Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sony VAIO, Windows XP won't boot after Malware Removal. [Solved]

Started by ferhampshire , Apr 05 2013 07:40 PM

  • This topic is locked This topic is locked

#16
ferhampshire
Posted 07 April 2013 - 09:41 AM

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello! Sorry I answer until today but I needed a break last night after trying to do this the whole day.

I was able to follow your steps, but when I run OPTL and click on run fix it says: The System requires a reboot to finish removing files. Do you want to reboot now? and when I click Yes, nothing happens! I restarted the computer without the flash drive and it takes me to the Vaio Recovery and with the flash drive I go back to the Reatogo Desktop....tried the steps several times and it's always the same....what am I doing wrong?!
  • 0

Advertisements

#17
ferhampshire
Posted 07 April 2013 - 09:51 AM

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
I tried it one more time...This time when OTLPE asks me to reboot, I click No and it says: Fix complete! Click OK to open the fix log.....When I click OK it says: The filename, directory name or volume label syntax is incorrect. and a Untitled notepad opens in blank :wacko:
  • 0

#18
emeraldnzl
Posted 07 April 2013 - 02:15 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Hmm... let's run another OTL scan to see if there are any changes.

Please run OTLPE
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    baseservices
/md5start
explorer.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%USERPROFILE%\..|smtmp;true;true;true /FP
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • Post the log that is produced

  • 0

#19
ferhampshire
Posted 07 April 2013 - 02:40 PM

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thank you for continuing to help me and not giving up :)

This is the log that the last scan gave me:



OTL logfile created on: 4/8/2013 2:26:33 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 791.00 Mb Available Physical Memory | 78.00% Memory free
902.00 Mb Paging File | 827.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.05 Gb Total Space | 32.48 Gb Free Space | 23.03% Space Free | Partition Type: NTFS
Drive X: | 7.45 Gb Total Space | 6.80 Gb Free Space | 91.17% Space Free | Partition Type: NTFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/04/05 22:09:09 | 009,096,848 | ---- | M] (SurfRight B.V.) [Auto] -- C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe -- (HitmanPro37CrusaderBoot) HitmanPro 3.7 Crusader (Boot)
SRV - [2013/03/08 05:33:42 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/31 14:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 15:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/25 16:22:19 | 000,045,056 | ---- | M] () [Auto] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2012/12/14 19:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 19:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/04/15 11:47:30 | 000,529,024 | -H-- | M] (Cisco Consumer Products LLC) [Auto] -- C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe -- (RaAutoInstSrv_AM10)
SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/03/25 16:08:56 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/03/25 16:08:56 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/03/25 16:08:56 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/03/25 16:08:56 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/03/25 16:08:56 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/03/18 12:02:10 | 000,176,128 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/21 13:07:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 13:07:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 13:07:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/14 16:38:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/12/14 19:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/23 18:53:22 | 000,816,672 | -H-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AM10XP.sys -- (AM10)
DRV - [2009/08/28 23:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/06/11 21:04:36 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009/06/11 21:04:36 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/06/11 21:04:36 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/06/11 21:04:36 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2009/06/11 21:04:35 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/06/11 21:04:34 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/05/26 18:00:08 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/05/14 19:47:13 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2009/05/14 19:42:28 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/05/14 17:29:39 | 005,068,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/05/14 17:29:14 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/05/14 17:29:02 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/04/10 18:46:42 | 000,091,776 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\5U876.sys -- (5U876UVC)
DRV - [2009/03/28 08:13:44 | 001,529,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/04 16:48:16 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
DRV - [2008/04/25 08:06:44 | 000,014,336 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2002/10/16 01:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/04/12 12:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...SNNQ&brand=SNNQ
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15387
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople


========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Marita XoXo\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/12 18:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 05:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/10 14:46:59 | 000,000,000 | ---D | M]

[2013/04/05 21:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/03/08 05:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 05:33:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2013/03/08 05:33:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/21 22:10:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 05:18:46 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/03/02 17:53:52 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 4] C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] File not found
O4 - HKU\Marita_XoXo_ON_C..\Run: [Facebook Update] C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Marita_XoXo_ON_C..\Run: [Huorgivon] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Marita_XoXo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\Marita_XoXo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://meetmeinto.co...geUploader4.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.200.241.37 24.202.72.13
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Marita_XoXo_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1366x768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1366x768.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/23 13:06:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 03:06:41 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bootdelete) - C:\WINDOWS\System32\bootdelete.exe (SurfRight B.V.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/04/07 16:26:34 | 000,000,000 | ---D | C] -- C:\i386
[2013/04/07 14:03:59 | 002,237,440 | ---- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013/04/07 14:03:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/07 13:55:45 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/04/06 19:56:48 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/05 23:48:22 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/04/05 23:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/04/05 22:08:17 | 009,096,848 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe
[2013/04/05 22:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marita XoXo\Application Data\Malwarebytes
[2013/04/05 21:46:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2013/04/05 21:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2013/04/05 21:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/05 21:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/04/05 21:36:54 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/05 21:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/05 21:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013/04/05 21:25:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2013/04/05 21:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/04/05 21:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2013/04/05 21:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2013/04/05 21:22:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/04/05 21:21:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/04/05 21:21:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Favorites
[2013/04/05 21:21:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/04/05 21:21:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Bluetooth Software
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Bluetooth Exchange Folder
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Seven Zip
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
[2013/04/05 21:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/04/05 21:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/04/05 21:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/04/05 21:21:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2013/04/05 01:24:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2013/04/04 22:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/04/04 22:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/04/04 22:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
[2013/03/17 20:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/03/17 20:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/03/10 14:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/07 13:52:30 | 331,527,048 | ---- | M] () -- C:\WindowsXP-KB936929-SP3-x86-ENU.rar
[2013/04/07 10:37:42 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/04/05 23:49:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/05 23:48:22 | 000,034,432 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013/04/05 23:48:22 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/04/05 23:48:22 | 000,000,528 | ---- | M] () -- C:\WINDOWS\System32\bootdelete.lst
[2013/04/05 23:40:32 | 000,585,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/05 23:40:32 | 000,137,946 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/05 23:36:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/05 23:36:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-86660588-3392484834-3996328194-1006.job
[2013/04/05 23:35:33 | 1063,682,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/05 23:15:15 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006UA.job
[2013/04/05 22:09:09 | 009,096,848 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe
[2013/04/05 22:01:15 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\web.rtf
[2013/04/05 21:36:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/05 21:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/04 20:51:47 | 000,194,048 | ---- | M] () -- C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/02 17:00:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-86660588-3392484834-3996328194-1006.job
[2013/04/01 19:52:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/03/31 16:00:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/28 08:15:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006Core.job
[2013/03/25 01:36:39 | 000,352,568 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/03/21 22:26:27 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/21 22:26:27 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/19 12:19:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/17 20:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/03/10 14:46:59 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/07 13:57:44 | 331,527,048 | ---- | C] () -- C:\WindowsXP-KB936929-SP3-x86-ENU.rar
[2013/04/05 23:48:22 | 000,034,432 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013/04/05 23:48:22 | 000,000,528 | ---- | C] () -- C:\WINDOWS\System32\bootdelete.lst
[2013/04/05 22:02:32 | 1063,682,048 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/05 22:01:14 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\web.rtf
[2013/04/05 21:36:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/05 21:21:53 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/05 21:21:53 | 000,000,079 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/04/05 21:21:51 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2013/04/05 21:21:51 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2013/04/05 21:21:51 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2013/03/17 20:09:12 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/10 14:45:31 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/03 17:55:49 | 000,352,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/25 16:22:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2012/12/25 16:22:16 | 000,013,931 | -H-- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/12/07 21:25:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/08/02 19:10:54 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2012/03/14 11:10:43 | 000,000,217 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/02/26 17:43:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2012/02/23 14:31:12 | 000,000,312 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~8LEgFEtRH1COKL
[2012/02/23 14:28:48 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~8LEgFEtRH1COKLr
[2012/02/23 14:28:35 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\8LEgFEtRH1COKL
[2012/02/18 06:39:01 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2012/02/16 02:23:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/16 14:41:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 02:44:35 | 000,194,048 | ---- | C] () -- C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/20 02:35:41 | 000,036,972 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/16 16:24:31 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\Marita XoXo\Application Data\wklnhst.dat
[2009/06/24 09:35:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/24 07:54:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/06/24 07:18:02 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/06/24 05:33:54 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\WLanDLL.dll
[2009/06/24 05:14:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/06/24 04:26:09 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2009/06/23 16:44:02 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2009/06/23 13:27:47 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2009/06/23 13:12:46 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2009/06/23 13:09:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/23 13:04:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/23 12:49:13 | 000,000,704 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/06/23 12:49:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/06/23 12:49:03 | 000,585,070 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/23 12:49:03 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/06/23 12:49:03 | 000,137,946 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/23 12:49:03 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/06/23 12:49:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2009/06/23 12:49:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2009/06/23 12:49:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/06/23 12:48:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/06/23 12:48:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/06/23 12:48:57 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/06/23 12:48:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/06/23 05:57:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/23 05:56:48 | 000,183,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 18:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/27 00:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/27 00:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/06/24 06:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2012/11/30 10:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Alawar
[2012/04/23 16:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\BitZipper
[2012/02/23 21:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\DAEMON Tools Lite
[2013/01/11 02:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\DDMSettings
[2012/12/03 03:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\DivoGames
[2012/06/13 20:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\E037A
[2012/02/11 06:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Gamelab
[2012/11/27 06:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Ibtyco
[2012/01/31 22:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\InterVideo
[2012/02/10 19:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\My Games
[2012/02/26 18:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\n-Track Software Data
[2012/02/26 18:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\n-Track Studio6
[2012/02/14 00:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\PlayFirst
[2012/04/20 16:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Pogo
[2011/01/04 21:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\PriceGong
[2012/08/02 19:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\SanDisk SecureAccess
[2010/01/17 15:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Template
[2012/11/27 14:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Tuha
[2012/02/10 21:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\UNOUndercover
[2013/02/20 22:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\uTorrent
[2009/06/24 06:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Windows Desktop Search
[2010/04/29 21:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Windows Search
[2013/01/29 21:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Zedage
[2012/11/30 10:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2011/01/05 02:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/02/13 04:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
[2012/12/25 16:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/06/24 07:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/02/23 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/04/05 19:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
[2012/02/23 13:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/02/10 20:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Finder
[2012/02/13 04:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2012/11/28 11:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2013/04/05 23:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2012/04/20 16:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pogo
[2012/04/23 19:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2009/06/24 07:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2012/07/07 10:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/26 18:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temporary
[2010/10/27 22:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/20 02:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2013/03/28 08:15:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006Core.job
[2013/04/05 23:15:15 | 000,001,022 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006UA.job

========== Purity Check ==========



========== Custom Scans ==========


< baseservices >


< MD5 for: EXPLORER.EXE >
[2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 08:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | -H-- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | -H-- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 08:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 08:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | -H-- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/12/14 19:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 08:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 08:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 2
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2008/04/14 08:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Background Intelligent Transfer Service
"DependOnService" = Rpcss [binary data] -- [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2008/04/14 08:42:04 | 000,409,088 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]

< %systemroot%\System32\config\*.sav >
[2009/06/23 05:56:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009/06/23 05:56:15 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009/06/23 05:56:15 | 000,892,928 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-01-30 00:59:53

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/03/08 05:33:40 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/03/08 05:33:40 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/03/08 05:33:40 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/03/08 05:33:43 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/03/08 05:33:43 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/03/08 05:33:43 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 18:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 18:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/03/08 05:33:40 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/03/08 05:33:40 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/03/08 05:33:40 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/03/08 05:33:43 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/03/08 05:33:43 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/03/08 05:33:43 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 18:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 18:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

Invalid Environment Variable: %USERPROFILE%\..

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D2EA83
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8061242F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0824CCE8
< End of report >
  • 0

#20
emeraldnzl
Posted 07 April 2013 - 03:33 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Well more system files there so something worked lol.

Still the boot problem though so replacement of those files not enough. More damage somewhere else... I think we should try FRST again. Sometimes it works better after being run a couple of times.

Firstly though do this:

Please run OTLPE
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O4 - HKU\Marita_XoXo_ON_C..\Run: [Huorgivon] File not found
[2012/02/23 14:31:12 | 000,000,312 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~8LEgFEtRH1COKL
[2012/02/23 14:28:48 | 000,000,192 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~8LEgFEtRH1COKLr
[2012/02/23 14:28:35 | 000,000,440 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\8LEgFEtRH1COKL
[2011/01/05 02:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2012/04/20 16:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pogo
[2012/04/23 19:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games

:Commands
[emptytemp]
[resethosts]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Post the log that is produced
  • Attempt to reboot normally into Windows

  • 0

#21
ferhampshire
Posted 07 April 2013 - 04:45 PM

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Ok, so I run the fix and when the scan is complete it says that the system requires a reboot to finish removing files. Do you want to reboot now? and when I click Yes nothing happens!!! did it a few times and always the same....When I clicked No instead it said the filename, directory name or volume label syntax is incorrect.
  • 0

#22
emeraldnzl
Posted 07 April 2013 - 05:02 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Remove the flash drive from the machine and force a reboot. When it goes to the Sony factory reset option turn the machine off.

After that

Re-insert the flash drive and reboot the machine.

Run OTLPE
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • Post the log that is produced

  • 0

#23
ferhampshire
Posted 07 April 2013 - 06:00 PM

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OK, I did everything you asked!...Here is the log:



OTL logfile created on: 4/8/2013 1:54:37 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 795.00 Mb Available Physical Memory | 78.00% Memory free
902.00 Mb Paging File | 831.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.05 Gb Total Space | 35.51 Gb Free Space | 25.18% Space Free | Partition Type: NTFS
Drive X: | 7.45 Gb Total Space | 6.80 Gb Free Space | 91.17% Space Free | Partition Type: NTFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/04/05 22:09:09 | 009,096,848 | ---- | M] (SurfRight B.V.) [Auto] -- C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe -- (HitmanPro37CrusaderBoot) HitmanPro 3.7 Crusader (Boot)
SRV - [2013/03/08 05:33:42 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/31 14:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 15:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/25 16:22:19 | 000,045,056 | ---- | M] () [Auto] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2012/12/14 19:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 19:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/04/15 11:47:30 | 000,529,024 | -H-- | M] (Cisco Consumer Products LLC) [Auto] -- C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe -- (RaAutoInstSrv_AM10)
SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/03/25 16:08:56 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/03/25 16:08:56 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/03/25 16:08:56 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/03/25 16:08:56 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/03/25 16:08:56 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/03/18 12:02:10 | 000,176,128 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/21 13:07:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 13:07:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 13:07:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/14 16:38:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/12/14 19:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/23 18:53:22 | 000,816,672 | -H-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AM10XP.sys -- (AM10)
DRV - [2009/08/28 23:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/06/11 21:04:36 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009/06/11 21:04:36 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/06/11 21:04:36 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/06/11 21:04:36 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2009/06/11 21:04:35 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/06/11 21:04:34 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/05/26 18:00:08 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/05/14 19:47:13 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2009/05/14 19:42:28 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/05/14 17:29:39 | 005,068,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/05/14 17:29:14 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/05/14 17:29:02 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/04/10 18:46:42 | 000,091,776 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\5U876.sys -- (5U876UVC)
DRV - [2009/03/28 08:13:44 | 001,529,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/04 16:48:16 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
DRV - [2008/04/25 08:06:44 | 000,014,336 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2002/10/16 01:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/04/12 12:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...SNNQ&brand=SNNQ
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15387
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople


========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Marita XoXo\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/12 18:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 05:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/10 14:46:59 | 000,000,000 | ---D | M]

[2013/04/05 21:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/03/08 05:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 05:33:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2013/03/08 05:33:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/21 22:10:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 05:18:46 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/04/08 09:53:50 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 4] C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] File not found
O4 - HKU\Marita_XoXo_ON_C..\Run: [Facebook Update] C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Marita_XoXo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\Marita_XoXo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://meetmeinto.co...geUploader4.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.200.241.37 24.202.72.13
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Marita_XoXo_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1366x768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1366x768.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/23 13:06:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 03:06:41 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bootdelete) - C:\WINDOWS\System32\bootdelete.exe (SurfRight B.V.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/04/07 16:26:34 | 000,000,000 | ---D | C] -- C:\i386
[2013/04/07 14:03:59 | 002,237,440 | ---- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013/04/07 14:03:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/06 19:56:48 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/05 23:48:22 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/04/05 23:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/04/05 22:08:17 | 009,096,848 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe
[2013/04/05 22:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marita XoXo\Application Data\Malwarebytes
[2013/04/05 21:46:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2013/04/05 21:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2013/04/05 21:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/05 21:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/04/05 21:36:54 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/05 21:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/05 21:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013/04/05 21:25:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2013/04/05 21:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/04/05 21:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2013/04/05 21:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2013/04/05 21:22:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/04/05 21:21:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/04/05 21:21:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Favorites
[2013/04/05 21:21:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/04/05 21:21:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Bluetooth Software
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Bluetooth Exchange Folder
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Seven Zip
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
[2013/04/05 21:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/04/05 21:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/04/05 21:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/04/05 21:21:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2013/04/05 01:24:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2013/04/04 22:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/04/04 22:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/04/04 22:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
[2013/03/17 20:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/03/17 20:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/03/10 14:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

========== Files - Modified Within 30 Days ==========

[2013/04/08 09:53:50 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/04/07 13:52:30 | 331,527,048 | ---- | M] () -- C:\WindowsXP-KB936929-SP3-x86-ENU.rar
[2013/04/05 23:49:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/05 23:48:22 | 000,034,432 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013/04/05 23:48:22 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/04/05 23:48:22 | 000,000,528 | ---- | M] () -- C:\WINDOWS\System32\bootdelete.lst
[2013/04/05 23:40:32 | 000,585,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/05 23:40:32 | 000,137,946 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/05 23:36:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/05 23:36:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-86660588-3392484834-3996328194-1006.job
[2013/04/05 23:35:33 | 1063,682,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/05 23:15:15 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006UA.job
[2013/04/05 22:09:09 | 009,096,848 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe
[2013/04/05 22:01:15 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\web.rtf
[2013/04/05 21:36:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/05 21:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/04 20:51:47 | 000,194,048 | ---- | M] () -- C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/02 17:00:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-86660588-3392484834-3996328194-1006.job
[2013/04/01 19:52:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/03/31 16:00:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/28 08:15:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006Core.job
[2013/03/25 01:36:39 | 000,352,568 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/03/19 12:19:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/17 20:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/03/10 14:46:59 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

========== Files Created - No Company Name ==========

[2013/04/07 13:57:44 | 331,527,048 | ---- | C] () -- C:\WindowsXP-KB936929-SP3-x86-ENU.rar
[2013/04/05 23:48:22 | 000,034,432 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013/04/05 23:48:22 | 000,000,528 | ---- | C] () -- C:\WINDOWS\System32\bootdelete.lst
[2013/04/05 22:02:32 | 1063,682,048 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/05 22:01:14 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\web.rtf
[2013/04/05 21:36:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/05 21:21:53 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/05 21:21:53 | 000,000,079 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/04/05 21:21:51 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2013/04/05 21:21:51 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2013/04/05 21:21:51 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2013/03/17 20:09:12 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/10 14:45:31 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/03 17:55:49 | 000,352,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/25 16:22:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2012/12/25 16:22:16 | 000,013,931 | -H-- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/12/07 21:25:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/08/02 19:10:54 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2012/03/14 11:10:43 | 000,000,217 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/02/26 17:43:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2012/02/18 06:39:01 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2012/02/16 02:23:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/16 14:41:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 02:44:35 | 000,194,048 | ---- | C] () -- C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/20 02:35:41 | 000,036,972 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/16 16:24:31 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\Marita XoXo\Application Data\wklnhst.dat
[2009/06/24 09:35:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/24 07:54:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/06/24 07:18:02 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/06/24 05:33:54 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\WLanDLL.dll
[2009/06/24 05:14:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/06/24 04:26:09 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2009/06/23 16:44:02 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2009/06/23 13:27:47 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2009/06/23 13:12:46 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2009/06/23 13:09:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/23 13:04:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/23 12:49:13 | 000,000,704 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/06/23 12:49:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/06/23 12:49:03 | 000,585,070 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/23 12:49:03 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/06/23 12:49:03 | 000,137,946 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/23 12:49:03 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/06/23 12:49:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2009/06/23 12:49:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2009/06/23 12:49:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/06/23 12:48:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/06/23 12:48:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/06/23 12:48:57 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/06/23 12:48:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/06/23 05:57:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/23 05:56:48 | 000,183,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 18:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/27 00:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/27 00:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/06/24 06:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2012/11/30 10:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Alawar
[2012/04/23 16:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\BitZipper
[2012/02/23 21:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\DAEMON Tools Lite
[2013/01/11 02:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\DDMSettings
[2012/12/03 03:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\DivoGames
[2012/06/13 20:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\E037A
[2012/02/11 06:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Gamelab
[2012/11/27 06:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Ibtyco
[2012/01/31 22:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\InterVideo
[2012/02/10 19:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\My Games
[2012/02/26 18:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\n-Track Software Data
[2012/02/26 18:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\n-Track Studio6
[2012/02/14 00:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\PlayFirst
[2012/04/20 16:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Pogo
[2011/01/04 21:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\PriceGong
[2012/08/02 19:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\SanDisk SecureAccess
[2010/01/17 15:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Template
[2012/11/27 14:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Tuha
[2012/02/10 21:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\UNOUndercover
[2013/02/20 22:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\uTorrent
[2009/06/24 06:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Windows Desktop Search
[2010/04/29 21:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Windows Search
[2013/01/29 21:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Zedage
[2012/11/30 10:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2012/02/13 04:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
[2012/12/25 16:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/06/24 07:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/02/23 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/04/05 19:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
[2012/02/23 13:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/02/10 20:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Finder
[2012/02/13 04:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2012/11/28 11:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2013/04/05 23:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2009/06/24 07:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2012/07/07 10:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/26 18:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temporary
[2010/10/27 22:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/20 02:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2013/03/28 08:15:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006Core.job
[2013/04/05 23:15:15 | 000,001,022 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006UA.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D2EA83
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8061242F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0824CCE8
< End of report >
  • 0

#24
emeraldnzl
Posted 07 April 2013 - 07:24 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Okay that fix didn't work.

The earlier syntax errors also make me wonder.

Perhaps something is changing the format of the fixes.

Let's try this:

Note: if this script is successful your machine should reboot after it runs and then run System File Checker. Please allow it to do so. It may take some time. Get that cup of tea out again. :)

Please run OTLPE

  • Download and save to your desktop the attached OTLPE fix.txt at the bottom of this post.
  • Copy and paste the contents of OTLPE fix.txt into the Custom Scans/Fixes panel.
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
  • If you can't find the log then navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Note: This script was written specifically for this infection on this person's computer. It should NOT to be used on another computer, as it may cause serious damage possibly rendering the machine unusable.
  • 0

#25
ferhampshire
Posted 07 April 2013 - 07:51 PM

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hi again! OK, So this is what happened... After I pressed the Run Fix button, OTLPE did it's thing and after only a few seconds the next logged opened, No need to reboot it...



========== OTL ==========
Registry value HKEY_USERS\Marita_XoXo_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Huorgivon not found.
File C:\Documents and Settings\All Users\Application Data\~8LEgFEtRH1COKL not found.
File C:\Documents and Settings\All Users\Application Data\~8LEgFEtRH1COKLr not found.
File C:\Documents and Settings\All Users\Application Data\8LEgFEtRH1COKL not found.
Folder C:\Documents and Settings\All Users\Application Data\Alwil Software\ not found.
Folder C:\Documents and Settings\All Users\Application Data\Pogo\ not found.
Folder C:\Documents and Settings\All Users\Application Data\PopCap Games\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
< sfc /scannow /c >
C:\cmd.bat deleted successfully.
C:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Marita XoXo
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error: Unable to interpret <[Reboot][/code]> in the current context!

OTLPE by OldTimer - Version 3.1.48.0 log created on 04082013_164506
  • 0

Advertisements

#26
emeraldnzl
Posted 07 April 2013 - 08:22 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Hello ferhampshire,

Run OTLPE
In the custom scans box type in the following

/md5start
shell32.dll
/md5stop

Click the Run Scan button.

Post the log that is produced
  • 0

#27
ferhampshire
Posted 07 April 2013 - 08:46 PM

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Here is that last log:

OTL logfile created on: 4/8/2013 6:35:45 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 790.00 Mb Available Physical Memory | 78.00% Memory free
902.00 Mb Paging File | 827.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.05 Gb Total Space | 35.51 Gb Free Space | 25.18% Space Free | Partition Type: NTFS
Drive X: | 7.45 Gb Total Space | 6.80 Gb Free Space | 91.19% Space Free | Partition Type: NTFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2013/04/05 22:09:09 | 009,096,848 | ---- | M] (SurfRight B.V.) [Auto] -- C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe -- (HitmanPro37CrusaderBoot) HitmanPro 3.7 Crusader (Boot)
SRV - [2013/03/08 05:33:42 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/31 14:38:54 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/01/08 15:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/25 16:22:19 | 000,045,056 | ---- | M] () [Auto] -- C:\WINDOWS\system32\UTSCSI.EXE -- (UTSCSI)
SRV - [2012/12/14 19:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 19:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/04/15 11:47:30 | 000,529,024 | -H-- | M] (Cisco Consumer Products LLC) [Auto] -- C:\Program Files\Cisco Systems\Cisco Valet Connector\CiscoAdapterSvc.exe -- (RaAutoInstSrv_AM10)
SRV - [2010/03/18 14:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/03/25 16:08:56 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/03/25 16:08:56 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/03/25 16:08:56 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/03/25 16:08:56 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/03/25 16:08:56 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/03/18 12:02:10 | 000,176,128 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/21 13:07:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 13:07:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 13:07:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/14 16:38:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/09/18 13:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/12/14 19:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/23 18:53:22 | 000,816,672 | -H-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AM10XP.sys -- (AM10)
DRV - [2009/08/28 23:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/06/11 21:04:36 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009/06/11 21:04:36 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/06/11 21:04:36 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/06/11 21:04:36 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2009/06/11 21:04:35 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009/06/11 21:04:34 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/05/26 18:00:08 | 000,039,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009/05/14 19:47:13 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2009/05/14 19:42:28 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2009/05/14 17:29:39 | 005,068,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/05/14 17:29:14 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/05/14 17:29:02 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/04/10 18:46:42 | 000,091,776 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\5U876.sys -- (5U876UVC)
DRV - [2009/03/28 08:13:44 | 001,529,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009/03/04 16:48:16 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)
DRV - [2008/04/25 08:06:44 | 000,014,336 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2002/10/16 01:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2002/04/12 12:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...SNNQ&brand=SNNQ
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=15387
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Marita_XoXo_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople


========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Marita XoXo\Application Data\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/12 18:56:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 05:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/10 14:46:59 | 000,000,000 | ---D | M]

[2013/04/05 21:23:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2013/03/08 05:33:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 05:33:28 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2013/03/08 05:33:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/21 22:10:03 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 05:18:46 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/04/08 16:45:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [avast5] File not found
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PartSeal] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 4] C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] File not found
O4 - HKU\Marita_XoXo_ON_C..\Run: [Facebook Update] C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Marita_XoXo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 8
O7 - HKU\Marita_XoXo_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://meetmeinto.co...geUploader4.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.200.241.37 24.202.72.13
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Marita_XoXo_ON_C Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1366x768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1366x768.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/23 13:06:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 03:06:41 | 000,000,053 | ---- | M] () - X:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (bootdelete) - C:\WINDOWS\System32\bootdelete.exe (SurfRight B.V.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/04/07 16:26:34 | 000,000,000 | ---D | C] -- C:\i386
[2013/04/07 14:03:59 | 002,237,440 | ---- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013/04/07 14:03:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/07 13:55:45 | 331,805,736 | ---- | C] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/04/06 19:56:48 | 000,000,000 | ---D | C] -- C:\FRST
[2013/04/05 23:48:22 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/04/05 23:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/04/05 22:08:17 | 009,096,848 | ---- | C] (SurfRight B.V.) -- C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe
[2013/04/05 22:03:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marita XoXo\Application Data\Malwarebytes
[2013/04/05 21:46:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\NetworkService\Favorites
[2013/04/05 21:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2013/04/05 21:36:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/05 21:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/04/05 21:36:54 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/04/05 21:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/05 21:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013/04/05 21:25:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2013/04/05 21:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/04/05 21:23:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2013/04/05 21:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2013/04/05 21:22:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2013/04/05 21:21:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/04/05 21:21:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/04/05 21:21:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Favorites
[2013/04/05 21:21:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/04/05 21:21:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sony Corporation
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Bluetooth Software
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2013/04/05 21:21:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2013/04/05 21:21:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\My Documents
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2013/04/05 21:21:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\My Documents\Bluetooth Exchange Folder
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Seven Zip
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2013/04/05 21:21:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150070}
[2013/04/05 21:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/04/05 21:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/04/05 21:21:48 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/04/05 21:21:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2013/04/05 01:24:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LocalService\Favorites
[2013/04/04 22:13:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/04/04 22:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/04/04 22:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
[2013/03/17 20:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/03/17 20:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/03/10 14:45:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

========== Files - Modified Within 30 Days ==========

[2013/04/08 16:45:09 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/04/07 13:52:30 | 331,527,048 | ---- | M] () -- C:\WindowsXP-KB936929-SP3-x86-ENU.rar
[2013/04/07 10:37:42 | 331,805,736 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB936929-SP3-x86-ENU.exe
[2013/04/05 23:49:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/05 23:48:22 | 000,034,432 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013/04/05 23:48:22 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013/04/05 23:48:22 | 000,000,528 | ---- | M] () -- C:\WINDOWS\System32\bootdelete.lst
[2013/04/05 23:40:32 | 000,585,070 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/04/05 23:40:32 | 000,137,946 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/04/05 23:36:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/05 23:36:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-86660588-3392484834-3996328194-1006.job
[2013/04/05 23:35:33 | 1063,682,048 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/05 23:15:15 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006UA.job
[2013/04/05 22:09:09 | 009,096,848 | ---- | M] (SurfRight B.V.) -- C:\Documents and Settings\Marita XoXo\Desktop\HitmanPro.exe
[2013/04/05 22:01:15 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\web.rtf
[2013/04/05 21:36:57 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/05 21:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/04 20:51:47 | 000,194,048 | ---- | M] () -- C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/02 17:00:01 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-86660588-3392484834-3996328194-1006.job
[2013/04/01 19:52:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/03/31 16:00:06 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/28 08:15:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006Core.job
[2013/03/25 01:36:39 | 000,352,568 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/03/21 22:26:27 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/21 22:26:27 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/19 12:19:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/17 20:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/03/10 14:46:59 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk

========== Files Created - No Company Name ==========

[2013/04/07 13:57:44 | 331,527,048 | ---- | C] () -- C:\WindowsXP-KB936929-SP3-x86-ENU.rar
[2013/04/05 23:48:22 | 000,034,432 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013/04/05 23:48:22 | 000,000,528 | ---- | C] () -- C:\WINDOWS\System32\bootdelete.lst
[2013/04/05 22:02:32 | 1063,682,048 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/05 22:01:14 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\web.rtf
[2013/04/05 21:36:57 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/05 21:21:53 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/05 21:21:53 | 000,000,079 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2013/04/05 21:21:51 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2013/04/05 21:21:51 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2013/04/05 21:21:51 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2013/03/17 20:09:12 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/03/10 14:45:31 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/03 17:55:49 | 000,352,568 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/12/25 16:22:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UTSCSI.EXE
[2012/12/25 16:22:16 | 000,013,931 | -H-- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012/12/07 21:25:00 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2012/08/02 19:10:54 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2012/03/14 11:10:43 | 000,000,217 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/02/26 17:43:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2012/02/18 06:39:01 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2012/02/16 02:23:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/06/16 14:41:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/20 02:44:35 | 000,194,048 | ---- | C] () -- C:\Documents and Settings\Marita XoXo\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/20 02:35:41 | 000,036,972 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/16 16:24:31 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\Marita XoXo\Application Data\wklnhst.dat
[2009/06/24 09:35:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/24 07:54:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/06/24 07:18:02 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/06/24 05:33:54 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\WLanDLL.dll
[2009/06/24 05:14:11 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/06/24 04:26:09 | 000,111,552 | ---- | C] () -- C:\WINDOWS\setup.exe
[2009/06/23 16:44:02 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2009/06/23 13:27:47 | 000,000,031 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2009/06/23 13:12:46 | 000,000,800 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2009/06/23 13:09:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/23 13:04:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/23 12:49:13 | 000,000,704 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/06/23 12:49:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/06/23 12:49:03 | 000,585,070 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/23 12:49:03 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/06/23 12:49:03 | 000,137,946 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/23 12:49:03 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/06/23 12:49:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2009/06/23 12:49:02 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2009/06/23 12:49:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/06/23 12:48:59 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/06/23 12:48:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/06/23 12:48:57 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/06/23 12:48:54 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/06/23 05:57:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/23 05:56:48 | 000,183,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/08 18:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008/05/27 00:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/27 00:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 13:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 13:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 13:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
[2001/11/14 16:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/06/24 06:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2012/11/30 10:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Alawar
[2012/04/23 16:15:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\BitZipper
[2012/02/23 21:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\DAEMON Tools Lite
[2013/01/11 02:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\DDMSettings
[2012/12/03 03:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\DivoGames
[2012/06/13 20:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\E037A
[2012/02/11 06:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Gamelab
[2012/11/27 06:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Ibtyco
[2012/01/31 22:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\InterVideo
[2012/02/10 19:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\My Games
[2012/02/26 18:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\n-Track Software Data
[2012/02/26 18:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\n-Track Studio6
[2012/02/14 00:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\PlayFirst
[2012/04/20 16:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Pogo
[2011/01/04 21:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\PriceGong
[2012/08/02 19:16:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\SanDisk SecureAccess
[2010/01/17 15:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Template
[2012/11/27 14:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Tuha
[2012/02/10 21:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\UNOUndercover
[2013/02/20 22:54:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\uTorrent
[2009/06/24 06:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Windows Desktop Search
[2010/04/29 21:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Windows Search
[2013/01/29 21:16:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marita XoXo\Application Data\Zedage
[2012/11/30 10:30:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar
[2012/02/13 04:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Celemony Software GmbH
[2012/12/25 16:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2009/06/24 07:18:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/02/23 20:59:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2013/04/05 19:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\E0413FE940FCAC790000E0405FB0B44C
[2012/02/23 13:46:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2012/02/10 20:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fashion Finder
[2012/02/13 04:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoldWave
[2012/11/28 11:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2013/04/05 23:48:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2009/06/24 07:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2012/07/07 10:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/26 18:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temporary
[2010/10/27 22:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/20 02:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2013/03/28 08:15:00 | 000,001,000 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006Core.job
[2013/04/05 23:15:15 | 000,001,022 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-86660588-3392484834-3996328194-1006UA.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: SHELL32.DLL >
[2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=08B99916C98E15F6C28D24D73E53B45A -- C:\WINDOWS\$NtUninstallKB2286198$\shell32.dll
[2008/04/14 08:42:06 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=0CF50B1F45DAB08430C1DBB79FE2CA5B -- C:\WINDOWS\$NtUninstallKB967715$\shell32.dll
[2008/04/14 08:42:06 | 008,461,312 | ---- | M] (Microsoft Corporation) MD5=0CF50B1F45DAB08430C1DBB79FE2CA5B -- C:\WINDOWS\ServicePackFiles\i386\shell32.dll
[2012/06/08 10:24:16 | 008,463,872 | ---- | M] (Microsoft Corporation) MD5=0E235315C8FF6D9C0198F1E74604A681 -- C:\WINDOWS\$hf_mig$\KB2691442\SP3QFE\shell32.dll
[2011/01/21 10:42:25 | 008,463,360 | ---- | M] (Microsoft Corporation) MD5=1026E80450E2CF36A3D69C0EA319EB95 -- C:\WINDOWS\$hf_mig$\KB2483185\SP3QFE\shell32.dll
[2008/06/17 15:04:34 | 008,461,824 | ---- | M] (Microsoft Corporation) MD5=270CE1BFDF019A3D7527F1DA6FB1FA96 -- C:\WINDOWS\$hf_mig$\KB967715\SP3QFE\shell32.dll
[2010/07/27 02:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) MD5=304CFF53C9C9BEB03607ABE94A8FC781 -- C:\WINDOWS\$NtUninstallKB2483185$\shell32.dll
[2012/06/08 10:26:20 | 008,462,848 | ---- | M] (Microsoft Corporation) MD5=6843D54BC4A40CC8C5741AF750233D10 -- C:\WINDOWS\system32\dllcache\shell32.dll
[2012/06/08 10:26:20 | 008,462,848 | ---- | M] (Microsoft Corporation) MD5=6843D54BC4A40CC8C5741AF750233D10 -- C:\WINDOWS\system32\shell32.dll
[2010/07/27 02:28:54 | 008,463,360 | ---- | M] (Microsoft Corporation) MD5=B65D8CE7C75835906CD21C974B875503 -- C:\WINDOWS\$hf_mig$\KB2286198\SP3QFE\shell32.dll
[2009/07/27 18:13:09 | 008,462,848 | ---- | M] (Microsoft Corporation) MD5=C63E32A65E44B715B84C7A90F82AA029 -- C:\WINDOWS\$hf_mig$\KB971029\SP3QFE\shell32.dll
[2006/02/28 08:00:00 | 008,384,000 | -H-- | M] (Microsoft Corporation) MD5=D5988A5048E4DC7175BCA9F29FC144AE -- C:\WINDOWS\$NtServicePackUninstall$\shell32.dll
[2011/01/21 10:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) MD5=E86423AA9AA8C382AF02B94A058DC2AA -- C:\WINDOWS\$NtUninstallKB2691442$\shell32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38D2EA83
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8061242F
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0824CCE8
< End of report >
  • 0

#28
emeraldnzl
Posted 07 April 2013 - 08:55 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts
Hello ferhampshire,

That looks okay to me. Our options are narrowing...

I have been thinking about Farbars Recovery Scan not working early on. Didn't add up so I am wondering if that the download construction may have been defective.

Let's try doing it another way.

Download Peazip to the desktop
Run and install the programme
As it installs this page will show, deselect the AVG ticks
Press decline and it will then install cleanly

Posted Image

Download the following files to the desktop .. Right click the links and select save as...then select desktop

Rufus

OTLPE_standard

Right click OTLPE on your desktop and select ..Open as archive

Posted Image


Select OTLPE standard

Posted Image

Click Extract, ensure that desktop is selected

Posted Image

Insert the USB stick Then run Rufus
Posted Image
Select the ISO file on the desktop via the ISO icon.

Press Start Burn
Posted Image

Once the USB has burnt then
  • Download Farbar Recovery Scan Tool and save it to the flash drive.
  • Reboot your infected system using the boot USB you just created.
    Note : If you do not know how to set your computer to boot from USB follow the steps here
  • As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
  • Locate the flash drive and run FSRT
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#29
ferhampshire
Posted 07 April 2013 - 11:54 PM

ferhampshire

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Hello emeraldnzl! I did everything you asked but I encountered a problem while running FRST ...When I click Run it gives me AutoIT Error: Unable to open the script file.
  • 0

#30
emeraldnzl
Posted 08 April 2013 - 12:49 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,050 posts

When I click Run it gives me AutoIT Error: Unable to open the script file.


When I checked out the developers discussion topic I found that that error has happened before. That time it was a bug in the download.

When a new version was downloaded it worked fine.

I guess what I am saying is that it looks like it's a bad download.

Try removing your copy of FRST and downloading again. :)
  • 0
Back to Computer Won't Boot - Malware Related · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Computer Won't Boot - Malware Related

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP