Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Uncertain of What I Have - Redirects, WinPatrol Popups


  • This topic is locked This topic is locked

#1
arkman

arkman

    Member

  • Member
  • PipPip
  • 83 posts
OTL logfile created on: 10/5/2011 11:29:17 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Talg\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 398.91 Mb Available Physical Memory | 39.03% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.52 Gb Total Space | 7.61 Gb Free Space | 11.11% Space Free | Partition Type: NTFS

Computer Name: COMPUTER1 | User Name: Talg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\246875462:3120187633.exe
PRC - [2011/10/05 23:28:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Talg\Desktop\OTL.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/13 13:22:20 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/04/13 16:36:36 | 000,178,176 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/02/28 17:29:54 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2006/02/28 17:25:48 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/02/28 17:25:20 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/02/28 17:22:50 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/02/22 21:10:16 | 001,354,240 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\menusw.exe
PRC - [2006/02/14 15:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/12/27 16:58:10 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005/10/12 00:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2004/11/17 23:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 12:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/02/20 17:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/11 23:24:17 | 000,053,760 | -H-- | M] () -- C:\WINDOWS\system32\rasapubw.dll
MOD - [2010/03/29 16:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2006/02/28 17:39:02 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/02/28 17:39:02 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/28 17:39:02 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/02/13 17:15:04 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/11/28 19:45:50 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony\VAIO Camera Utility\VCULib.dll
MOD - [2005/05/20 20:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/11 15:33:12 | 000,200,704 | ---- | M] (SoundMovieServer) [Disabled | Stopped] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SoundMovieServer)
SRV - [2006/06/13 11:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 12:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 13:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 13:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/04/27 20:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 20:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 20:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 16:36:36 | 000,178,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)


========== Driver Services (SafeList) ==========

DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 17:55:50 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/11/27 15:25:34 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/16 20:53:00 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/14 03:54:08 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/14 03:54:08 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/11 15:05:18 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2008/11/11 15:05:16 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/07/17 23:22:20 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/24 15:46:00 | 000,808,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/05/26 10:59:12 | 001,177,032 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/04/13 23:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/03/16 13:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 13:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/03/06 22:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/28 18:35:56 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/02/26 07:43:00 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2006/02/24 04:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/22 21:13:12 | 000,013,440 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/02/22 21:13:04 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/02/10 14:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/08 20:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/29 03:28:08 | 000,055,680 | ---- | M] (Micro Vision Co.,Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mvc25U870.sys -- (Mvc25U870_VID_1262&PID_25FD)
DRV - [2005/11/21 18:06:02 | 000,009,216 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\shpf.sys -- (shpf)
DRV - [2005/10/21 15:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/17 12:43:00 | 000,241,408 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/08/01 19:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 21:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/25 09:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RMClock\RTCore32.sys -- (RTCore32)
DRV - [2005/01/06 16:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/06/18 20:12:50 | 000,071,961 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyPI.sys -- (SPI)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Talg\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Talg\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Talg\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Talg\Local Settings\Application Data\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)


[2010/05/16 12:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/10/05 23:13:25 | 000,001,392 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.55.76.230 www.google-analytics.com.
O1 - Hosts: 74.55.76.230 ad-emea.doubleclick.net.
O1 - Hosts: 74.55.76.230 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Biomenu] C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - Startup: C:\Documents and Settings\Talg\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: westlaw.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{562E49FA-4568-466F-8F14-F0EBE8503C89}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (PSLogon.dll) -C:\WINDOWS\System32\PSLogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\psfus: DllName - (fusstub.dll) - C:\WINDOWS\System32\fusstub.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Talg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Talg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/21 21:45:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: mnmsndll - (C:\WINDOWS\system32\rasapubw.dll) -C:\WINDOWS\system32\rasapubw.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/05 23:28:42 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Talg\Desktop\OTL.exe
[2011/10/05 23:24:39 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Talg\My Documents\My Safe
[2011/09/23 11:57:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/09/15 22:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/09/15 22:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Talg\Application Data\Mozilla
[2009/03/21 13:19:36 | 007,522,240 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.7.exe
[2008/11/12 13:38:44 | 000,441,344 | ---- | C] ( ) -- C:\WINDOWS\System32\savst.exe
[1996/11/18 01:00:00 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/10/05 23:28:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Talg\Desktop\OTL.exe
[2011/10/05 23:24:37 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/10/05 23:23:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\246875462
[2011/10/05 23:23:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/05 23:23:39 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/05 23:13:25 | 000,001,392 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/04 09:21:15 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006UA.job
[2011/10/04 09:21:02 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006Core.job
[2011/10/04 09:05:44 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/02 22:13:13 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/26 08:46:59 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/09/26 00:50:36 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Talg\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/26 00:50:36 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 00:16:34 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Talg\Desktop\iExplore.exe
[2011/09/21 00:04:06 | 000,237,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/09/18 17:52:19 | 000,000,000 | -HS- | M] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/16 08:21:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/11 23:24:17 | 000,053,760 | -H-- | M] () -- C:\WINDOWS\System32\rasapubw.dll

========== Files Created - No Company Name ==========

[2011/10/05 23:23:39 | 1071,697,920 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/26 00:50:36 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Talg\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/09/26 00:50:36 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/26 00:16:34 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Talg\Desktop\iExplore.exe
[2011/09/18 17:52:19 | 000,000,000 | -HS- | C] () -- C:\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/09/18 17:46:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\246875462
[2011/09/11 23:24:17 | 000,053,760 | -H-- | C] () -- C:\WINDOWS\System32\rasapubw.dll
[2011/08/19 12:35:39 | 000,162,784 | ---- | C] () -- C:\WINDOWS\hpoins29.dat.temp
[2011/08/19 12:35:39 | 000,000,799 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat.temp
[2011/07/31 23:57:48 | 000,015,862 | -HS- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\6j15m7i075wuce6i61jty20v5w3h52cd23iac
[2011/07/31 23:57:48 | 000,015,862 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6j15m7i075wuce6i61jty20v5w3h52cd23iac
[2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\tvxo.exe
[2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\skjy.exe
[2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sfmo.exe
[2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oqml.exe
[2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\obsh.exe
[2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\ntkw.exe
[2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\flxa.exe
[2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bcxf.exe
[2011/05/01 03:53:22 | 000,015,084 | -HS- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\3o0c6os3k3qwg6hdqqf84dawvuh515sg
[2011/05/01 03:53:22 | 000,015,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3o0c6os3k3qwg6hdqqf84dawvuh515sg
[2011/04/11 10:37:53 | 000,709,456 | ---- | C] () -- C:\WINDOWS\is-S0J3O.exe
[2011/04/08 01:43:26 | 000,013,860 | -HS- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\js6cy226kpp3fu006bryc5cx757a25077l2
[2011/04/08 01:43:26 | 000,013,860 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\js6cy226kpp3fu006bryc5cx757a25077l2
[2010/11/27 17:22:34 | 000,002,114 | ---- | C] () -- C:\Documents and Settings\Talg\Application Data\SAS7_000.DAT
[2010/08/22 12:05:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/08/22 12:05:18 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/08/22 12:05:18 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010/07/26 13:51:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/17 10:40:19 | 000,030,468 | ---- | C] () -- C:\WINDOWS\jgzr.dat
[2010/03/21 13:41:07 | 000,014,586 | -HS- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\nK3o
[2010/03/21 13:41:07 | 000,014,586 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\nK3o
[2010/01/26 17:28:34 | 000,162,784 | ---- | C] () -- C:\WINDOWS\hpoins29.dat
[2010/01/26 17:28:34 | 000,000,799 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat
[2009/06/23 02:54:08 | 000,046,824 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/13 07:45:39 | 000,001,134 | ---- | C] () -- C:\WINDOWS\System32\cid_store.dat
[2009/04/25 00:44:22 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/04/06 17:07:56 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\pub_store.dat
[2008/02/03 14:57:23 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS47.DLL
[2008/01/02 17:27:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/28 02:53:51 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/28 02:52:47 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/15 04:29:37 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Talg\Application Data\wklnhst.dat
[2006/10/15 01:53:53 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/14 23:58:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2006/10/14 23:52:50 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\fusioncache.dat
[2006/10/04 14:01:03 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/10/04 13:53:39 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\tmmute.ini
[2006/10/04 13:52:19 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2006/10/04 13:51:14 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/10/04 13:48:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/04 13:42:31 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2006/07/22 15:36:05 | 000,610,304 | ---- | C] () -- C:\WINDOWS\System32\lpykrp.exe
[2006/07/22 15:20:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/07/22 14:38:38 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/07/22 14:31:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2006/07/22 13:32:22 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\elcric.dat
[2006/07/21 21:50:25 | 000,000,902 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/07/21 21:46:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/21 21:43:48 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/21 21:31:25 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/07/21 21:31:15 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/07/21 21:31:06 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/21 21:31:05 | 000,442,140 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/21 21:31:05 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/21 21:31:05 | 000,071,910 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/21 21:31:05 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/21 21:31:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/21 21:31:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/21 21:31:03 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/21 21:31:02 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/21 21:31:02 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/21 21:30:59 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/21 21:30:57 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/21 14:37:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/07/21 14:36:43 | 000,237,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/10 11:56:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ESxUtil.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/26 15:04:02 | 000,053,248 | ---- | C] () -- C:\WINDOWS\regperm.exe
[1996/11/18 01:00:00 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[1996/11/18 01:00:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[1996/11/18 01:00:00 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[1996/11/18 01:00:00 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[1996/11/18 01:00:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[1996/05/25 17:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\fxtls432.dll

========== LOP Check ==========

[2010/03/21 16:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/06 20:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/11/27 15:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2006/10/15 02:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2010/05/17 11:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Examsoft
[2006/10/15 02:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/08/27 09:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/07/07 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/30 04:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2011/08/24 20:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/11/02 16:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2011/09/20 23:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/05/13 07:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2009/05/13 07:45:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
[2009/11/09 22:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/09 11:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/19 02:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/22 21:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/10/15 03:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Aim
[2011/09/08 15:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Azureus
[2010/11/27 15:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\DAEMON Tools Lite
[2009/02/16 19:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\ICAClient
[2006/11/04 00:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\InterVideo
[2006/10/15 02:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Leadertech
[2009/06/22 14:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\LimeWire
[2010/08/27 09:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\NCH Swift Sound
[2010/11/27 15:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Nuance
[2009/12/24 20:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\PPLiveVA
[2006/10/14 23:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Protector Suite
[2009/03/23 09:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\SMART Technologies
[2009/03/18 09:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\SMART Technologies Inc
[2007/12/21 17:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Snapfish
[2007/03/18 18:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Template
[2010/06/01 13:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\ThomsonWest
[2007/02/16 23:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\Viewpoint
[2010/08/03 17:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Talg\Application Data\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\246875462:3120187633.exe
@Alternate Data Stream - 229 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >




OTL Extras logfile created on: 10/5/2011 11:29:17 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Talg\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 398.91 Mb Available Physical Memory | 39.03% Memory free
2.40 Gb Paging File | 1.86 Gb Available in Paging File | 77.40% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.52 Gb Total Space | 7.61 Gb Free Space | 11.11% Space Free | Partition Type: NTFS

Computer Name: COMPUTER1 | User Name: Talg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"12001:UDP" = 12001:UDP:*:Enabled:SMART WebServer Handshake Multicast Port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Sony\VAIO Event Service\VESMgr.exe" = C:\Program Files\Sony\VAIO Event Service\VESMgr.exe:*:Enabled:VESMgr -- (Sony Corporation)
"C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" = C:\Program Files\Sony\VAIO Power Management\SPMgr.exe:*:Enabled:SPMgr -- (Sony Corporation)
"C:\Program Files\ExamSoft\SofTest\SoftLnch.exe" = C:\Program Files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch

"C:\Program Files\ExamSoft\SofTest\softest.exe" = C:\Program Files\ExamSoft\SofTest.exe:*:Enabled:SofTest

"C:\Documents and Settings\Talg\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Talg\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.scr" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.scr:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- ()
"C:\Program Files\SpywareBlaster\spywareblaster.exe" = C:\Program Files\SpywareBlaster\spywareblaster.exe:*:Enabled:SpywareBlaster -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{0915B10F-8597-4FE7-BC4D-EA3E2FDA646A}" = PS_AIO_03_C4400_Software_Min
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 21
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{565F04D0-11FA-487E-8A92-F9D11CC011B3}" = VAIO Power Management
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E28BF59-68CE-43D2-A66D-DA94E111FF29}" = WinTin++
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{82705358-3BD6-3CD5-AA9A-B8F058BE3A29}" = Google Talk Plugin
"{86732AE7-CB91-4f15-B091-FBA3D3926CD6}" = HP Photosmart C4400 All-In-One Driver 11.0 Rel .3
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8DF4C627-4AF3-4245-9F13-3518FC8584DC}" = Protector Suite QL 5.3
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C30A87A3-AD40-4EEC-AE35-1D06906F833C}" = SofTest Bar Edition
"{C518C7BF-A345-4019-815B-FFDF32EBCAD9}" = VAIO HDD Protection
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D9952D4E-766C-4CD3-BF2E-A2C3D8B15EF3}" = VAIO Backup Utility
"{E3D278BD-FC97-4F87-BB1F-689AE0CB9122}" = Macromedia Flash Player 8 Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{EF7BB06C-5D95-4C7C-8B9B-E1B1E37E8692}" = Fingerprint Tutorial
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6D24DE1-6894-452D-A714-FDA0929714EC}" = TPM Tutorial
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"ProInst" = Intel® PROSet/Wireless Software
"Sony Ericsson Wireless Modem" = Sony Ericsson Wireless Modem
"SoundTaxi_is1" = SoundTaxi 3.6.5
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Switch" = Switch Sound File Converter
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 1.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2011 1:42:50 AM | Computer Name = COMPUTER1 | Source = Microsoft Security Client | ID = 1001
Description =

Error - 9/19/2011 1:47:34 AM | Computer Name = COMPUTER1 | Source = MPSampleSubmission | ID = 5000
Description =

Error - 9/19/2011 1:47:42 AM | Computer Name = COMPUTER1 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/19/2011 1:50:50 AM | Computer Name = COMPUTER1 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/19/2011 2:06:14 AM | Computer Name = COMPUTER1 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/19/2011 3:14:23 AM | Computer Name = COMPUTER1 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/19/2011 3:23:25 AM | Computer Name = COMPUTER1 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/20/2011 8:45:49 AM | Computer Name = COMPUTER1 | Source = Microsoft Security Client | ID = 5000
Description =

Error - 9/26/2011 8:46:44 AM | Computer Name = COMPUTER1 | Source = Microsoft Security Client | ID = 1001
Description =

Error - 10/4/2011 9:35:20 AM | Computer Name = COMPUTER1 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mshtml.dll, version 8.0.6001.19120, fault address 0x001db015.

[ System Events ]
Error - 10/5/2011 11:23:59 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/5/2011 11:23:59 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/5/2011 11:23:59 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/5/2011 11:24:00 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/5/2011 11:24:56 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/5/2011 11:26:31 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/5/2011 11:26:39 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/5/2011 11:26:58 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/5/2011 11:30:50 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127

Error - 10/5/2011 11:31:12 PM | Computer Name = COMPUTER1 | Source = Service Control Manager | ID = 7023
Description = The Network Location Awareness (NLA) service terminated with the following
error: %%127


< End of report >
  • 0

Advertisements


#2
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello arkman and welcome to GeeksToGo :)

I'm Homburg and I'm going to help you fix your problem.

Note that I'm currently in training and my posts have to be approved by an expert before I reply.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • Please do not try to fix anything without being asked
  • Please continue to follow my instructions until I tell you your machine is clean. Absence of symptoms does not mean that everything is clear.
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • I am currently reviewing your logs.

  • 0

#3
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hello arkman,

Sorry for the delay,

You have several nasties on your PC so lets remove what we can see, please do the following:


Step 1:

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2011/09/11 23:24:17 | 000,053,760 | -H-- | M] () -- C:\WINDOWS\system32\rasapubw.dll
    O36 - AppCertDlls: mnmsndll - (C:\WINDOWS\system32\rasapubw.dll) -C:\WINDOWS\system32\rasapubw.dll ()
    [2011/10/05 23:23:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\246875462
    [2011/07/31 23:57:48 | 000,015,862 | -HS- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\6j15m7i075wuce6i61jty20v5w3h52cd23iac
    [2011/07/31 23:57:48 | 000,015,862 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6j15m7i075wuce6i61jty20v5w3h52cd23iac
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\tvxo.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\skjy.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sfmo.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oqml.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\obsh.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\ntkw.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\flxa.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bcxf.exe
    [2011/05/01 03:53:22 | 000,015,084 | -HS- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\3o0c6os3k3qwg6hdqqf84dawvuh515sg
    [2011/05/01 03:53:22 | 000,015,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3o0c6os3k3qwg6hdqqf84dawvuh515sg
    [2011/04/08 01:43:26 | 000,013,860 | -HS- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\js6cy226kpp3fu006bryc5cx757a25077l2
    [2011/04/08 01:43:26 | 000,013,860 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\js6cy226kpp3fu006bryc5cx757a25077l2
    [2010/03/21 13:41:07 | 000,014,586 | -HS- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\nK3o
    [2010/03/21 13:41:07 | 000,014,586 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\nK3o
    @Alternate Data Stream - 816 bytes -> C:\WINDOWS\246875462:3120187633.exe
    
    :Services
    
    :Reg
    
    :Files
    C:\WINDOWS\system32\rasapubw.dll
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the fix log
  • Open OTL again
  • Select All users
  • Click the Quick Scan button. Post the log it produces in your next reply.


Step 2:

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 3:

There are a couple of suspicious files that I would like you to check with an online scan unless you can confirm they are safe/know what they are.

  • Make sure to use Internet Explorer for this
  • Please go to VirSCAN.org FREE on-line scan service
  • Click the browse button next to the "Suspicious files to scan" box on the top of the page and browse to the following file path and repeat for the second file:

    • C:\Documents and Settings\Talg\Desktop\iExplore.exe
    • C:\WINDOWS\is-S0J3O.exe
  • Click on the Upload button
  • If a pop-up appears saying the file has been scanned already, please select the ReScan button.
  • Once the Scan is completed, click on the "Copy to Clipboard" button which is at the bottom of the page. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.


Step 4:

Please remember to post:
OTL fix log
New OTL QuickScan log
aswMBR log
Virscan reports


Homburg
  • 0

#4
arkman

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
I attempted to run Step 1 with OTL twice, but both times my desktop icons disappeared as well as the Windows start button and I was left staring at my wallpaper. However, my mouse still works. I had to restart it using the power button. Should I proceed to Step 2?
  • 0

#5
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

It sounds like OTL is trying to do a reboot to finish removing the malware, please leave it for about 45 mins before switching it off.

If it still doesn't finish the reboot then make a note of the text at the bottom of the OTL window and post it. We'll go back to the other steps when we've done this.


Step 1:

Run OTLPosted Image
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    MOD - [2011/09/11 23:24:17 | 000,053,760 | -H-- | M] () -- C:\WINDOWS\system32\rasapubw.dll
    O36 - AppCertDlls: mnmsndll - (C:\WINDOWS\system32\rasapubw.dll) -C:\WINDOWS\system32\rasapubw.dll ()
    [2011/10/05 23:23:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\246875462
    [2011/07/31 23:57:48 | 000,015,862 | -HS- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\6j15m7i075wuce6i61jty20v5w3h52cd23iac
    [2011/07/31 23:57:48 | 000,015,862 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6j15m7i075wuce6i61jty20v5w3h52cd23iac
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\tvxo.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\skjy.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sfmo.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\oqml.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\obsh.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\ntkw.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\flxa.exe
    [2011/07/31 23:57:48 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bcxf.exe
    [2011/05/01 03:53:22 | 000,015,084 | -HS- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\3o0c6os3k3qwg6hdqqf84dawvuh515sg
    [2011/05/01 03:53:22 | 000,015,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3o0c6os3k3qwg6hdqqf84dawvuh515sg
    [2011/04/08 01:43:26 | 000,013,860 | -HS- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\js6cy226kpp3fu006bryc5cx757a25077l2
    [2011/04/08 01:43:26 | 000,013,860 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\js6cy226kpp3fu006bryc5cx757a25077l2
    [2010/03/21 13:41:07 | 000,014,586 | -HS- | C] () -- C:\Documents and Settings\Talg\Local Settings\Application Data\nK3o
    [2010/03/21 13:41:07 | 000,014,586 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\nK3o
    @Alternate Data Stream - 816 bytes -> C:\WINDOWS\246875462:3120187633.exe
    
    :Services
    
    :Reg
    
    :Files
    C:\WINDOWS\system32\rasapubw.dll
    ipconfig /flushdns /c
    
    :Commands
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done and post the fix log
  • Open OTL again
  • Select All users
  • Click the Quick Scan button. Post the log it produces in your next reply.


Please remember to post:
OTL fix log
New OTL QuickScan log


Homburg
  • 0

#6
arkman

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
When I try to run OTL I get the message "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."

I also get the popup "WinPatrol: File Change Alert" "Scotty has detected a change in the following monitored file." "Filename: HOSTS" "Location: c:\windows\system32\drivers\etc\hosts." "If this change is expected then choose Accept Change. If you did not expect or understand this change then Reject Change." This occurs even if i reject change.

Edited by arkman, 07 October 2011 - 02:05 PM.

  • 0

#7
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

We'll try a different approach;


Step 1:

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply.


Step 2:

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Homburg
  • 0

#8
arkman

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
After Step 1, it rebooted and a log was created on the desktop. I attempted to proceed to Step 2 to but realized I could not connect to the internet. I tried rebooting it and it's been giving me the following message ever since:

"A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in the Stop message, disable the driver or check with the manufacturer for driver updates. Try chaging video adapters.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical Information:

*** STOP: 0x0000007E (0xC0000005, 0x86E4E034, 0XF7A6B3DC, 0XF7A6B0D8)"
  • 0

#9
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
You have a new variant of rootkit with has most probably infected a system file which has been quarantined by ComboFix. We need to see what is in the ComboFix log so that that file can be replaced by a legit file. First we'll try starting in safe mode and if that fails then we can burn a disk which will enable you to access the ComboFix log and also post it from your PC:



Please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the option, to run Windows in Safe Mode With Networking, then press "Enter".
  • Choose your usual account.

Locate the ComboFix.txt log which is at C:\ComboFix.txt and post it or if you have no Internet connection copy it to a USB stick/Thumb drive and post from another computer.

If you're unable to start it in Safe Mode With Networking then do the following:

Please print these instructions and follow them:

  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system it will be slow.

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings.
  • Change Drivers to All
  • Change Standard Registry to All

Close OTLPE and using the Computer icon on the REATOGO desktop, locate the ComboFix.txt log which is at C:\ComboFix.txt and post it or if you have no Internet connection copy it to a USB stick/Thumb drive and post from another computer.
  • 0

#10
arkman

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
ComboFix 11-10-08.05 - Talg 10/09/2011 4:54.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.736 [GMT -4:00]
Running from: c:\documents and settings\Talg\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\$NtUninstallKB3828$\1174779662\@
c:\windows\$NtUninstallKB3828$\1174779662\click.tlb
c:\windows\$NtUninstallKB3828$\1174779662\L\ixmgcazl
c:\windows\$NtUninstallKB3828$\1174779662\loader.tlb
c:\windows\$NtUninstallKB3828$\1174779662\U\@00000001
c:\windows\$NtUninstallKB3828$\1174779662\U\@000000c0
c:\windows\$NtUninstallKB3828$\1174779662\U\@000000cb
c:\windows\$NtUninstallKB3828$\1174779662\U\@000000cf
c:\windows\$NtUninstallKB3828$\1174779662\U\@80000000
c:\windows\$NtUninstallKB3828$\1174779662\U\@800000c0
c:\windows\$NtUninstallKB3828$\1174779662\U\@800000cb
c:\windows\$NtUninstallKB3828$\1174779662\U\@800000cf
c:\windows\$NtUninstallKB3828$\901889047
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\kb835221.exe
c:\windows\system32\
c:\windows\system32\c_09660.nls
c:\windows\system32\comct332.ocx
c:\windows\system32\d3d9caps.dat
c:\windows\system32\rasapubw.dll
c:\windows\windows-kb870669-x86-enu.exe
c:\windows\windowsinstaller-kb893803-v2-x86.exe
c:\windows\windowsmedia-kb911564-x86-enu.exe
c:\windows\windowsmedia10-kb917734-x86-enu.exe
c:\windows\windowsxp-kb307154-x86-enu.exe
c:\windows\windowsxp-kb873339-x86-enu.exe
c:\windows\windowsxp-kb884018-x86-enu.exe
c:\windows\windowsxp-kb884575-x86-enu.exe
c:\windows\windowsxp-kb885250-x86-enu.exe
c:\windows\windowsxp-kb885835-x86-enu.exe
c:\windows\windowsxp-kb885836-x86-enu.exe
c:\windows\windowsxp-kb886185-x86-enu.exe
c:\windows\windowsxp-kb887472-x86-enu.exe
c:\windows\windowsxp-kb887742-x86-enu.exe
c:\windows\windowsxp-kb888113-x86-enu.exe
c:\windows\windowsxp-kb888239-x86-enu.exe
c:\windows\windowsxp-kb888302-x86-enu.exe
c:\windows\windowsxp-kb888402-x86-enu.exe
c:\windows\windowsxp-kb890046-x86-enu.exe
c:\windows\windowsxp-kb890859-x86-enu.exe
c:\windows\windowsxp-kb891781-x86-enu.exe
c:\windows\windowsxp-kb892130-enu-x86.exe
c:\windows\WindowsXP-KB893056-x86-ENU.exe
c:\windows\windowsxp-kb893066-v2-x86-enu.exe
c:\windows\windowsxp-kb893357-v2-x86-enu.exe
c:\windows\windowsxp-kb893756-x86-enu.exe
c:\windows\windowsxp-kb894391-x86-enu.exe
c:\windows\windowsxp-kb896358-x86-enu.exe
c:\windows\windowsxp-kb896422-x86-enu.exe
c:\windows\windowsxp-kb896423-x86-enu.exe
c:\windows\windowsxp-kb896424-x86-enu.exe
c:\windows\windowsxp-kb896428-x86-enu.exe
c:\windows\windowsxp-kb896688-x86-enu.exe
c:\windows\windowsxp-kb896727-x86-enu.exe
c:\windows\windowsxp-kb899587-x86-enu.exe
c:\windows\windowsxp-kb899588-x86-enu.exe
c:\windows\windowsxp-kb899589-x86-enu.exe
c:\windows\windowsxp-kb899591-x86-enu.exe
c:\windows\windowsxp-kb900466-x86-enu.exe
c:\windows\windowsxp-kb900485-v2-x86-enu.exe
c:\windows\windowsxp-kb900725-x86-enu.exe
c:\windows\windowsxp-kb901017-x86-enu.exe
c:\windows\windowsxp-kb901214-x86-enu.exe
c:\windows\windowsxp-kb902400-x86-enu.exe
c:\windows\windowsxp-kb903235-x86-enu.exe
c:\windows\windowsxp-kb904706-x86-enu.exe
c:\windows\windowsxp-kb905414-x86-enu.exe
c:\windows\windowsxp-kb905749-x86-enu.exe
c:\windows\windowsxp-kb905915-x86-enu.exe
c:\windows\windowsxp-kb908519-x86-enu.exe
c:\windows\windowsxp-kb908531-x86-enu.exe
c:\windows\windowsxp-kb909667-x86-enu.exe
c:\windows\windowsxp-kb910728-x86-enu.exe
c:\windows\windowsxp-kb911280-x86-enu.exe
c:\windows\windowsxp-kb911562-x86-enu.exe
c:\windows\windowsxp-kb911567-x86-enu.exe
c:\windows\windowsxp-kb911927-x86-enu.exe
c:\windows\windowsxp-kb912812-x86-enu.exe
c:\windows\windowsxp-kb912919-x86-enu.exe
c:\windows\windowsxp-kb912945-x86-enu.exe
c:\windows\windowsxp-kb914389-x86-enu.exe
c:\windows\windowsxp-kb916281-x86-enu.exe
c:\windows\windowsxp-kb917344-x86-enu.exe
c:\windows\windowsxp-kb917953-x86-enu.exe
c:\windows\windowsxp-kb918439-x86-enu.exe
c:\windows\$NtUninstallKB3828$ . . . . Failed to delete
.
Infected copy of c:\program files\Intel\Wireless\Bin\EvtEng.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP221\A0082194.exe
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP221\A0082198.exe
.
Infected copy of c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP224\A0084332.exe
.
Infected copy of c:\program files\Intel\Wireless\Bin\RegSrvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP223\A0082315.exe
.
Infected copy of c:\program files\Intel\Wireless\Bin\S24EvMon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP222\A0082222.exe
.
Infected copy of c:\program files\Sony\VAIO Event Service\VESMgr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP221\A0082201.exe
.
Infected copy of c:\program files\Intel\Wireless\Bin\EvtEng.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP221\A0082194.exe
Infected copy of c:\program files\Intel\Wireless\Bin\RegSrvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP223\A0082315.exe
Infected copy of c:\program files\Intel\Wireless\Bin\S24EvMon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP222\A0082222.exe
Infected copy of c:\program files\Sony\VAIO Event Service\VESMgr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{54C72960-2267-4872-93F9-556BF4397A54}\RP221\A0082201.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_4605b70e
.
.
((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-09 08:45 . 2008-04-13 18:36 187776 -c--a-w- c:\windows\system32\dllcache\acpi.sys
2011-10-09 08:45 . 2008-04-13 18:36 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-10-07 13:05 . 2011-10-07 13:05 -------- d-----w- C:\_OTL
2011-09-23 15:57 . 2011-09-26 04:04 -------- d-----w- c:\windows\SxsCaPendDel
2011-09-16 02:52 . 2011-09-16 02:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-09-16 02:52 . 2011-09-16 02:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-09-16 02:52 . 2011-09-16 02:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-09-16 02:52 . 2011-09-16 02:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-09-16 02:52 . 2011-09-16 02:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-09-16 02:52 . 2011-09-16 02:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-09-16 02:52 . 2011-09-16 02:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-09-16 02:51 . 2011-09-23 16:20 -------- d-----w- c:\program files\QuickTime
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 09:12 . 2006-07-22 01:30 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-31 21:00 . 2009-06-23 01:18 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-22 21:55 . 2011-07-22 21:55 37920 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2011-07-15 13:29 . 2006-07-22 01:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-03-21 17:19 . 2009-03-21 17:19 7522240 ----a-w- c:\program files\Firefox Setup 3.0.7.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Talg\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 20:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11 39936 ----a-w- c:\windows\system32\fusstub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"=
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\\Program Files\\ExamSoft\\SoftLnch.exe
"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\\Program Files\\ExamSoft\\SofTest.exe
"c:\\Documents and Settings\\Talg\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.scr"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/21/2006 9:31 PM 9216]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/27/2010 3:25 PM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 68168]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/22/2009 9:18 PM 366152]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/21/2006 9:31 PM 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/22/2009 9:18 PM 22216]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [8/24/2011 10:08 PM 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [8/24/2011 10:08 PM 3768]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/21/2006 9:31 PM 30080]
R3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\drivers\SonyPI.sys [7/21/2006 9:31 PM 71961]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/21/2006 9:31 PM 808448]
S1 MpKsl09776da1;MpKsl09776da1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A794F713-3490-495A-A17C-FFF3A9BC3586}\MpKsl09776da1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A794F713-3490-495A-A17C-FFF3A9BC3586}\MpKsl09776da1.sys [?]
S1 MpKsl20977336;MpKsl20977336;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4863416-5299-448A-8343-23981918D675}\MpKsl20977336.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4863416-5299-448A-8343-23981918D675}\MpKsl20977336.sys [?]
S1 MpKsl281305a0;MpKsl281305a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3281A8F8-1922-4761-9F7F-26AF67EA1ADA}\MpKsl281305a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3281A8F8-1922-4761-9F7F-26AF67EA1ADA}\MpKsl281305a0.sys [?]
S1 MpKsl36782a5c;MpKsl36782a5c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03A4983B-38BB-481C-920E-C332803F1F31}\MpKsl36782a5c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03A4983B-38BB-481C-920E-C332803F1F31}\MpKsl36782a5c.sys [?]
S1 MpKsl3aa3c35d;MpKsl3aa3c35d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl3aa3c35d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl3aa3c35d.sys [?]
S1 MpKsl3e6442b9;MpKsl3e6442b9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57ADF33C-D5E9-47B9-B37E-5ACCAEA28493}\MpKsl3e6442b9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57ADF33C-D5E9-47B9-B37E-5ACCAEA28493}\MpKsl3e6442b9.sys [?]
S1 MpKsl87b1fb46;MpKsl87b1fb46;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C124399-5300-4C9C-BD22-160EF89785AF}\MpKsl87b1fb46.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C124399-5300-4C9C-BD22-160EF89785AF}\MpKsl87b1fb46.sys [?]
S1 MpKsl89c4b4a0;MpKsl89c4b4a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD535431-0320-4E9A-8786-7BD28E0133EE}\MpKsl89c4b4a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD535431-0320-4E9A-8786-7BD28E0133EE}\MpKsl89c4b4a0.sys [?]
S1 MpKsl8e1bda59;MpKsl8e1bda59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl8e1bda59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl8e1bda59.sys [?]
S1 MpKsla4e06307;MpKsla4e06307;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F0C4424-D801-4B2E-B6C5-7D57494C03D0}\MpKsla4e06307.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F0C4424-D801-4B2E-B6C5-7D57494C03D0}\MpKsla4e06307.sys [?]
S1 MpKslc5497097;MpKslc5497097;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471F9D3F-F1D3-4AA6-B4FF-5BB3EB3F6214}\MpKslc5497097.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471F9D3F-F1D3-4AA6-B4FF-5BB3EB3F6214}\MpKslc5497097.sys [?]
S1 MpKslc7db95b3;MpKslc7db95b3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslc7db95b3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslc7db95b3.sys [?]
S1 MpKslcfc00972;MpKslcfc00972;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslcfc00972.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslcfc00972.sys [?]
S1 MpKsld903df8a;MpKsld903df8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8F308A4-F141-4C2C-ACF7-33ED60597DBA}\MpKsld903df8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8F308A4-F141-4C2C-ACF7-33ED60597DBA}\MpKsld903df8a.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [9/17/2009 7:03 PM 4608]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 3:50 PM 136176]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [8/24/2011 10:08 PM 200704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006Core.job
- c:\documents and settings\Talg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
2011-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006UA.job
- c:\documents and settings\Talg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: westlaw.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{562E49FA-4568-466F-8F14-F0EBE8503C89}: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 05:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\PSLogon.dll
c:\program files\Protector Suite QL\vrlogon.dll
c:\program files\Protector Suite QL\ExtVapi.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\fusstub.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\config.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll
.
- - - - - - - > 'Explorer.exe'(3584)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Apoint\Apntex.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2011-10-09 05:09:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-09 09:09
.
Pre-Run: 8,432,963,584 bytes free
Post-Run: 8,701,890,560 bytes free
.
- - End Of File - - 47627B129ED77CE3D1FDCDA111D27D86
  • 0

Advertisements


#11
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,

What are your problems now?

Does your PC boot into Windows ok?

Can you get onto the Internet in normal or safe mode?
  • 0

#12
arkman

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
I am able to reboot normally into windows.

I am unable to access the internet. When I attempt to repair it, it gives the message "Windows could not finish repairing the problem because the following action cannot be completed: Connecting to the wireless network. For assistance, contact the person who manages your network." Oddly though, when I leave my mouse hovering over the wireless symbol, it says I am connected at excellent strength?

I am unable to run or delete OTL, rkill or malwarebytes.

When I try to delete, I get the message "Cannot delete OTL: Access is denied. Make sure the disk is not full or write-protected and that the file is not currently in use."

When I try to run, I get the message "Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item."
  • 0

#13
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Hi,
You had severel infected files related to your wireless set up that ComboFix replaced, it might be a case of having to reset your router. Please look in the manual how to reset the router, it's quite often just a reset button on the rear or pushing a button with a paperclip through a small hole. In you're unable to find the instructions then try to power off/on.

If you can then access the Internet, download and run the following two tools, if they won't run in normal mode try in safe mode.

If you are unable to connect to the Internet then download the two tools to a thumb drive/USB stick, after running flash disinfector, instructions further down, to a clean computer and copy them to the infected computers desktop. Again, if you can't run them in normal mode try in safe mode.


Step 1:

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 2:

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 3:

If you're unable to connect to the Internet, download the tools to a clean computer and transfer them to the infected computer.

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop on the clean computer.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Download TDSSkiller and aswMBR to the USB stick and transfer to the infected PC. Run them as the instructions above.
  • 0

#14
arkman

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Turned on the laptop and received this message:

"A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in the Stop message, disable the driver or check with the manufacturer for driver updates. Try chaging video adapters.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical Information:

*** STOP: 0x0000007E (0xC0000005, 0x86E37774, 0xF7A6B3DC, 0xF7A6B0D8)."

I rebooted and it started normally. Should I continue with the next couple steps?
  • 0

#15
Homburg

Homburg

    Trusted Helper

  • Malware Removal
  • 665 posts
Yes carry on with the steps, I'm sure it's the rootkit giving these problems :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP