:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/06/11 21:04:36 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009/06/11 21:04:36 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/06/11 21:04:36 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/06/11 21:04:36 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2009/06/11 21:04:35 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/06/11 21:04:34 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/05/26 18:00:08 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/05/14 19:47:13 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2009/05/14 19:42:28 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/05/14 17:29:39 | 005,068,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/05/14 17:29:14 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/05/14 17:29:02 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/04/10 18:46:42 | 000,091,776 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\5U876.sys -- (5U876UVC)
DRV - [2009/03/28 08:13:44 | 001,529,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/04 16:48:16 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
DRV - [2008/04/25 08:06:44 | 000,014,336 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2002/10/16 01:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/04/12 12:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...SNNQ&brand=SNNQ
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15387
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople


========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Marita XoXo\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/12 18:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 05:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/10 14:46:59 | 000,000,000 | ---D | M]

[2013/04/05 21:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/03/08 05:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 05:33:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2013/03/08 05:33:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/21 22:10:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 05:18:46 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/02 17:53:52 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 4] C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] File not found
O4 - HKU\Marita_XoXo_ON_C..\Run: [Facebook Update] C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Marita_XoXo_ON_C..\Run: [Huorgivon] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Marita_XoXo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\Marita_XoXo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://meetmeinto.co...geUploader4.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.200.241.37 24.202.72.13
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Marita_XoXo_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1366x768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1366x768.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/23 13:06:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 03:06:41 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bootdelete) - C:\WINDOWS\System32\bootdelete.exe (SurfRight B.V.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/04/06 19:56:48 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/05 23:48:22 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/04/05 23:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/04/05 22:08:17 | 009,096,848 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe
[2013/04/05 22:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marita XoXo\Application Data\Malwarebytes
[2013/04/05 21:46:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2013/04/05 21:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2013/04/05 21:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/05 21:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/04/05 21:36:54 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/05 21:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/05 21:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013/04/05 21:25:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2013/04/05 21:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/04/05 21:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2013/04/05 21:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2013/04/05 21:22:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/04/05 21:21:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/04/05 21:21:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Favorites
[2013/04/05 21:21:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/04/05 21:21:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Bluetooth Software
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Bluetooth Exchange Folder
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Seven Zip
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
[2013/04/05 21:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/04/05 21:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/04/05 21:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/04/05 21:21:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2013/04/05 01:24:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2013/04/04 22:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/04/04 22:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/04/04 22:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
[2013/03/17 20:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/03/17 20:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/03/10 14:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/03/08 05:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/05 23:49:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/05 23:48:22 | 000,034,432 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013/04/05 23:48:22 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/04/05 23:48:22 | 000,000,528 | ---- | M] () -- C:\WINDOWS\System32\bootdelete.lst
[2013/04/05 23:40:32 | 000,585,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/05 23:40:32 | 000,137,946 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/05 23:36:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/05 23:36:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-86660588-3392484834-3996328194-1006.job
[2013/04/05 23:35:33 | 1063,682,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/05 23:15:15 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006UA.job
[2013/04/05 22:09:09 | 009,096,848 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe
[2013/04/05 22:01:15 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\web.rtf
[2013/04/05 21:36:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/05 21:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/04 20:51:47 | 000,194,048 | ---- | M] () -- C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/02 17:00:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-86660588-3392484834-3996328194-1006.job
[2013/04/01 19:52:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/03/31 16:00:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/28 08:15:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006Core.job
[2013/03/25 01:36:39 | 000,352,568 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/03/21 22:26:27 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/21 22:26:27 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/19 12:19:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/17 20:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/03/10 14:46:59 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/05 23:48:22 | 000,034,432 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013/04/05 23:48:22 | 000,000,528 | ---- | C] () -- C:\WINDOWS\System32\bootdelete.lst
[2013/04/05 22:02:32 | 1063,682,048 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/05 22:01:14 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\web.rtf
[2013/04/05 21:36:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/05 21:21:53 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/05 21:21:53 | 000,000,079 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/04/05 21:21:51 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2013/04/05 21:21:51 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2013/04/05 21:21:51 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2013/03/17 20:09:12 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/10 14:45:31 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/03 17:55:49 | 000,352,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/25 16:22:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2012/12/25 16:22:16 | 000,013,931 | -H-- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/12/07 21:25:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/08/02 19:10:54 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2012/03/14 11:10:43 | 000,000,217 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/02/26 17:43:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2012/02/23 14:31:12 | 000,000,312 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~8LEgFEtRH1COKL
[2012/02/23 14:28:48 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~8LEgFEtRH1COKLr
[2012/02/23 14:28:35 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\8LEgFEtRH1COKL
[2012/02/18 06:39:01 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2012/02/16 02:23:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/16 14:41:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 02:44:35 | 000,194,048 | ---- | C] () -- C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/20 02:35:41 | 000,036,972 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/16 16:24:31 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\Marita XoXo\Application Data\wklnhst.dat
[2009/06/24 09:35:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/24 07:54:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/06/24 07:18:02 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/06/24 05:33:54 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\WLanDLL.dll
[2009/06/24 05:14:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/06/24 04:26:09 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2009/06/23 16:44:02 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2009/06/23 13:27:47 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2009/06/23 13:12:46 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2009/06/23 13:09:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/23 13:04:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/23 12:49:13 | 000,000,704 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/06/23 12:49:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/06/23 12:49:03 | 000,585,070 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/23 12:49:03 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/06/23 12:49:03 | 000,137,946 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/23 12:49:03 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/06/23 12:49:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2009/06/23 12:49:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2009/06/23 12:49:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/06/23 12:48:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/06/23 12:48:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/06/23 12:48:57 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/06/23 12:48:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/06/23 05:57:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/23 05:56:48 | 000,183,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 18:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/27 00:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/27 00:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/06/24 06:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2012/11/30 10:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Alawar
[2012/04/23 16:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\BitZipper
[2012/02/23 21:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\DAEMON Tools Lite
[2013/01/11 02:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\DDMSettings
[2012/12/03 03:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\DivoGames
[2012/06/13 20:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\E037A
[2012/02/11 06:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Gamelab
[2012/11/27 06:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Ibtyco
[2012/01/31 22:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\InterVideo
[2012/02/10 19:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\My Games
[2012/02/26 18:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\n-Track Software Data
[2012/02/26 18:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\n-Track Studio6
[2012/02/14 00:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\PlayFirst
[2012/04/20 16:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Pogo
[2011/01/04 21:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\PriceGong
[2012/08/02 19:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\SanDisk SecureAccess
[2010/01/17 15:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Template
[2012/11/27 14:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Tuha
[2012/02/10 21:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\UNOUndercover
[2013/02/20 22:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\uTorrent
[2009/06/24 06:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Windows Desktop Search
[2010/04/29 21:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Windows Search
[2013/01/29 21:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Zedage
[2012/11/30 10:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2011/01/05 02:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/02/13 04:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
[2012/12/25 16:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/06/24 07:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/02/23 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/04/05 19:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
[2012/02/23 13:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/02/10 20:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Finder
[2012/02/13 04:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2012/11/28 11:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2013/04/05 23:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/04/20 16:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pogo
[2012/04/23 19:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/06/24 07:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2012/07/07 10:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/26 18:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temporary
[2010/10/27 22:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/20 02:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2013/03/28 08:15:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006Core.job
[2013/04/05 23:15:15 | 000,001,022 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006UA.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 08:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 08:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D2EA83
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8061242F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0824CCE8
< End of report >
  • 0

#13
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Looks to me as though Hitman Pro has deleted winlogon.exe crippling your machine. It seems to have taken all copies from the computer as well so nothing for us to use as a replacement.

Do you have a Windows installation disk for that machine or one with an the exact same system as that computer?
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Hello again ferhampshire,

I have to go out for an hour or two but I will check in when I return. :)

Meantime

If you do find a disk we can use, then I can give you some instructions to copy the file from the disk to your computer.

If you don't have a disk then I think the best option is to use the Sony Recovery option to reset your computer to factory conditions. Unfortunately using this you will lose any data your might have on the hard drive.

However, you should be able to save what you want to say a flash drive using OTLPE to access your machine.

SOoo firstly make sure your machine is plugged in and then see how you go saving the documents you want to keep.

After that

I'm taken to a screen where it says that Windows is not installed and that I have to do a Sony Vaio Recovery, but it says that continuing with it, I will loose all my data and the disk will go back to it's original factory setting.


Start you computer and follow the Sony Vaio Recovery instructions.

Alternatively I found this which you might find useful.

"Start up computer and immediately start tapping f10. This should take you to a black screen with white writing. Hit enter.

The next screen gives you two options- hit the skip button. Next screen check the box and hit next.

Your computer should be restored to it's factory settings in about 20min. "
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,008 posts
Further to my last post.

Another colleague has reminded me about using SP3 as a source of system files... this is becoming a habit :lol:

Try downloading SP3 to a flash drive and transfering to the infected machine.

Use this link to download SP3:

http://www.microsoft...&displaylang=en

Save the file.

Next download and install Winrar trial version from the link below.

http://download.cnet...4-10007677.html

After Winrar has installed right click on the Service pack 3 file and choose "Extract here" using Winrar.

When the extract window opens type C:\ into the file path location for the file to be extracted to. This will place the i386 folder at the root of C drive.

After that run OTLPE again

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    sfc /scannow  /c
    
    :Commands
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Post the log that is produced
  • Attempt to reboot normally into Windows

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP