Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google-Analytics Redirect Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google-Analytics Redirect Virus

Unread postby caitlyn15 » April 30th, 2012, 12:52 pm

Hello,

Currently on my computer is what I think to be the Google-Analytics Redirect Virus. I am constantly seeing an annoying pop-up i the bottom right hand corner of my screen on certain websites, and then on other occasions when I right click on a link to open a new tab it will open the new tab on a different page (like it is supposed to do), but then it will redirect the original page to 'google-analytics.com' and then redirect again to either the same page as the new tab, or a fake search engine site like 'budget-match.com'.

Please help, as this is getting to be very very annoying... and whatever I have tried to do does not work in the least.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Caitlyn at 13:44:51 on 2012-04-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.1486 [GMT -3:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ottawacitizen.com/index.html
uSearch Bar = Preserve
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=SNNT
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [MyTomTomSA.exe] "C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://design-concept.ca/Core/Player/20 ... _Win32.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://algvpn.algonquincollege.com/CAC ... vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.walmartphotocentre.ca/upload ... ontrol.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D5B8EB38-EC74-4F19-AD18-9DD6E18422B1} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{D5B8EB38-EC74-4F19-AD18-9DD6E18422B1}\2454C4C4630373 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{D5B8EB38-EC74-4F19-AD18-9DD6E18422B1}\76F66656273656E6472716C6 : DhcpNameServer = 64.71.255.198
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 68.168.222.226 www.google-analytics.com.
Hosts: 68.168.222.226 ad-emea.doubleclick.net.
Hosts: 68.168.222.226 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Caitlyn\AppData\Roaming\Mozilla\Firefox\Profiles\b1ynk9w2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ottawacitizen.com/index.html
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-8 5158992]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-26 13336]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-5-6 104960]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-4-26 2320920]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-5-6 571248]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 253088]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
S3 SampleCollector;Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2010-5-6 168448]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-10 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-10 67952]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-27 303872]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TVICHW64;TVICHW64;\??\C:\Windows\system32\DRIVERS\TVICHW64.SYS --> C:\Windows\system32\DRIVERS\TVICHW64.SYS [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-30 13:13:09 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0241DC80-CEC3-49BC-B6C5-6FAF65445AC1}\mpengine.dll
2012-04-30 13:01:55 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{6FD13E24-0E90-4A07-88FE-6D89C4455CFE}
2012-04-30 13:01:38 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{4253A56B-32B3-4E0C-8C18-C776F96BBF64}
2012-04-30 00:56:29 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{9870F573-6BBF-478F-8D92-DE87027EB9AA}
2012-04-30 00:56:08 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{5437239F-4571-4C82-B274-109F67C7A9DA}
2012-04-29 12:02:15 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{CAFC432C-A876-40BE-8053-96E003CB35CB}
2012-04-29 12:02:04 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{F04B50CC-4AB1-4D62-AD36-F24D14463955}
2012-04-29 11:07:09 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-29 00:01:45 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{37EF2AFF-67AE-4822-B73F-ED56F60A883E}
2012-04-29 00:01:27 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{65150836-ADE3-460C-8535-056387D2E098}
2012-04-28 09:56:58 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{E65AD971-EB66-46D8-85B4-26585429CC2A}
2012-04-28 09:56:47 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{76989061-2C46-49E5-9B97-A6A790472C19}
2012-04-27 12:45:19 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{F06B417E-9F9E-447D-8CDF-1F406D23B62A}
2012-04-27 12:44:56 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{0A53218A-A392-4DDA-A12C-BA01FBED8814}
2012-04-26 23:52:32 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-26 18:05:52 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{0224DC3C-88B8-4A31-A1F5-6214C74E617A}
2012-04-26 18:05:20 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{3D062C7F-688E-4A83-85A1-54C66D5E04E0}
2012-04-26 02:27:45 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{EF6B9CFE-5E35-47BF-A3D9-89E3516FBC70}
2012-04-26 02:27:26 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{AB3F5E88-BBF9-40D7-9057-2C97A687A91C}
2012-04-25 14:01:24 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{8BDB5E2C-92CC-474F-8719-BE0305AD3161}
2012-04-25 14:00:55 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{F931CA83-53BF-4222-8D82-EC2DD966FA60}
2012-04-25 11:04:39 116016 ----a-w- C:\Windows\System32\drivers\30743688.sys
2012-04-24 23:33:56 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{8A8097AA-5279-4F25-AB19-00FBCA65A093}
2012-04-24 23:33:44 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{52EA15B0-2BC1-40BB-AF59-0B1FCC6CDE36}
2012-04-24 11:33:23 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{8A8D53A9-5977-42CD-814B-FCCF5D650A81}
2012-04-24 11:32:59 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{A3E0661A-A338-4993-A8E4-9C9DA0525D6B}
2012-04-23 13:50:09 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{AAB1E0E4-364A-40FA-819B-C2544C4AD1C4}
2012-04-23 13:49:44 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{D783A598-A8FE-4CB2-BE73-088E2BB21EE8}
2012-04-23 01:23:23 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{D6A27D08-EF2F-4575-8BBD-5F0FBBA517CE}
2012-04-23 01:23:07 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{F157D300-5103-4C05-A9AC-B1874A765148}
2012-04-22 12:29:16 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{C534FD2C-1F7B-4447-A544-E7783C1751B1}
2012-04-22 12:28:50 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{27881F45-2A9B-4501-BBF7-2D54899BAD61}
2012-04-21 19:30:31 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{1F9C3493-BB40-4DA2-B490-B8FFE2C1ABE0}
2012-04-21 19:30:09 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{CEDF8259-4C63-4F35-8325-56D231E3EA37}
2012-04-21 06:18:54 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{EDABA69E-4A3A-41F1-8738-FE167D4E7F11}
2012-04-21 06:18:32 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{74CE3CE4-D40A-4F58-8950-12EA0F02452A}
2012-04-20 12:29:41 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{8152AEBB-D5CB-4F3F-AAC5-500B151AB6B2}
2012-04-20 12:29:22 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{7D4AE36F-93BC-42DE-803F-6496F158C189}
2012-04-19 23:28:55 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{1651256F-8100-4CCD-9324-58B8BD1DEE89}
2012-04-19 23:28:44 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{7BD18A30-D94F-4854-A39E-29E4DD949775}
2012-04-19 11:28:31 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{3A6DF271-1996-43D1-A42F-57A88388EDBE}
2012-04-19 11:28:19 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{882745C7-EB36-4E89-BD7A-27883902395A}
2012-04-19 07:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-18 23:28:00 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{C3B70F55-D46E-4AD3-934A-1138846A1F0F}
2012-04-18 23:27:37 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{7371C8E3-3B65-4F06-B42E-10833C944C32}
2012-04-18 10:41:20 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{1990D218-1ED3-49A8-AED3-C26513D75244}
2012-04-18 10:40:57 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{25BECA6D-BDF7-457C-B65A-3986657EA476}
2012-04-18 10:35:08 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{F862D44B-385F-4CE0-AA77-897ACC107649}
2012-04-17 22:33:05 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{D74652C2-EA68-4764-923A-013AA0406022}
2012-04-17 22:31:38 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{145E5B4A-FDAD-4842-AAC4-55B40F83BFA2}
2012-04-17 10:21:17 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{2D02AFD1-F1D1-439B-9154-DC0E99A9F7E2}
2012-04-17 10:21:07 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{3D301969-593F-40A2-A137-7081A91BAB39}
2012-04-16 22:20:48 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{84F1605A-47C3-442B-8CED-098AFCDA65CC}
2012-04-16 22:20:30 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{F79F3BF9-BD02-416A-ACA4-0EDD9B9AAA4A}
2012-04-16 10:02:06 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{BF07CB81-D968-42AE-B999-FD57264893A6}
2012-04-16 10:01:55 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{37504A5F-FDCF-4280-A324-B977E51B30BF}
2012-04-16 06:03:32 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-16 06:03:32 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-16 06:03:32 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-16 06:00:52 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-16 06:00:52 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-16 06:00:52 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-16 06:00:50 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-16 06:00:50 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-16 06:00:50 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-16 06:00:50 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-16 00:00:39 -------- d-----w- C:\Users\Caitlyn\AppData\Roaming\Malwarebytes
2012-04-16 00:00:27 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-15 23:22:42 -------- d-----w- C:\Users\Caitlyn\AppData\Roaming\SUPERAntiSpyware.com
2012-04-15 14:33:11 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{47A392F2-48B1-4C31-8C5B-D29EEBBD640D}
2012-04-15 14:32:51 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{B36BAF15-F733-407B-A2D7-C90B6657C274}
2012-04-15 01:03:17 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{795B2480-DE1C-486B-A400-B3D2F1DA0862}
2012-04-15 01:02:47 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{177335D6-BB51-497E-9325-A95EC000A625}
2012-04-14 12:43:09 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{FF1290F9-C0C6-4359-9AA8-74EB3E162640}
2012-04-14 12:42:44 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{A76AA38C-D29E-4E2E-AC8A-9B92C9FF2BE1}
2012-04-13 23:20:44 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{4B7EDB9D-FA7D-4965-877A-9CB2BA2C1E63}
2012-04-13 23:20:22 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{9D625E35-CBEB-4648-88E8-D6347D5B9819}
2012-04-13 10:50:38 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{4FB3AE88-C910-4F6E-AA6F-3F4BD584E463}
2012-04-13 10:50:27 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{358DCD6E-8180-44F6-A9E9-CE63938BB9C6}
2012-04-13 10:49:09 -------- d-----w- C:\Windows\en
2012-04-13 10:44:20 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\62209ad31cd196201\DSETUP.dll
2012-04-13 10:44:20 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\62209ad31cd196201\DXSETUP.exe
2012-04-13 10:44:20 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\62209ad31cd196201\dsetup32.dll
2012-04-13 10:13:43 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{1BB2CE29-D139-41B0-A7EA-818D8BB13E27}
2012-04-12 19:37:35 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{6C35E774-63F8-40E4-9824-C6AF554D6DFE}
2012-04-12 06:01:28 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{63996106-086A-43A1-8AD0-3900D84B0474}
2012-04-11 12:52:33 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{E1663F31-C6D8-4375-B727-51F5853585F5}
2012-04-10 23:24:39 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{1DCDD0D7-C54C-43D7-BC50-DDC3ECD39352}
2012-04-10 10:27:39 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{07A67180-543D-4734-AAFA-DD4487D280D9}
2012-04-09 20:48:21 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{408723F3-3E00-4471-A1AB-2CF17FE0505F}
2012-04-08 14:00:04 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{51EAFD12-4DCE-42E7-9AD2-E3AB979AE383}
2012-04-08 01:59:53 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{3C9607A3-21E4-438F-ABF5-2AB99852BE4E}
2012-04-07 18:40:58 0 ----a-w- C:\Users\Caitlyn\.uc-a7d981a85e64a6bc82a0cabee33def84.caitlyn.caitlyn-vaio.tmp
2012-04-07 10:56:30 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{C258C714-5137-4030-BF2F-1DAB6AED1AAE}
2012-04-06 22:45:40 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{1611332D-A2BE-4ACC-904E-20039E7221BA}
2012-04-06 10:25:47 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{E8F75F22-54A7-4612-B181-4BEEED493159}
2012-04-05 18:49:52 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{BC8F7D9E-385A-4E8B-9EEF-7A99E318DF87}
2012-04-05 08:12:25 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-04-05 08:12:01 -------- d--h--w- C:\$AVG
2012-04-05 08:12:01 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-04-05 06:49:28 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{4C9ABB7F-E6D5-49CE-BDD8-054606C258C6}
2012-04-04 13:21:16 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-04-04 13:17:14 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-04-04 13:17:11 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-04-04 13:16:29 -------- d-----w- C:\ProgramData\PC Tools
2012-04-04 13:16:27 -------- d-----w- C:\Users\Caitlyn\AppData\Roaming\TestApp
2012-04-04 11:52:38 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{9F5CEB4E-C890-4CE3-BEFA-C30EE1AF38A9}
2012-04-03 23:02:30 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{DE3248A9-2328-4C98-A320-0119AB97B992}
2012-04-03 17:43:00 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-03 14:37:49 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-03 11:39:33 -------- d-----w- C:\Users\Caitlyn\AppData\Roaming\AVG2012
2012-04-03 11:37:59 -------- d-----w- C:\ProgramData\AVG2012
2012-04-03 11:02:07 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{85A20D07-16AA-4BAB-9F92-DF182DA73A4C}
2012-04-02 22:10:14 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{8BDAE2D5-3F57-4109-9CE7-8CF43CD17A04}
2012-04-02 09:39:18 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{18723CAE-F961-4F56-B72B-210C315F9375}
2012-04-01 13:19:08 -------- d-----w- C:\Users\Caitlyn\AppData\Local\{B68EFB93-40E4-46D8-99DE-4C73E040FF34}
.
==================== Find3M ====================
.
2012-04-19 10:02:01 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-04-14 07:36:54 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-20 23:44:12 98688 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-03-20 23:44:12 203888 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-03-19 08:17:26 383808 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-03-08 21:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 21:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-22 08:25:32 289872 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 14:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 13:48:05.80 ===============
caitlyn15
Active Member
 
Posts: 10
Joined: April 30th, 2012, 12:41 pm
Advertisement
Register to Remove

Re: Google-Analytics Redirect Virus

Unread postby Cypher » April 30th, 2012, 1:25 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start


When you ran DDS it should of produced two logs, DDS.txt and Attach.txt.
Please post the Attach.txt contents in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google-Analytics Redirect Virus

Unread postby caitlyn15 » April 30th, 2012, 1:34 pm

Sorry about that, here it is.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 10/3/2010 8:16:36 PM
System Uptime: 4/30/2012 12:24:48 AM (14 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i3 CPU M 350 @ 2.27GHz | N/A | 2266/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 176.497 GiB free.
E: is Removable
F: is Removable
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP394: 4/13/2012 7:44:24 AM - Windows Live Essentials
RP395: 4/13/2012 7:45:48 AM - Installed DirectX
RP396: 4/13/2012 7:46:10 AM - Installed DirectX
RP397: 4/13/2012 7:46:34 AM - WLSetup
RP398: 4/14/2012 10:13:46 PM - Windows Update
RP399: 4/15/2012 7:32:34 PM - Windows Backup
RP400: 4/16/2012 3:00:26 AM - Windows Update
RP401: 4/19/2012 6:58:33 AM - Installed Java(TM) 6 Update 31
RP402: 4/19/2012 5:35:34 PM - Windows Update
RP403: 4/22/2012 7:50:45 PM - Windows Backup
RP404: 4/23/2012 4:26:16 PM - Windows Update
RP405: 4/26/2012 8:50:36 PM - Windows Update
RP406: 4/29/2012 9:56:51 PM - Windows Backup
RP407: 4/30/2012 10:12:28 AM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 68.168.222.226 www.google-analytics.com.
Hosts: 68.168.222.226 ad-emea.doubleclick.net.
Hosts: 68.168.222.226 www.statcounter.com.
Hosts: 108.163.215.51 www.google-analytics.com.
Hosts: 108.163.215.51 ad-emea.doubleclick.net.
Hosts: 108.163.215.51 www.statcounter.com.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Community Help
Adobe Creative Suite 5 Master Collection
Adobe Media Player
Adobe Reader 9.5.1
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
BitTorrent
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.1
BlackBerry Device Software Updater
BlackBerry Device Software v5.0.0 for the BlackBerry 9300 smartphone
BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
D3DX10
Font_Setup
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
Keyboarding Pro DELUXE - (CE)
Keyboarding Pro™ DELUXE Word Add-In
Media Gallery
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MyTomTom 3.1.0.530
OOBE
Origin
PDF Settings CS5
PMB
PMB Updater
PMB VAIO Edition Guide
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
PxMergeModule
QuickTime
Realtek High Definition Audio Driver
Remote Keyboard
Remote Play with PlayStation 3
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Setting Utility Series
Skype™ 5.3
SmartWi Connection Utility
SOAP Toolkit
SOHLib Merge Module
Sony Home Network Library
The Sims™ 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Care Update
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Monitoring Settings
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story Template Data
VAIO Original Function Settings
VAIO Power Management
VAIO Quick Web Access
VAIO Survey
VAIO Transfer Support
VAIO Update
VAIO Wallpaper Contents
Visual Studio 2008 x64 Redistributables
Visual Studio C++ 10.0 Runtime
VU5x86
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
4/30/2012 2:19:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Caitlyn-VAIO\Caitlyn SID (S-1-5-21-3066240918-350026-4169920762-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/30/2012 2:19:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Caitlyn-VAIO\Caitlyn SID (S-1-5-21-3066240918-350026-4169920762-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/30/2012 2:19:50 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Caitlyn-VAIO\Caitlyn SID (S-1-5-21-3066240918-350026-4169920762-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/30/2012 11:21:34 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
4/29/2012 7:55:51 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
4/29/2012 6:16:38 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
4/28/2012 7:27:17 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer CHRISMACFARL-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{D5B8EB38-EC74-4F19-AD18-9DD6E18422B1}. The master browser is stopping or an election is being forced.
4/28/2012 7:22:01 AM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.10. The computer with the IP address 192.168.0.18 did not allow the name to be claimed by this computer.
4/27/2012 4:28:36 PM, Error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the computer that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.
4/27/2012 2:08:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
4/25/2012 8:35:13 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.435.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/25/2012 8:35:12 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.125.435.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8304.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
4/25/2012 4:40:09 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
4/25/2012 4:40:09 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
caitlyn15
Active Member
 
Posts: 10
Joined: April 30th, 2012, 12:41 pm

Re: Google-Analytics Redirect Virus

Unread postby Cypher » April 30th, 2012, 2:01 pm

Hi caitlyn15,
Sorry about that, here it is.

No problem these things happen ;)

Remove P2P Programs

  • I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
    BitTorrent
  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Click on Start > All programs > Accessories > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Next.

multiple Anti Virus programs

  • It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:
    AVG Internet Security 2012
    Microsoft Security Essentials
  • Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer.
  • Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.
  • Please remove one of them.

Next.

Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google-Analytics Redirect Virus

Unread postby caitlyn15 » April 30th, 2012, 2:46 pm

Hi there,

Here are the contents:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler1.dll
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler2.dll
c:\program files\adobe\adobe premiere pro cs5\plug-ins\en_us\vstplugins\decrackler6.dll
c:\program files (x86)\adobe\adobe dreamweaver cs5\configuration\taglibraries\html\keygen.vtm
c:\program files (x86)\adobe\adobe flash catalyst cs5\plugins\com.adobe.thermo.core_1.0.0.273393\com\adobe\thermo\undo\thermoundosystem$undoabledocumentchangecracker.class
c:\program files (x86)\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\idl\nsikeygenthread.idl
c:\program files (x86)\common files\adobe\adobe contribute cs5\app\configuration\browsers\mozilla run time libraries\dist\include\nsikeygenthread.h
c:\users\caitlyn\favorites\crackberry.com – the #1 site for blackberry users & abusers.url
c:\users\caitlyn\favorites\cracked.com - america's only humor & video site since 1958 cracked.com.url
scanner sequence 3.CF.11.MGAPPK
----- EOF -----
caitlyn15
Active Member
 
Posts: 10
Joined: April 30th, 2012, 12:41 pm

Re: Google-Analytics Redirect Virus

Unread postby Cypher » May 1st, 2012, 6:06 am

Hi caitlyn15,
Please continue with the instructions below.

Please download Malwarebytes' Anti-Malware and save to your desktop.

  • Right-click mbam-setup.exe And select " Run as administrator " then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next.

Please download OTL by Old Timer and save it to your Desktop.
  • Right click on OTL.exe And select Run as administrator to run it.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
      Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.


Logs/Information to Post in your Next Reply

  • Malwarebytes log.
  • OTL.txt and Extra.txt contents.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google-Analytics Redirect Virus

Unread postby caitlyn15 » May 1st, 2012, 6:46 am

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Caitlyn :: CAITLYN-VAIO [administrator]

5/1/2012 7:17:09 AM
mbam-log-2012-05-01 (07-17-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253997
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

===================================================================

OTL logfile created on: 5/1/2012 7:36:58 AM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Caitlyn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.67 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 42.28% Memory free
7.34 Gb Paging File | 4.78 Gb Available in Paging File | 65.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.86 Gb Total Space | 178.38 Gb Free Space | 61.97% Space Free | Partition Type: NTFS

Computer Name: CAITLYN-VAIO | User Name: Caitlyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/01 07:35:26 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Caitlyn\Desktop\OTL.exe
PRC - [2012/04/14 03:36:50 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/11/14 08:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/03/15 14:44:28 | 000,650,080 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/02/18 12:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/05/28 12:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/01/21 23:40:10 | 000,182,664 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2010/01/20 00:58:42 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2010/01/20 00:58:42 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2010/01/20 00:58:40 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/12/14 17:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/12/14 17:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/12/02 02:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/11/20 19:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/11/20 19:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/08/26 23:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/09/18 14:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/16 03:32:59 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/16 03:32:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/16 03:32:21 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/02/15 20:42:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 20:41:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 20:41:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 20:40:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 20:40:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/26 20:33:25 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/11/14 08:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 08:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 08:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 08:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 08:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 08:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 08:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXml4.dll
MOD - [2011/10/31 20:16:22 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/13 03:34:42 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/13 03:34:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/29 19:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/04 22:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 22:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 22:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/01/21 23:40:10 | 000,182,664 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
MOD - [2010/01/21 23:40:10 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
MOD - [2010/01/20 00:58:42 | 000,125,440 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2010/01/20 00:58:42 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
MOD - [2010/01/20 00:58:42 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2010/01/20 00:58:42 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2010/01/20 00:58:42 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2010/01/20 00:58:42 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
MOD - [2010/01/20 00:58:42 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2010/01/20 00:58:42 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2010/01/20 00:58:42 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
MOD - [2010/01/20 00:58:42 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2010/01/20 00:58:42 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
MOD - [2010/01/20 00:58:40 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2010/01/20 00:58:40 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2010/01/20 00:58:40 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
MOD - [2010/01/20 00:58:40 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
MOD - [2010/01/20 00:58:40 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2010/01/20 00:58:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SystemPowerDLL.dll
MOD - [2010/01/20 00:58:40 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/05/19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2010/10/25 18:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010/10/25 18:26:34 | 000,101,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010/09/27 16:13:22 | 000,303,872 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/07/19 18:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2010/07/19 17:48:36 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/07/19 17:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2010/04/20 13:14:44 | 000,168,448 | ---- | M] (Sony of America Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2009/11/30 23:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/09/04 17:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/14 04:36:55 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/10/12 16:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/09/27 16:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010/09/27 16:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/09/10 09:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/09/10 09:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/05/28 12:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/14 17:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/14 17:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/11/20 19:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/08/31 05:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/08/31 05:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 14:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 09:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 19:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/29 17:14:12 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW64.sys -- (TVICHW64)
DRV:64bit: - [2010/10/12 23:23:45 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/10/12 23:23:44 | 007,841,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/14 04:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/01/27 17:10:59 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/01/13 12:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/12/17 23:09:20 | 000,036,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2009/12/16 17:03:42 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/14 17:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/11/20 19:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/18 01:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/11/18 01:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/11/18 01:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/18 01:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/18 01:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/11/12 17:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/11/12 17:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/06 17:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009/11/04 06:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/09/15 17:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009/08/19 17:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 21:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 18:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=SNNT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ottawacitizen.com/index.html
IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_en
IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ottawacitizen.com/index.html"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/02/06 17:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/15 20:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/04 16:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caitlyn\AppData\Roaming\Mozilla\Extensions
[2012/01/04 16:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caitlyn\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/04/19 07:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/19 07:02:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/13 01:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 01:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 01:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/02 10:23:55 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 68.168.222.226 www.google-analytics.com.
O1 - Hosts: 68.168.222.226 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.226 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3066240918-350026-4169920762-1000..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-3066240918-350026-4169920762-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://design-concept.ca/Core/Player/20 ... _Win32.cab (20-20 3D Viewer)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://algvpn.algonquincollege.com/CAC ... vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5B8EB38-EC74-4F19-AD18-9DD6E18422B1}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 07:35:18 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Caitlyn\Desktop\OTL.exe
[2012/05/01 07:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/01 07:15:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/01 07:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/01 07:13:18 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{92E95199-B533-45EA-857B-5AC048664022}
[2012/05/01 07:13:07 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8654AE2D-6A07-478B-B5CA-3BA06BECCDBB}
[2012/04/30 15:35:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/30 15:20:58 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Roaming\AVG2012
[2012/04/30 10:01:55 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{6FD13E24-0E90-4A07-88FE-6D89C4455CFE}
[2012/04/30 10:01:38 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{4253A56B-32B3-4E0C-8C18-C776F96BBF64}
[2012/04/29 21:56:29 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{9870F573-6BBF-478F-8D92-DE87027EB9AA}
[2012/04/29 21:56:08 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{5437239F-4571-4C82-B274-109F67C7A9DA}
[2012/04/29 09:02:15 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{CAFC432C-A876-40BE-8053-96E003CB35CB}
[2012/04/29 09:02:04 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F04B50CC-4AB1-4D62-AD36-F24D14463955}
[2012/04/28 21:01:45 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{37EF2AFF-67AE-4822-B73F-ED56F60A883E}
[2012/04/28 21:01:27 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{65150836-ADE3-460C-8535-056387D2E098}
[2012/04/28 06:56:58 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{E65AD971-EB66-46D8-85B4-26585429CC2A}
[2012/04/28 06:56:47 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{76989061-2C46-49E5-9B97-A6A790472C19}
[2012/04/27 09:45:19 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F06B417E-9F9E-447D-8CDF-1F406D23B62A}
[2012/04/27 09:44:56 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{0A53218A-A392-4DDA-A12C-BA01FBED8814}
[2012/04/26 20:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/26 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{0224DC3C-88B8-4A31-A1F5-6214C74E617A}
[2012/04/26 15:05:20 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{3D062C7F-688E-4A83-85A1-54C66D5E04E0}
[2012/04/25 23:27:45 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{EF6B9CFE-5E35-47BF-A3D9-89E3516FBC70}
[2012/04/25 23:27:26 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{AB3F5E88-BBF9-40D7-9057-2C97A687A91C}
[2012/04/25 11:01:24 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8BDB5E2C-92CC-474F-8719-BE0305AD3161}
[2012/04/25 11:00:55 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F931CA83-53BF-4222-8D82-EC2DD966FA60}
[2012/04/25 08:04:39 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\30743688.sys
[2012/04/24 20:33:56 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8A8097AA-5279-4F25-AB19-00FBCA65A093}
[2012/04/24 20:33:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{52EA15B0-2BC1-40BB-AF59-0B1FCC6CDE36}
[2012/04/24 08:33:23 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8A8D53A9-5977-42CD-814B-FCCF5D650A81}
[2012/04/24 08:32:59 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{A3E0661A-A338-4993-A8E4-9C9DA0525D6B}
[2012/04/23 10:50:09 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{AAB1E0E4-364A-40FA-819B-C2544C4AD1C4}
[2012/04/23 10:49:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{D783A598-A8FE-4CB2-BE73-088E2BB21EE8}
[2012/04/22 22:23:23 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{D6A27D08-EF2F-4575-8BBD-5F0FBBA517CE}
[2012/04/22 22:23:07 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F157D300-5103-4C05-A9AC-B1874A765148}
[2012/04/22 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{C534FD2C-1F7B-4447-A544-E7783C1751B1}
[2012/04/22 09:28:50 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{27881F45-2A9B-4501-BBF7-2D54899BAD61}
[2012/04/21 16:30:31 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1F9C3493-BB40-4DA2-B490-B8FFE2C1ABE0}
[2012/04/21 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{CEDF8259-4C63-4F35-8325-56D231E3EA37}
[2012/04/21 03:18:54 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{EDABA69E-4A3A-41F1-8738-FE167D4E7F11}
[2012/04/21 03:18:32 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{74CE3CE4-D40A-4F58-8950-12EA0F02452A}
[2012/04/20 09:29:41 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8152AEBB-D5CB-4F3F-AAC5-500B151AB6B2}
[2012/04/20 09:29:22 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{7D4AE36F-93BC-42DE-803F-6496F158C189}
[2012/04/19 20:28:55 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1651256F-8100-4CCD-9324-58B8BD1DEE89}
[2012/04/19 20:28:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{7BD18A30-D94F-4854-A39E-29E4DD949775}
[2012/04/19 08:28:31 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{3A6DF271-1996-43D1-A42F-57A88388EDBE}
[2012/04/19 08:28:19 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{882745C7-EB36-4E89-BD7A-27883902395A}
[2012/04/19 07:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/19 07:02:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/19 07:02:12 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/19 07:02:12 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/18 20:28:00 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{C3B70F55-D46E-4AD3-934A-1138846A1F0F}
[2012/04/18 20:27:37 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{7371C8E3-3B65-4F06-B42E-10833C944C32}
[2012/04/18 07:41:20 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1990D218-1ED3-49A8-AED3-C26513D75244}
[2012/04/18 07:40:57 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{25BECA6D-BDF7-457C-B65A-3986657EA476}
[2012/04/18 07:35:08 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F862D44B-385F-4CE0-AA77-897ACC107649}
[2012/04/17 19:33:05 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{D74652C2-EA68-4764-923A-013AA0406022}
[2012/04/17 19:31:38 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{145E5B4A-FDAD-4842-AAC4-55B40F83BFA2}
[2012/04/17 07:21:17 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{2D02AFD1-F1D1-439B-9154-DC0E99A9F7E2}
[2012/04/17 07:21:07 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{3D301969-593F-40A2-A137-7081A91BAB39}
[2012/04/16 19:20:48 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{84F1605A-47C3-442B-8CED-098AFCDA65CC}
[2012/04/16 19:20:30 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F79F3BF9-BD02-416A-ACA4-0EDD9B9AAA4A}
[2012/04/16 15:01:02 | 055,154,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/04/16 07:02:06 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{BF07CB81-D968-42AE-B999-FD57264893A6}
[2012/04/16 07:01:55 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{37504A5F-FDCF-4280-A324-B977E51B30BF}
[2012/04/16 03:04:24 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/16 03:04:24 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/16 03:04:22 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/16 03:04:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/16 03:04:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/16 03:04:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/16 03:04:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/16 03:04:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/16 03:04:20 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/16 03:04:20 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/16 03:04:20 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/16 03:03:32 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/16 03:03:32 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/16 03:03:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/16 03:00:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/16 03:00:52 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/16 03:00:50 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/15 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Roaming\Malwarebytes
[2012/04/15 21:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/15 20:56:14 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\Mozilla
[2012/04/15 20:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/04/15 20:22:42 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/15 11:33:11 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{47A392F2-48B1-4C31-8C5B-D29EEBBD640D}
[2012/04/15 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{B36BAF15-F733-407B-A2D7-C90B6657C274}
[2012/04/14 22:03:17 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{795B2480-DE1C-486B-A400-B3D2F1DA0862}
[2012/04/14 22:02:47 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{177335D6-BB51-497E-9325-A95EC000A625}
[2012/04/14 09:43:09 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{FF1290F9-C0C6-4359-9AA8-74EB3E162640}
[2012/04/14 09:42:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{A76AA38C-D29E-4E2E-AC8A-9B92C9FF2BE1}
[2012/04/13 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{4B7EDB9D-FA7D-4965-877A-9CB2BA2C1E63}
[2012/04/13 20:20:22 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{9D625E35-CBEB-4648-88E8-D6347D5B9819}
[2012/04/13 07:50:38 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{4FB3AE88-C910-4F6E-AA6F-3F4BD584E463}
[2012/04/13 07:50:27 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{358DCD6E-8180-44F6-A9E9-CE63938BB9C6}
[2012/04/13 07:49:09 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/13 07:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/13 07:13:43 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1BB2CE29-D139-41B0-A7EA-818D8BB13E27}
[2012/04/12 16:37:35 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{6C35E774-63F8-40E4-9824-C6AF554D6DFE}
[2012/04/12 03:01:28 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{63996106-086A-43A1-8AD0-3900D84B0474}
[2012/04/11 09:52:33 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{E1663F31-C6D8-4375-B727-51F5853585F5}
[2012/04/10 20:24:39 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1DCDD0D7-C54C-43D7-BC50-DDC3ECD39352}
[2012/04/10 07:27:39 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{07A67180-543D-4734-AAFA-DD4487D280D9}
[2012/04/09 17:48:21 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{408723F3-3E00-4471-A1AB-2CF17FE0505F}
[2012/04/08 11:00:04 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{51EAFD12-4DCE-42E7-9AD2-E3AB979AE383}
[2012/04/07 22:59:53 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{3C9607A3-21E4-438F-ABF5-2AB99852BE4E}
[2012/04/07 07:56:30 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{C258C714-5137-4030-BF2F-1DAB6AED1AAE}
[2012/04/06 19:45:40 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1611332D-A2BE-4ACC-904E-20039E7221BA}
[2012/04/06 07:25:47 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{E8F75F22-54A7-4612-B181-4BEEED493159}
[2012/04/05 15:49:52 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{BC8F7D9E-385A-4E8B-9EEF-7A99E318DF87}
[2012/04/05 03:49:28 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{4C9ABB7F-E6D5-49CE-BDD8-054606C258C6}
[2012/04/04 10:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/04/04 10:17:14 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/04/04 10:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/04 10:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/04 10:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/04 10:16:27 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Roaming\TestApp
[2012/04/04 08:52:38 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{9F5CEB4E-C890-4CE3-BEFA-C30EE1AF38A9}
[2012/04/03 20:02:30 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{DE3248A9-2328-4C98-A320-0119AB97B992}
[2012/04/03 14:43:00 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/03 11:37:49 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/03 08:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/04/03 08:02:07 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{85A20D07-16AA-4BAB-9F92-DF182DA73A4C}
[2012/04/02 19:10:14 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8BDAE2D5-3F57-4109-9CE7-8CF43CD17A04}
[2012/04/02 06:39:18 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{18723CAE-F961-4F56-B72B-210C315F9375}
[2012/04/01 10:19:08 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{B68EFB93-40E4-46D8-99DE-4C73E040FF34}
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Users\Caitlyn\*.tmp files -> C:\Users\Caitlyn\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/01 07:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/01 07:35:26 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Caitlyn\Desktop\OTL.exe
[2012/05/01 07:15:14 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 15:46:05 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 15:46:05 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 15:38:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/30 15:38:05 | 2955,485,184 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 15:23:03 | 000,458,240 | ---- | M] () -- C:\Users\Caitlyn\Desktop\CKScanner.exe
[2012/04/26 20:52:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/26 20:52:34 | 000,750,224 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/26 20:52:34 | 000,630,682 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/26 20:52:34 | 000,109,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/25 08:04:39 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\30743688.sys
[2012/04/20 06:53:21 | 000,018,592 | ---- | M] () -- C:\test.xml
[2012/04/19 07:02:02 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/19 07:02:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/19 07:02:01 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/19 07:02:01 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/17 12:53:57 | 000,736,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/16 10:16:37 | 001,585,066 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/04/15 20:56:11 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/14 04:36:54 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 04:36:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 04:36:18 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/07 15:39:38 | 434,486,882 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/05 05:12:31 | 000,000,222 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 10:23:55 | 000,001,401 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[1 C:\Users\Caitlyn\*.tmp files -> C:\Users\Caitlyn\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/01 07:15:14 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 15:23:03 | 000,458,240 | ---- | C] () -- C:\Users\Caitlyn\Desktop\CKScanner.exe
[2012/04/15 20:56:11 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/15 20:56:10 | 000,001,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/07 15:39:38 | 434,486,882 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/05 11:40:15 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012/04/05 05:12:31 | 000,000,222 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2012/04/04 10:17:22 | 001,585,066 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/04/03 11:37:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/09/16 08:31:13 | 000,000,132 | ---- | C] () -- C:\Users\Caitlyn\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/09/16 08:26:01 | 000,000,132 | ---- | C] () -- C:\Users\Caitlyn\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/15 11:35:27 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/15 11:35:27 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/02/13 14:00:32 | 000,001,456 | ---- | C] () -- C:\Users\Caitlyn\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/02/02 17:27:56 | 000,750,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/16 13:48:26 | 000,014,848 | ---- | C] () -- C:\Users\Caitlyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/25 21:32:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/12 23:23:44 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/10/08 14:47:53 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010/10/08 14:07:44 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


========================================================================
caitlyn15
Active Member
 
Posts: 10
Joined: April 30th, 2012, 12:41 pm

Re: Google-Analytics Redirect Virus

Unread postby caitlyn15 » May 1st, 2012, 6:46 am

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Caitlyn :: CAITLYN-VAIO [administrator]

5/1/2012 7:17:09 AM
mbam-log-2012-05-01 (07-17-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 253997
Time elapsed: 12 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

===================================================================

OTL logfile created on: 5/1/2012 7:36:58 AM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Caitlyn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.67 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 42.28% Memory free
7.34 Gb Paging File | 4.78 Gb Available in Paging File | 65.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.86 Gb Total Space | 178.38 Gb Free Space | 61.97% Space Free | Partition Type: NTFS

Computer Name: CAITLYN-VAIO | User Name: Caitlyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/01 07:35:26 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Caitlyn\Desktop\OTL.exe
PRC - [2012/04/14 03:36:50 | 000,353,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
PRC - [2012/04/04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2011/11/14 08:02:04 | 000,435,672 | ---- | M] (TomTom) -- C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
PRC - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011/03/15 14:44:28 | 000,650,080 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011/02/18 12:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/05/28 12:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/01/21 23:40:10 | 000,182,664 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2010/01/20 00:58:42 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2010/01/20 00:58:42 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2010/01/20 00:58:40 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/12/14 17:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/12/14 17:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/12/02 02:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/11/20 19:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/11/20 19:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/08/26 23:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/09/18 14:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/16 03:32:59 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MOD - [2012/04/16 03:32:29 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/16 03:32:21 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/02/15 20:42:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012/02/15 20:41:20 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/02/15 20:41:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/15 20:40:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/15 20:40:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/01/26 20:33:25 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/11/14 08:02:08 | 000,202,712 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
MOD - [2011/11/14 08:02:06 | 000,063,960 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
MOD - [2011/11/14 08:01:52 | 007,964,160 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtGui4.dll
MOD - [2011/11/14 08:01:52 | 002,648,064 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXmlPatterns4.dll
MOD - [2011/11/14 08:01:52 | 002,302,464 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtCore4.dll
MOD - [2011/11/14 08:01:52 | 000,980,480 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll
MOD - [2011/11/14 08:01:52 | 000,357,888 | ---- | M] () -- C:\Program Files (x86)\MyTomTom 3\QtXml4.dll
MOD - [2011/10/31 20:16:22 | 003,190,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/13 03:34:42 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/13 03:34:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/29 19:33:52 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/11/04 22:58:14 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010/11/04 22:58:10 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/11/04 22:58:09 | 000,385,024 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2010/01/21 23:40:10 | 000,182,664 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
MOD - [2010/01/21 23:40:10 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
MOD - [2010/01/20 00:58:42 | 000,125,440 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2010/01/20 00:58:42 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
MOD - [2010/01/20 00:58:42 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2010/01/20 00:58:42 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2010/01/20 00:58:42 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2010/01/20 00:58:42 | 000,016,384 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
MOD - [2010/01/20 00:58:42 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2010/01/20 00:58:42 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2010/01/20 00:58:42 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
MOD - [2010/01/20 00:58:42 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2010/01/20 00:58:42 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
MOD - [2010/01/20 00:58:40 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2010/01/20 00:58:40 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2010/01/20 00:58:40 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
MOD - [2010/01/20 00:58:40 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
MOD - [2010/01/20 00:58:40 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2010/01/20 00:58:40 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SystemPowerDLL.dll
MOD - [2010/01/20 00:58:40 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/01/13 10:55:10 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2011/05/19 19:15:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2010/10/25 18:55:26 | 000,387,896 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010/10/25 18:26:34 | 000,101,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010/09/27 16:13:22 | 000,303,872 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/07/19 18:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2010/07/19 17:48:36 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/07/19 17:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2010/04/20 13:14:44 | 000,168,448 | ---- | M] (Sony of America Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector)
SRV:64bit: - [2009/11/30 23:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/09/04 17:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/14 04:36:55 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/10/12 16:52:48 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/09/27 16:13:26 | 000,074,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2010/09/27 16:12:36 | 000,864,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/09/10 09:47:30 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/09/10 09:47:30 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/05/28 12:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/14 17:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/14 17:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/11/20 19:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/08/31 05:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/08/31 05:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 14:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/05/10 09:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 19:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/29 17:14:12 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW64.sys -- (TVICHW64)
DRV:64bit: - [2010/10/12 23:23:45 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/10/12 23:23:44 | 007,841,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/14 04:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010/01/27 17:10:59 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/01/13 12:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009/12/17 23:09:20 | 000,036,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2009/12/16 17:03:42 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/14 17:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/11/20 19:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/18 01:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/11/18 01:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/11/18 01:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/18 01:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/18 01:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/11/12 17:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/11/12 17:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/06 17:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009/11/04 06:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/09/15 17:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009/08/19 17:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 21:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 21:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/09 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 18:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain ... &bmod=SNNT
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ottawacitizen.com/index.html
IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SNNT_en
IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.ottawacitizen.com/index.html"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/02/06 17:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/15 20:56:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/01/04 16:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caitlyn\AppData\Roaming\Mozilla\Extensions
[2012/01/04 16:53:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Caitlyn\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/04/19 07:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/19 07:02:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/03/13 01:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/13 01:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/13 01:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/02 10:23:55 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 68.168.222.226 www.google-analytics.com.
O1 - Hosts: 68.168.222.226 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.226 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3066240918-350026-4169920762-1000..\Run: [MyTomTomSA.exe] C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (TomTom)
O4 - HKU\S-1-5-21-3066240918-350026-4169920762-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://design-concept.ca/Core/Player/20 ... _Win32.cab (20-20 3D Viewer)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://algvpn.algonquincollege.com/CAC ... vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.walmartphotocentre.ca/upload ... ontrol.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D5B8EB38-EC74-4F19-AD18-9DD6E18422B1}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/01 07:35:18 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Caitlyn\Desktop\OTL.exe
[2012/05/01 07:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/01 07:15:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/01 07:15:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/01 07:13:18 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{92E95199-B533-45EA-857B-5AC048664022}
[2012/05/01 07:13:07 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8654AE2D-6A07-478B-B5CA-3BA06BECCDBB}
[2012/04/30 15:35:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/04/30 15:20:58 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Roaming\AVG2012
[2012/04/30 10:01:55 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{6FD13E24-0E90-4A07-88FE-6D89C4455CFE}
[2012/04/30 10:01:38 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{4253A56B-32B3-4E0C-8C18-C776F96BBF64}
[2012/04/29 21:56:29 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{9870F573-6BBF-478F-8D92-DE87027EB9AA}
[2012/04/29 21:56:08 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{5437239F-4571-4C82-B274-109F67C7A9DA}
[2012/04/29 09:02:15 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{CAFC432C-A876-40BE-8053-96E003CB35CB}
[2012/04/29 09:02:04 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F04B50CC-4AB1-4D62-AD36-F24D14463955}
[2012/04/28 21:01:45 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{37EF2AFF-67AE-4822-B73F-ED56F60A883E}
[2012/04/28 21:01:27 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{65150836-ADE3-460C-8535-056387D2E098}
[2012/04/28 06:56:58 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{E65AD971-EB66-46D8-85B4-26585429CC2A}
[2012/04/28 06:56:47 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{76989061-2C46-49E5-9B97-A6A790472C19}
[2012/04/27 09:45:19 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F06B417E-9F9E-447D-8CDF-1F406D23B62A}
[2012/04/27 09:44:56 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{0A53218A-A392-4DDA-A12C-BA01FBED8814}
[2012/04/26 20:52:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/04/26 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{0224DC3C-88B8-4A31-A1F5-6214C74E617A}
[2012/04/26 15:05:20 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{3D062C7F-688E-4A83-85A1-54C66D5E04E0}
[2012/04/25 23:27:45 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{EF6B9CFE-5E35-47BF-A3D9-89E3516FBC70}
[2012/04/25 23:27:26 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{AB3F5E88-BBF9-40D7-9057-2C97A687A91C}
[2012/04/25 11:01:24 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8BDB5E2C-92CC-474F-8719-BE0305AD3161}
[2012/04/25 11:00:55 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F931CA83-53BF-4222-8D82-EC2DD966FA60}
[2012/04/25 08:04:39 | 000,116,016 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\30743688.sys
[2012/04/24 20:33:56 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8A8097AA-5279-4F25-AB19-00FBCA65A093}
[2012/04/24 20:33:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{52EA15B0-2BC1-40BB-AF59-0B1FCC6CDE36}
[2012/04/24 08:33:23 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8A8D53A9-5977-42CD-814B-FCCF5D650A81}
[2012/04/24 08:32:59 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{A3E0661A-A338-4993-A8E4-9C9DA0525D6B}
[2012/04/23 10:50:09 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{AAB1E0E4-364A-40FA-819B-C2544C4AD1C4}
[2012/04/23 10:49:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{D783A598-A8FE-4CB2-BE73-088E2BB21EE8}
[2012/04/22 22:23:23 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{D6A27D08-EF2F-4575-8BBD-5F0FBBA517CE}
[2012/04/22 22:23:07 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F157D300-5103-4C05-A9AC-B1874A765148}
[2012/04/22 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{C534FD2C-1F7B-4447-A544-E7783C1751B1}
[2012/04/22 09:28:50 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{27881F45-2A9B-4501-BBF7-2D54899BAD61}
[2012/04/21 16:30:31 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1F9C3493-BB40-4DA2-B490-B8FFE2C1ABE0}
[2012/04/21 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{CEDF8259-4C63-4F35-8325-56D231E3EA37}
[2012/04/21 03:18:54 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{EDABA69E-4A3A-41F1-8738-FE167D4E7F11}
[2012/04/21 03:18:32 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{74CE3CE4-D40A-4F58-8950-12EA0F02452A}
[2012/04/20 09:29:41 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8152AEBB-D5CB-4F3F-AAC5-500B151AB6B2}
[2012/04/20 09:29:22 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{7D4AE36F-93BC-42DE-803F-6496F158C189}
[2012/04/19 20:28:55 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1651256F-8100-4CCD-9324-58B8BD1DEE89}
[2012/04/19 20:28:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{7BD18A30-D94F-4854-A39E-29E4DD949775}
[2012/04/19 08:28:31 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{3A6DF271-1996-43D1-A42F-57A88388EDBE}
[2012/04/19 08:28:19 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{882745C7-EB36-4E89-BD7A-27883902395A}
[2012/04/19 07:02:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/19 07:02:12 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/19 07:02:12 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/19 07:02:12 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/18 20:28:00 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{C3B70F55-D46E-4AD3-934A-1138846A1F0F}
[2012/04/18 20:27:37 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{7371C8E3-3B65-4F06-B42E-10833C944C32}
[2012/04/18 07:41:20 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1990D218-1ED3-49A8-AED3-C26513D75244}
[2012/04/18 07:40:57 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{25BECA6D-BDF7-457C-B65A-3986657EA476}
[2012/04/18 07:35:08 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F862D44B-385F-4CE0-AA77-897ACC107649}
[2012/04/17 19:33:05 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{D74652C2-EA68-4764-923A-013AA0406022}
[2012/04/17 19:31:38 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{145E5B4A-FDAD-4842-AAC4-55B40F83BFA2}
[2012/04/17 07:21:17 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{2D02AFD1-F1D1-439B-9154-DC0E99A9F7E2}
[2012/04/17 07:21:07 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{3D301969-593F-40A2-A137-7081A91BAB39}
[2012/04/16 19:20:48 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{84F1605A-47C3-442B-8CED-098AFCDA65CC}
[2012/04/16 19:20:30 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F79F3BF9-BD02-416A-ACA4-0EDD9B9AAA4A}
[2012/04/16 15:01:02 | 055,154,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/04/16 07:02:06 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{BF07CB81-D968-42AE-B999-FD57264893A6}
[2012/04/16 07:01:55 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{37504A5F-FDCF-4280-A324-B977E51B30BF}
[2012/04/16 03:04:24 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/16 03:04:24 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/16 03:04:22 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/16 03:04:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/16 03:04:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/16 03:04:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/16 03:04:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/16 03:04:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/16 03:04:20 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/16 03:04:20 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/16 03:04:20 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/16 03:03:32 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/16 03:03:32 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/16 03:03:32 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/16 03:00:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/16 03:00:52 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/16 03:00:50 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/15 21:00:39 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Roaming\Malwarebytes
[2012/04/15 21:00:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/15 20:56:14 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\Mozilla
[2012/04/15 20:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/04/15 20:22:42 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Roaming\SUPERAntiSpyware.com
[2012/04/15 11:33:11 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{47A392F2-48B1-4C31-8C5B-D29EEBBD640D}
[2012/04/15 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{B36BAF15-F733-407B-A2D7-C90B6657C274}
[2012/04/14 22:03:17 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{795B2480-DE1C-486B-A400-B3D2F1DA0862}
[2012/04/14 22:02:47 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{177335D6-BB51-497E-9325-A95EC000A625}
[2012/04/14 09:43:09 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{FF1290F9-C0C6-4359-9AA8-74EB3E162640}
[2012/04/14 09:42:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{A76AA38C-D29E-4E2E-AC8A-9B92C9FF2BE1}
[2012/04/13 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{4B7EDB9D-FA7D-4965-877A-9CB2BA2C1E63}
[2012/04/13 20:20:22 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{9D625E35-CBEB-4648-88E8-D6347D5B9819}
[2012/04/13 07:50:38 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{4FB3AE88-C910-4F6E-AA6F-3F4BD584E463}
[2012/04/13 07:50:27 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{358DCD6E-8180-44F6-A9E9-CE63938BB9C6}
[2012/04/13 07:49:09 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/13 07:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/04/13 07:13:43 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1BB2CE29-D139-41B0-A7EA-818D8BB13E27}
[2012/04/12 16:37:35 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{6C35E774-63F8-40E4-9824-C6AF554D6DFE}
[2012/04/12 03:01:28 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{63996106-086A-43A1-8AD0-3900D84B0474}
[2012/04/11 09:52:33 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{E1663F31-C6D8-4375-B727-51F5853585F5}
[2012/04/10 20:24:39 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1DCDD0D7-C54C-43D7-BC50-DDC3ECD39352}
[2012/04/10 07:27:39 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{07A67180-543D-4734-AAFA-DD4487D280D9}
[2012/04/09 17:48:21 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{408723F3-3E00-4471-A1AB-2CF17FE0505F}
[2012/04/08 11:00:04 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{51EAFD12-4DCE-42E7-9AD2-E3AB979AE383}
[2012/04/07 22:59:53 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{3C9607A3-21E4-438F-ABF5-2AB99852BE4E}
[2012/04/07 07:56:30 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{C258C714-5137-4030-BF2F-1DAB6AED1AAE}
[2012/04/06 19:45:40 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1611332D-A2BE-4ACC-904E-20039E7221BA}
[2012/04/06 07:25:47 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{E8F75F22-54A7-4612-B181-4BEEED493159}
[2012/04/05 15:49:52 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{BC8F7D9E-385A-4E8B-9EEF-7A99E318DF87}
[2012/04/05 03:49:28 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{4C9ABB7F-E6D5-49CE-BDD8-054606C258C6}
[2012/04/04 10:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/04/04 10:17:14 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/04/04 10:17:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/04/04 10:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/04/04 10:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/04/04 10:16:27 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Roaming\TestApp
[2012/04/04 08:52:38 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{9F5CEB4E-C890-4CE3-BEFA-C30EE1AF38A9}
[2012/04/03 20:02:30 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{DE3248A9-2328-4C98-A320-0119AB97B992}
[2012/04/03 14:43:00 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/03 11:37:49 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/03 08:37:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/04/03 08:02:07 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{85A20D07-16AA-4BAB-9F92-DF182DA73A4C}
[2012/04/02 19:10:14 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8BDAE2D5-3F57-4109-9CE7-8CF43CD17A04}
[2012/04/02 06:39:18 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{18723CAE-F961-4F56-B72B-210C315F9375}
[2012/04/01 10:19:08 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{B68EFB93-40E4-46D8-99DE-4C73E040FF34}
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Users\Caitlyn\*.tmp files -> C:\Users\Caitlyn\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/01 07:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/01 07:35:26 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Caitlyn\Desktop\OTL.exe
[2012/05/01 07:15:14 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 15:46:05 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 15:46:05 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/30 15:38:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/30 15:38:05 | 2955,485,184 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/30 15:23:03 | 000,458,240 | ---- | M] () -- C:\Users\Caitlyn\Desktop\CKScanner.exe
[2012/04/26 20:52:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/26 20:52:34 | 000,750,224 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/26 20:52:34 | 000,630,682 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/26 20:52:34 | 000,109,728 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/25 08:04:39 | 000,116,016 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\30743688.sys
[2012/04/20 06:53:21 | 000,018,592 | ---- | M] () -- C:\test.xml
[2012/04/19 07:02:02 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/04/19 07:02:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/04/19 07:02:01 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/04/19 07:02:01 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/04/17 12:53:57 | 000,736,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/16 10:16:37 | 001,585,066 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/04/15 20:56:11 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/14 04:36:54 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/04/14 04:36:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/04/14 04:36:18 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012/04/07 15:39:38 | 434,486,882 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/04/05 05:12:31 | 000,000,222 | ---- | M] () -- C:\Windows\tasks\SidebarExecute.job
[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/02 10:23:55 | 000,001,401 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[1 C:\Users\Caitlyn\*.tmp files -> C:\Users\Caitlyn\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/01 07:15:14 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/30 15:23:03 | 000,458,240 | ---- | C] () -- C:\Users\Caitlyn\Desktop\CKScanner.exe
[2012/04/15 20:56:11 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/15 20:56:10 | 000,001,138 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/07 15:39:38 | 434,486,882 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/04/05 11:40:15 | 000,001,151 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012/04/05 05:12:31 | 000,000,222 | ---- | C] () -- C:\Windows\tasks\SidebarExecute.job
[2012/04/04 10:17:22 | 001,585,066 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/04/03 11:37:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2011/09/16 08:31:13 | 000,000,132 | ---- | C] () -- C:\Users\Caitlyn\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/09/16 08:26:01 | 000,000,132 | ---- | C] () -- C:\Users\Caitlyn\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/03/15 11:35:27 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/15 11:35:27 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/02/13 14:00:32 | 000,001,456 | ---- | C] () -- C:\Users\Caitlyn\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/02/02 17:27:56 | 000,750,224 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/01/16 13:48:26 | 000,014,848 | ---- | C] () -- C:\Users\Caitlyn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/25 21:32:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/12 23:23:44 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/10/08 14:47:53 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2010/10/08 14:07:44 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


========================================================================
caitlyn15
Active Member
 
Posts: 10
Joined: April 30th, 2012, 12:41 pm

Re: Google-Analytics Redirect Virus

Unread postby caitlyn15 » May 1st, 2012, 6:47 am

Here is part 2... the last one was too long for me to post.

OTL Extras logfile created on: 5/1/2012 7:36:58 AM - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Users\Caitlyn\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.67 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 42.28% Memory free
7.34 Gb Paging File | 4.78 Gb Available in Paging File | 65.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.86 Gb Total Space | 178.38 Gb Free Space | 61.97% Space Free | Partition Type: NTFS

Computer Name: CAITLYN-VAIO | User Name: Caitlyn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13F8AD60-0FFD-43DE-9A5C-976D041160E6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{23ED70BF-E397-4761-B8D5-870B9D9648ED}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{2A7B9D1E-F544-4B54-9A5E-7B426D97A0C8}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software music sync service data transfer |
"{31706702-2158-48F6-BC2E-40F7F6AA17BD}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{31AB43A3-53C9-4BBF-A16B-649A9907ACE0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{48AE664B-098F-46CF-A3F9-A6F10B52D754}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5ECC195A-433C-4955-8658-61ABE012D03E}" = lport=139 | protocol=6 | dir=in | app=system |
"{6D3926D3-B807-4FA4-86F1-30BB6B7EEC82}" = lport=445 | protocol=6 | dir=in | app=system |
"{7894E54E-F55C-4AFF-A7CA-474CC009CC96}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{88CF491F-AD3C-43D8-9916-2023AA811679}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B132EFB-0DA2-4D59-A028-99A4486032B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8BFB7ADC-B8C2-49CD-8F8A-28BC6DE9E89C}" = rport=138 | protocol=17 | dir=out | app=system |
"{930AEA91-64CB-4FE4-922C-27C48F6D47CD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99F498F3-77A2-44AC-92E9-DEAA3A552C61}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9A96C58B-980E-4776-B32E-06ADA0A53284}" = lport=138 | protocol=17 | dir=in | app=system |
"{9E0A9E5E-B9A8-4774-A502-ABBF108C1700}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A01A1153-A267-42BB-9BEE-71494CB3A5B7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A1090CE2-6E1E-4DCD-82D9-708BE05EB8A2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6DD0478-BBAE-40BD-BF35-3D13FFE8406C}" = rport=139 | protocol=6 | dir=out | app=system |
"{BBF671DC-DAE6-4634-BDDB-9B1D698FA8CF}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software music sync service discovery |
"{C8C721E5-6A97-4019-812E-9FC189419DA7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CFC7AAD3-7894-49F9-B546-052CD7A87E2E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D2594FCB-82DE-4E5C-B13B-8C2895C7CF82}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D4ED258D-2903-4D1B-88BE-70F27474AEEC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DA5BE405-42B4-4C13-B48C-DDDCFFEACA83}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{E01369BD-DA11-4A44-AA7F-91EB505DAB03}" = rport=445 | protocol=6 | dir=out | app=system |
"{E3F430B1-F251-441B-A111-F272E15BC7B5}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E6BD2049-FAC3-4BF9-BF04-EB1C967DC7F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EF4C1D42-DF09-4E0B-979B-D6089826B864}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F047ACA1-C3EF-40FE-A8C3-3E1C59152EEF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F4CFF0FA-7D75-4C5B-8325-E87CD3AB6BFC}" = lport=137 | protocol=17 | dir=in | app=system |
"{F9306327-F719-4E83-BC1F-BE9289FA5C22}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{FA28CD1B-7126-4360-A4EF-A7037A70813D}" = rport=137 | protocol=17 | dir=out | app=system |
"{FEFA8D3E-D30A-4A4A-847D-B1E37FB768E7}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0143AB99-D65E-44CE-A012-22021837CEEC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0EFF9E77-C864-4F5B-B56D-36275F8B661A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1D3BA3F4-7371-45FB-9C59-A784667D07CD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1DC3ADB0-6E65-405F-8C81-11827A609354}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{1EAB25BA-BAC8-43CD-927A-2D9F605E3124}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{22AC375A-00BD-43EC-B7D3-AFDAF95A8F32}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3068D18D-B810-409A-90C3-5F7A1073737B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3ECD157C-C48D-4044-BDA3-2475A8FFF3AE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4153B067-94BF-440A-8CAF-ABDC2CFAB7BC}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{42FD7585-C215-4ED8-9A9F-D27C9525C1E1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{46776F97-8352-4F32-9070-33ACBBE74AC7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AA39712-48BB-4A5E-8A9D-0C32ED360974}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5D265C6B-4AF3-4675-BD27-FD322F0886A8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{64AF1F9C-8D45-438E-AC00-357709509151}" = protocol=6 | dir=out | app=system |
"{668508CF-39D1-4577-8C8B-497117665B49}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6B0808BC-5704-4C12-89B7-812DA68F7924}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio transfer support\vaiotransfer.exe |
"{704E449F-7846-43C9-8865-014B75B772CF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{71B1403D-45F6-4E66-9B41-A81273133A19}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{721FB051-1206-4747-851D-A60FB8E6931F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{79059DE2-8B6F-45B0-8B4A-D62365F76181}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{79D3D704-1C6B-45F9-9FCA-307056153D06}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7A430B04-EC83-4CCB-88BB-4033A759F77E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7DE85395-8F9C-4F1F-8753-5603B5CB4877}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{810606A6-D821-4449-B1A5-A15DFFB7FB1E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{8E74D2FB-438F-4816-ACB5-4ADB51F82E0E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9065D7A8-F1D4-426B-88CA-8B6BCE699DA0}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio transfer support\vaiotransfer.exe |
"{910078D7-47BA-4108-B022-D4E18CFEDB77}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{932BA45F-CD3C-4706-B3E5-941A66685D98}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{96582CB1-7F90-4936-B908-028D80897AC6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{B999C53F-B60F-4D05-9264-A1F34C18C204}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C6221D88-1BB6-4CB2-918D-581A3A3578D9}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{C6643DF4-E9CF-4BD6-A68B-15F03C184C74}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D66113C1-E28F-45D6-9D48-7A6493E9D965}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{DE0E70A1-045C-4B35-B7A2-CAE006DA5CC4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE16D57E-F11E-4DAA-A625-4E700C8FDDDE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E55E75D5-8EAE-47FD-8E3B-2F0A131E7847}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED0BB6E4-670E-429C-AC5A-1D18642139DC}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{F0E861EC-E82E-4A6C-92A1-0FDF5F7A805D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"TCP Query User{250F2134-D941-4E23-85F8-EB53317FF907}C:\program files\sony\vaio care\vaiocare.exe" = protocol=6 | dir=in | app=c:\program files\sony\vaio care\vaiocare.exe |
"UDP Query User{497444DF-71B1-418B-9EBF-4F0ACBCDE0E5}C:\program files\sony\vaio care\vaiocare.exe" = protocol=17 | dir=in | app=c:\program files\sony\vaio care\vaiocare.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{11D25EF7-85FC-4B58-8278-485939C8637F}" = VAIO Update Merge Module x64
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C6B6716-84AC-412A-A296-247D41EBB7FB}" = Setup_msm_VCMS_x64
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416018FF}" = Java(TM) 6 Update 18 (64-bit)
"{26F41FA3-3170-446B-A3A2-83F5FA26E6CD}" = Intel(R) Wireless Display
"{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{46261E1C-5E0D-484E-8CCC-7F770375FBA2}" = VU5x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager
"{7C3AC18F-F19B-4082-8D13-7D603848E06C}" = VAIO Update Merge Module x64
"{7ECD4ACB-E1B6-425B-B8AA-5761A59B77E0}" = Setup_VEP_x64_Contain_SSDB
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8FE3CF66-4484-4D39-B47D-DEBBA173619D}" = VAIO Content Metadata Manager Settings
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C58294-36D8-4594-8A49-7AB4AE096504}" = VAIO Content Metadata XML Interface Library
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{BAD9A7B0-FA18-4247-A6F5-BDCF64B40C4C}" = VAIO Personalization Manager
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C69A835B-67A5-4542-AD24-FE36E3140BA9}" = Setup_msm_VOFS_x64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E743BA71-5955-420B-AA52-67508054AD66}" = VAIO Update Merge Module x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F8B40DB4-FD07-4368-AA57-34F2B0839683}" = VAIO Content Metadata Intelligent Analyzing Manager
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"930E4792BDAEAFB62A9514EE7578775658A5D07C" = Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00721C5E-5B17-494C-95E5-208415864F62}" =
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{02CA6DE4-AA3F-4EA0-AF87-792C9BD50560}" = VAIO Content Metadata Intelligent Analyzing Manager
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{04EAE65A-CDCF-480F-B754-5C3A9364239C}" = VAIO Original Function Settings
"{06C05B90-2127-4933-8ABA-61833BDE13FA}" = VAIO Content Monitoring Settings
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play with PlayStation®3
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = OOBE
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2110ECBD-BF15-4673-8852-8C68DDEB26AC}" = Media Gallery
"{25AF1025-095C-4AA9-A3FD-29710D3C3AE5}" = Remote Keyboard
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F4C1476-7D4F-4D75-87FA-CA05B6679D6B}" = SOAP Toolkit
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3A1E4886-AE57-4A7F-9924-31A6406F5BAF}" = Font_Setup
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A221E47-E361-45C3-886A-7B2D7AD0E5AA}" = SOHLib Merge Module
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6754AE0D-B2E1-45E4-835F-FDFEC373DE8A}" = VAIO Hardware Diagnostics
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C3DDD6-0303-4371-9CC1-163F07E87137}" = Remote Play with PlayStation 3
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87EEB1B4-EE40-4D74-9780-F266FA12F564}" = VAIO Care Update
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9243C670-998B-4508-B23A-A4B662AA68D5}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9300 smartphone
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{93AB5E6D-BD12-43E6-884D-81672C5E648D}" = Keyboarding Pro™ DELUXE Word Add-In
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0056B28-E83F-4F1A-9BED-310BF6D08B03}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}" = PMB Updater
"{A6B90666-2A1F-49E8-A40E-27EAAD11C096}" = Sony Home Network Library
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}" = VAIO Help and Support
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Application Manager for VAIO" = Application Manager for VAIO
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"Keyboarding Pro DELUXE - (CE)" = Keyboarding Pro DELUXE - (CE)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MyTomTom" = MyTomTom 3.1.0.530
"Origin" = Origin
"PROPLUS" = Microsoft Office Professional Plus 2007
"splashtop" = VAIO Quick Web Access
"WinLiveSuite" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/11/2011 3:39:06 PM | Computer Name = Caitlyn-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/11/2011 3:39:06 PM | Computer Name = Caitlyn-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/11/2011 3:39:06 PM | Computer Name = Caitlyn-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/11/2011 3:49:30 PM | Computer Name = Caitlyn-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/11/2011 3:49:30 PM | Computer Name = Caitlyn-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/11/2011 3:49:30 PM | Computer Name = Caitlyn-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/11/2011 3:49:30 PM | Computer Name = Caitlyn-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/11/2011 3:49:30 PM | Computer Name = Caitlyn-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/11/2011 3:49:30 PM | Computer Name = Caitlyn-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/11/2011 3:49:30 PM | Computer Name = Caitlyn-VAIO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ System Events ]
Error - 4/30/2012 1:33:30 PM | Computer Name = Caitlyn-VAIO | Source = DCOM | ID = 10016
Description =

Error - 4/30/2012 1:33:30 PM | Computer Name = Caitlyn-VAIO | Source = DCOM | ID = 10016
Description =

Error - 4/30/2012 1:33:30 PM | Computer Name = Caitlyn-VAIO | Source = DCOM | ID = 10016
Description =

Error - 4/30/2012 2:17:31 PM | Computer Name = Caitlyn-VAIO | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends the following service: AVGIDSDriver.
This service might not be installed.

Error - 4/30/2012 2:17:36 PM | Computer Name = Caitlyn-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Upnp Server 10 service to connect.

Error - 4/30/2012 2:18:07 PM | Computer Name = Caitlyn-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Intel(R)
PROSet/Wireless Event Log service to connect.

Error - 4/30/2012 2:18:07 PM | Computer Name = Caitlyn-VAIO | Source = Service Control Manager | ID = 7000
Description = The Intel(R) PROSet/Wireless Event Log service failed to start due
to the following error: %%1053

Error - 4/30/2012 2:30:24 PM | Computer Name = Caitlyn-VAIO | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends the following service: AVGIDSDriver.
This service might not be installed.

Error - 4/30/2012 2:30:32 PM | Computer Name = Caitlyn-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Upnp Server 10 service to connect.

Error - 4/30/2012 2:38:25 PM | Computer Name = Caitlyn-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Upnp Server 10 service to connect.


< End of report >

(end)
caitlyn15
Active Member
 
Posts: 10
Joined: April 30th, 2012, 12:41 pm

Re: Google-Analytics Redirect Virus

Unread postby Cypher » May 1st, 2012, 12:07 pm

Hi caitlyn15,
Continue with the instructions below, once done let me know how your computer is performing.

Create a new System Restore point

  • Click Start, Right Click on Computer, and select Properties.
  • In the left pane, click System Protection > Create.
  • Give this restore point a descriptive name and click Create.
  • Click Apply and OK.

Next.

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    
    :otl
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKU\S-1-5-21-3066240918-350026-4169920762-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [2012/05/01 07:13:18 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{92E95199-B533-45EA-857B-5AC048664022}
    [2012/05/01 07:13:07 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8654AE2D-6A07-478B-B5CA-3BA06BECCDBB}
    [2012/04/30 10:01:55 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{6FD13E24-0E90-4A07-88FE-6D89C4455CFE}
    [2012/04/30 10:01:38 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{4253A56B-32B3-4E0C-8C18-C776F96BBF64}
    [2012/04/29 21:56:29 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{9870F573-6BBF-478F-8D92-DE87027EB9AA}
    [2012/04/29 21:56:08 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{5437239F-4571-4C82-B274-109F67C7A9DA}
    [2012/04/29 09:02:15 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{CAFC432C-A876-40BE-8053-96E003CB35CB}
    [2012/04/29 09:02:04 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F04B50CC-4AB1-4D62-AD36-F24D14463955}
    [2012/04/28 21:01:45 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{37EF2AFF-67AE-4822-B73F-ED56F60A883E}
    [2012/04/28 21:01:27 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{65150836-ADE3-460C-8535-056387D2E098}
    [2012/04/28 06:56:58 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{E65AD971-EB66-46D8-85B4-26585429CC2A}
    [2012/04/28 06:56:47 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{76989061-2C46-49E5-9B97-A6A790472C19}
    [2012/04/27 09:45:19 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F06B417E-9F9E-447D-8CDF-1F406D23B62A}
    [2012/04/27 09:44:56 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{0A53218A-A392-4DDA-A12C-BA01FBED8814}
    [2012/04/26 15:05:52 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{0224DC3C-88B8-4A31-A1F5-6214C74E617A}
    [2012/04/26 15:05:20 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{3D062C7F-688E-4A83-85A1-54C66D5E04E0}
    [2012/04/25 23:27:45 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{EF6B9CFE-5E35-47BF-A3D9-89E3516FBC70}
    [2012/04/25 23:27:26 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{AB3F5E88-BBF9-40D7-9057-2C97A687A91C}
    [2012/04/25 11:01:24 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8BDB5E2C-92CC-474F-8719-BE0305AD3161}
    [2012/04/25 11:00:55 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F931CA83-53BF-4222-8D82-EC2DD966FA60}
    [2012/04/24 20:33:56 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8A8097AA-5279-4F25-AB19-00FBCA65A093}
    [2012/04/24 20:33:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{52EA15B0-2BC1-40BB-AF59-0B1FCC6CDE36}
    [2012/04/24 08:33:23 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8A8D53A9-5977-42CD-814B-FCCF5D650A81}
    [2012/04/24 08:32:59 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{A3E0661A-A338-4993-A8E4-9C9DA0525D6B}
    [2012/04/23 10:50:09 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{AAB1E0E4-364A-40FA-819B-C2544C4AD1C4}
    [2012/04/23 10:49:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{D783A598-A8FE-4CB2-BE73-088E2BB21EE8}
    [2012/04/22 22:23:23 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{D6A27D08-EF2F-4575-8BBD-5F0FBBA517CE}
    [2012/04/22 22:23:07 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F157D300-5103-4C05-A9AC-B1874A765148}
    [2012/04/22 09:29:16 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{C534FD2C-1F7B-4447-A544-E7783C1751B1}
    [2012/04/22 09:28:50 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{27881F45-2A9B-4501-BBF7-2D54899BAD61}
    [2012/04/21 16:30:31 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1F9C3493-BB40-4DA2-B490-B8FFE2C1ABE0}
    [2012/04/21 16:30:09 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{CEDF8259-4C63-4F35-8325-56D231E3EA37}
    [2012/04/21 03:18:54 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{EDABA69E-4A3A-41F1-8738-FE167D4E7F11}
    [2012/04/21 03:18:32 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{74CE3CE4-D40A-4F58-8950-12EA0F02452A}
    [2012/04/20 09:29:41 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8152AEBB-D5CB-4F3F-AAC5-500B151AB6B2}
    [2012/04/20 09:29:22 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{7D4AE36F-93BC-42DE-803F-6496F158C189}
    [2012/04/19 20:28:55 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1651256F-8100-4CCD-9324-58B8BD1DEE89}
    [2012/04/19 20:28:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{7BD18A30-D94F-4854-A39E-29E4DD949775}
    [2012/04/19 08:28:31 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{3A6DF271-1996-43D1-A42F-57A88388EDBE}
    [2012/04/19 08:28:19 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{882745C7-EB36-4E89-BD7A-27883902395A}
    [2012/04/18 20:28:00 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{C3B70F55-D46E-4AD3-934A-1138846A1F0F}
    [2012/04/18 20:27:37 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{7371C8E3-3B65-4F06-B42E-10833C944C32}
    [2012/04/18 07:41:20 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1990D218-1ED3-49A8-AED3-C26513D75244}
    [2012/04/18 07:40:57 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{25BECA6D-BDF7-457C-B65A-3986657EA476}
    [2012/04/18 07:35:08 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F862D44B-385F-4CE0-AA77-897ACC107649}
    [2012/04/17 19:33:05 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{D74652C2-EA68-4764-923A-013AA0406022}
    [2012/04/17 19:31:38 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{145E5B4A-FDAD-4842-AAC4-55B40F83BFA2}
    [2012/04/17 07:21:17 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{2D02AFD1-F1D1-439B-9154-DC0E99A9F7E2}
    [2012/04/17 07:21:07 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{3D301969-593F-40A2-A137-7081A91BAB39}
    [2012/04/16 19:20:48 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{84F1605A-47C3-442B-8CED-098AFCDA65CC}
    [2012/04/16 19:20:30 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{F79F3BF9-BD02-416A-ACA4-0EDD9B9AAA4A}
    [2012/04/16 07:02:06 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{BF07CB81-D968-42AE-B999-FD57264893A6}
    [2012/04/16 07:01:55 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{37504A5F-FDCF-4280-A324-B977E51B30BF}
    [2012/04/15 11:33:11 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{47A392F2-48B1-4C31-8C5B-D29EEBBD640D}
    [2012/04/15 11:32:51 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{B36BAF15-F733-407B-A2D7-C90B6657C274}
    [2012/04/14 22:03:17 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{795B2480-DE1C-486B-A400-B3D2F1DA0862}
    [2012/04/14 22:02:47 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{177335D6-BB51-497E-9325-A95EC000A625}
    [2012/04/14 09:43:09 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{FF1290F9-C0C6-4359-9AA8-74EB3E162640}
    [2012/04/14 09:42:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{A76AA38C-D29E-4E2E-AC8A-9B92C9FF2BE1}
    [2012/04/13 20:20:44 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{4B7EDB9D-FA7D-4965-877A-9CB2BA2C1E63}
    [2012/04/13 20:20:22 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{9D625E35-CBEB-4648-88E8-D6347D5B9819}
    [2012/04/13 07:50:38 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{4FB3AE88-C910-4F6E-AA6F-3F4BD584E463}
    [2012/04/13 07:50:27 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{358DCD6E-8180-44F6-A9E9-CE63938BB9C6}
    [2012/04/13 07:13:43 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1BB2CE29-D139-41B0-A7EA-818D8BB13E27}
    [2012/04/12 16:37:35 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{6C35E774-63F8-40E4-9824-C6AF554D6DFE}
    [2012/04/12 03:01:28 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{63996106-086A-43A1-8AD0-3900D84B0474}
    [2012/04/11 09:52:33 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{E1663F31-C6D8-4375-B727-51F5853585F5}
    [2012/04/10 20:24:39 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1DCDD0D7-C54C-43D7-BC50-DDC3ECD39352}
    [2012/04/10 07:27:39 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{07A67180-543D-4734-AAFA-DD4487D280D9}
    [2012/04/09 17:48:21 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{408723F3-3E00-4471-A1AB-2CF17FE0505F}
    [2012/04/08 11:00:04 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{51EAFD12-4DCE-42E7-9AD2-E3AB979AE383}
    [2012/04/07 22:59:53 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{3C9607A3-21E4-438F-ABF5-2AB99852BE4E}
    [2012/04/07 07:56:30 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{C258C714-5137-4030-BF2F-1DAB6AED1AAE}
    [2012/04/06 19:45:40 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{1611332D-A2BE-4ACC-904E-20039E7221BA}
    [2012/04/06 07:25:47 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{E8F75F22-54A7-4612-B181-4BEEED493159}
    [2012/04/05 15:49:52 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{BC8F7D9E-385A-4E8B-9EEF-7A99E318DF87}
    [2012/04/05 03:49:28 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{4C9ABB7F-E6D5-49CE-BDD8-054606C258C6}
    [2012/04/04 08:52:38 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{9F5CEB4E-C890-4CE3-BEFA-C30EE1AF38A9}
    [2012/04/03 20:02:30 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{DE3248A9-2328-4C98-A320-0119AB97B992}
    [2012/04/03 08:02:07 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{85A20D07-16AA-4BAB-9F92-DF182DA73A4C}
    [2012/04/02 19:10:14 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{8BDAE2D5-3F57-4109-9CE7-8CF43CD17A04}
    [2012/04/02 06:39:18 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{18723CAE-F961-4F56-B72B-210C315F9375}
    [2012/04/01 10:19:08 | 000,000,000 | ---D | C] -- C:\Users\Caitlyn\AppData\Local\{B68EFB93-40E4-46D8-99DE-4C73E040FF34}
    [1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
    [1 C:\Users\Caitlyn\*.tmp files -> C:\Users\Caitlyn\*.tmp -> ]
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    
    :files
    ipconfig /flushdns /c
    
    :commands
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Logs/Information to Post in your Next Reply

  • OTL Fix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google-Analytics Redirect Virus

Unread postby caitlyn15 » May 1st, 2012, 12:35 pm

Hi Cypher,

Here is the new log. The pop-up seems to have dissapeared for the time being (sometimes it will go away and then come back later), but so far so good.

============================================

All processes killed
========== PROCESSES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3066240918-350026-4169920762-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Users\Caitlyn\AppData\Local\{92E95199-B533-45EA-857B-5AC048664022} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{8654AE2D-6A07-478B-B5CA-3BA06BECCDBB} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{6FD13E24-0E90-4A07-88FE-6D89C4455CFE} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{4253A56B-32B3-4E0C-8C18-C776F96BBF64} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{9870F573-6BBF-478F-8D92-DE87027EB9AA} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{5437239F-4571-4C82-B274-109F67C7A9DA} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{CAFC432C-A876-40BE-8053-96E003CB35CB} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{F04B50CC-4AB1-4D62-AD36-F24D14463955} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{37EF2AFF-67AE-4822-B73F-ED56F60A883E} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{65150836-ADE3-460C-8535-056387D2E098} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{E65AD971-EB66-46D8-85B4-26585429CC2A} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{76989061-2C46-49E5-9B97-A6A790472C19} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{F06B417E-9F9E-447D-8CDF-1F406D23B62A} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{0A53218A-A392-4DDA-A12C-BA01FBED8814} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{0224DC3C-88B8-4A31-A1F5-6214C74E617A} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{3D062C7F-688E-4A83-85A1-54C66D5E04E0} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{EF6B9CFE-5E35-47BF-A3D9-89E3516FBC70} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{AB3F5E88-BBF9-40D7-9057-2C97A687A91C} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{8BDB5E2C-92CC-474F-8719-BE0305AD3161} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{F931CA83-53BF-4222-8D82-EC2DD966FA60} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{8A8097AA-5279-4F25-AB19-00FBCA65A093} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{52EA15B0-2BC1-40BB-AF59-0B1FCC6CDE36} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{8A8D53A9-5977-42CD-814B-FCCF5D650A81} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{A3E0661A-A338-4993-A8E4-9C9DA0525D6B} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{AAB1E0E4-364A-40FA-819B-C2544C4AD1C4} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{D783A598-A8FE-4CB2-BE73-088E2BB21EE8} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{D6A27D08-EF2F-4575-8BBD-5F0FBBA517CE} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{F157D300-5103-4C05-A9AC-B1874A765148} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{C534FD2C-1F7B-4447-A544-E7783C1751B1} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{27881F45-2A9B-4501-BBF7-2D54899BAD61} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{1F9C3493-BB40-4DA2-B490-B8FFE2C1ABE0} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{CEDF8259-4C63-4F35-8325-56D231E3EA37} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{EDABA69E-4A3A-41F1-8738-FE167D4E7F11} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{74CE3CE4-D40A-4F58-8950-12EA0F02452A} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{8152AEBB-D5CB-4F3F-AAC5-500B151AB6B2} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{7D4AE36F-93BC-42DE-803F-6496F158C189} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{1651256F-8100-4CCD-9324-58B8BD1DEE89} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{7BD18A30-D94F-4854-A39E-29E4DD949775} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{3A6DF271-1996-43D1-A42F-57A88388EDBE} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{882745C7-EB36-4E89-BD7A-27883902395A} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{C3B70F55-D46E-4AD3-934A-1138846A1F0F} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{7371C8E3-3B65-4F06-B42E-10833C944C32} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{1990D218-1ED3-49A8-AED3-C26513D75244} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{25BECA6D-BDF7-457C-B65A-3986657EA476} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{F862D44B-385F-4CE0-AA77-897ACC107649} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{D74652C2-EA68-4764-923A-013AA0406022} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{145E5B4A-FDAD-4842-AAC4-55B40F83BFA2} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{2D02AFD1-F1D1-439B-9154-DC0E99A9F7E2} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{3D301969-593F-40A2-A137-7081A91BAB39} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{84F1605A-47C3-442B-8CED-098AFCDA65CC} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{F79F3BF9-BD02-416A-ACA4-0EDD9B9AAA4A} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{BF07CB81-D968-42AE-B999-FD57264893A6} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{37504A5F-FDCF-4280-A324-B977E51B30BF} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{47A392F2-48B1-4C31-8C5B-D29EEBBD640D} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{B36BAF15-F733-407B-A2D7-C90B6657C274} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{795B2480-DE1C-486B-A400-B3D2F1DA0862} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{177335D6-BB51-497E-9325-A95EC000A625} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{FF1290F9-C0C6-4359-9AA8-74EB3E162640} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{A76AA38C-D29E-4E2E-AC8A-9B92C9FF2BE1} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{4B7EDB9D-FA7D-4965-877A-9CB2BA2C1E63} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{9D625E35-CBEB-4648-88E8-D6347D5B9819} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{4FB3AE88-C910-4F6E-AA6F-3F4BD584E463} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{358DCD6E-8180-44F6-A9E9-CE63938BB9C6} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{1BB2CE29-D139-41B0-A7EA-818D8BB13E27} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{6C35E774-63F8-40E4-9824-C6AF554D6DFE} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{63996106-086A-43A1-8AD0-3900D84B0474} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{E1663F31-C6D8-4375-B727-51F5853585F5} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{1DCDD0D7-C54C-43D7-BC50-DDC3ECD39352} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{07A67180-543D-4734-AAFA-DD4487D280D9} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{408723F3-3E00-4471-A1AB-2CF17FE0505F} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{51EAFD12-4DCE-42E7-9AD2-E3AB979AE383} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{3C9607A3-21E4-438F-ABF5-2AB99852BE4E} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{C258C714-5137-4030-BF2F-1DAB6AED1AAE} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{1611332D-A2BE-4ACC-904E-20039E7221BA} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{E8F75F22-54A7-4612-B181-4BEEED493159} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{BC8F7D9E-385A-4E8B-9EEF-7A99E318DF87} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{4C9ABB7F-E6D5-49CE-BDD8-054606C258C6} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{9F5CEB4E-C890-4CE3-BEFA-C30EE1AF38A9} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{DE3248A9-2328-4C98-A320-0119AB97B992} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{85A20D07-16AA-4BAB-9F92-DF182DA73A4C} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{8BDAE2D5-3F57-4109-9CE7-8CF43CD17A04} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{18723CAE-F961-4F56-B72B-210C315F9375} folder moved successfully.
C:\Users\Caitlyn\AppData\Local\{B68EFB93-40E4-46D8-99DE-4C73E040FF34} folder moved successfully.
C:\Windows\Fonts\~GLH07a7.TMP deleted successfully.
C:\Users\Caitlyn\.uc-a7d981a85e64a6bc82a0cabee33def84.caitlyn.caitlyn-vaio.tmp deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Caitlyn\Desktop\cmd.bat deleted successfully.
C:\Users\Caitlyn\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Caitlyn
->Temp folder emptied: 61922286 bytes
->Temporary Internet Files folder emptied: 910494357 bytes
->Java cache emptied: 2646993 bytes
->FireFox cache emptied: 17748128 bytes
->Flash cache emptied: 162113 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24914689 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 26030818 bytes
RecycleBin emptied: 71293641 bytes

Total Files Cleaned = 1,064.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.2 log created on 05012012_131308

Files\Folders moved on Reboot...
C:\Users\Caitlyn\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZIWJF8O0\bind[3].htm not found!
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZIWJF8O0\GroupFeedPagelet[1].htm not found!
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZIWJF8O0\like[3].htm not found!
C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZIWJF8O0\mail[1].htm moved successfully.
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZIWJF8O0\xd_arbiter[1].htm not found!
C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RPZB0EQI\xd_arbiter[1].htm moved successfully.
C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QMNXX32M\maintenance[1].htm moved successfully.
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\QMNXX32M\viewtopic[1].htm not found!
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MBUNV634\facebook_com[3].htm not found!
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HUR6EH05\may-2012-babies[1].htm not found!
C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GKGBD2T4\ai[8].htm moved successfully.
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EOTVD4YK\css[1] not found!
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EOTVD4YK\mail[1].htm not found!
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DJ3GBWB0\common[2].css not found!
C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DJ3GBWB0\mail[3].htm moved successfully.
C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BL8NMYMT\may-2012-babies[1].htm moved successfully.
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BL8NMYMT\xd_arbiter[2].htm not found!
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\B3Z5H7IK\likebox[2].htm not found!
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4503CXP1\send[2].htm not found!
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CX4Y6OI\fastbutton[3].htm not found!
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CX4Y6OI\fastbutton[4].htm not found!
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CX4Y6OI\like[2].htm not found!
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CX4Y6OI\like[3].htm not found!
File\Folder C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3CX4Y6OI\send[2].htm not found!
C:\Users\Caitlyn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...
caitlyn15
Active Member
 
Posts: 10
Joined: April 30th, 2012, 12:41 pm

Re: Google-Analytics Redirect Virus

Unread postby Cypher » May 1st, 2012, 12:43 pm

Hi caitlyn15,
The pop-up seems to have dissapeared for the time being (sometimes it will go away and then come back later), but so far so good.

Ok keep me updated please and let me know if you get any more pop-ups.
I need you to run another scan for me, but first we need to update Adobe Reader.

Uninstall programs
  • Click on Start.
  • All programs.
  • Accessories.
  • Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Uninstall the following if present.
Adobe Reader 9.5.1


Next.

Update Adobe Reader

  • You should Download and Install the newest version of Adobe Reader for reading pdf files.
  • Older versions may have vulnerabilities that malware can use to infect your system.
  • Go Here to download and install Adobe Reader X (10.1.3).

Next.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
  • Select the option YES, I accept the Terms of Use then click on Start.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google-Analytics Redirect Virus

Unread postby caitlyn15 » May 1st, 2012, 5:37 pm

So far so good, I havent seen a pop-up in awhile...

Here is the new log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


Did I actually have the virus?
caitlyn15
Active Member
 
Posts: 10
Joined: April 30th, 2012, 12:41 pm

Re: Google-Analytics Redirect Virus

Unread postby Cypher » May 2nd, 2012, 5:13 am

Hi caitlyn15,
So far so good, I havent seen a pop-up in awhile

Excellent that's good to hear.
Did I actually have the virus?

Yes it appears that your Hosts file had been hijacked but we have rest it.
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
Is that the whole ESET log?, it looks incomplete.
Could you please post it again, it can be found at the below location.
C:\Program Files\ESET\EsetOnlineScanner\log.txt.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Google-Analytics Redirect Virus

Unread postby caitlyn15 » May 2nd, 2012, 10:12 am

I ran the scanner again, and it came up with the same thing in the log...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

However, still no sign of the pop-ups.
caitlyn15
Active Member
 
Posts: 10
Joined: April 30th, 2012, 12:41 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 298 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware