Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Google Redirect Virus [Solved]

Started by Grifftanen , Aug 23 2012 12:36 AM

This topic is locked

#1
Grifftanen

Posted 23 August 2012 - 12:36 AM

Member

Member
52 posts

I seem to have caught this Google Redirect Illness going around. When selecting a google search result, all selections will open a new window (this hadn't been happening previously). Also, the selection will not always go to the site selected, sometimes it will send me to some ad site, but the toolbar banner will show the site I did select. I ran Kaspersky TDSSKiller, but apparently that didn't do the trick. Any help would be much appreciated.

OTL Log:

OTL logfile created on: 8/23/2012 1:18:00 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Go\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.73% Memory free
3.84 Gb Paging File | 2.75 Gb Available in Paging File | 71.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 1.53 Gb Free Space | 1.76% Space Free | Partition Type: NTFS
Drive F: | 6.01 Gb Total Space | 1.74 Gb Free Space | 28.92% Space Free | Partition Type: NTFS

Computer Name: ICE | User Name: Go | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/23 01:17:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Go\Desktop\OTL.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/04/10 16:06:42 | 000,951,656 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2011/04/10 16:06:40 | 000,730,472 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2011/04/10 16:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2010/11/07 14:49:36 | 000,503,808 | ---- | M] (Lime Wire, LLC) -- C:\LimeWire\LimeWire.exe
PRC - [2008/08/29 18:34:04 | 002,084,488 | ---- | M] () -- C:\Program Files\OpenCASE\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
PRC - [2008/08/29 18:33:48 | 000,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/09/01 15:46:48 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/09/01 15:46:46 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/01 15:46:42 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/04/04 18:58:30 | 003,502,080 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 18:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/19 18:17:55 | 000,123,392 | ---- | M] () -- C:\WINDOWS\system32\fastsrch.dll
MOD - [2012/06/17 08:52:21 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/17 08:50:35 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/17 08:50:10 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/17 08:50:06 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/17 08:49:06 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/05/12 14:36:32 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/11 20:35:57 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 20:35:51 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/11 20:31:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 20:31:09 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 20:30:58 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 20:30:23 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/04/20 17:07:24 | 001,327,104 | ---- | M] () -- C:\Documents and Settings\Go\Local Settings\Application Data\ScanSoft\aafnqebg.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/07 14:49:34 | 000,159,744 | ---- | M] () -- C:\LimeWire\lib\jacob-1.15-M1-lw-x86.dll
MOD - [2010/11/07 14:49:34 | 000,090,112 | ---- | M] () -- C:\LimeWire\lib\SystemUtilities.dll
MOD - [2008/11/02 04:14:43 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CSMInterface\5.3.1.1__6cba14bfb4f12ba0\CSMInterface.dll
MOD - [2008/11/02 04:14:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CSMRemotable\5.3.1.1__93c818616a5c6d1f\CSMRemotable.dll
MOD - [2008/08/29 18:34:04 | 002,084,488 | ---- | M] () -- C:\Program Files\OpenCASE\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
MOD - [2008/08/29 18:34:02 | 000,036,488 | ---- | M] () -- C:\Program Files\OpenCASE\OpenCASE Media Agent\Interop.PortableDeviceApiLib.dll
MOD - [2008/03/25 00:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/07/02 21:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/02 21:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/04/04 18:58:36 | 001,019,904 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
MOD - [2005/04/04 18:58:36 | 000,434,255 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
MOD - [2005/04/04 18:58:34 | 000,057,453 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
MOD - [2005/04/04 18:58:34 | 000,053,364 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
MOD - [2005/04/04 18:58:32 | 000,057,455 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
MOD - [2005/04/04 18:58:30 | 003,502,080 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
MOD - [2005/04/04 18:58:30 | 000,102,515 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
MOD - [2005/04/04 18:58:28 | 000,032,880 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
MOD - [2005/04/04 18:58:24 | 000,028,791 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/10 16:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2008/08/29 18:33:48 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/12/21 01:53:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/05/08 04:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/10/14 13:41:12 | 001,982,464 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/10/11 15:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2005/10/11 15:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2005/10/11 15:00:46 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/10/06 18:21:06 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/01 15:46:48 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/09/01 15:46:46 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/09/01 15:46:42 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\smap\tools32\IO.SYS -- (IO)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2011/06/25 20:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/25 20:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand)
DRV - [2011/04/10 16:07:03 | 000,027,648 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkGAport.sys -- (DisplayLinkGA)
DRV - [2011/04/10 16:07:03 | 000,024,448 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror)
DRV - [2011/04/10 16:07:03 | 000,007,296 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys -- (DisplayLinkFilter)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/11/05 01:56:00 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/07/02 23:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/29 19:49:38 | 002,206,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2005/11/30 18:12:16 | 000,028,800 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2005/11/30 15:38:50 | 000,232,448 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/10/28 06:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/10/28 06:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/12 03:00:44 | 000,077,312 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2005/08/09 19:43:46 | 003,855,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/07/08 16:40:42 | 000,260,144 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Nuvision.sys -- (NuVision)
DRV - [2005/03/04 14:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/24 14:02:58 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/09/24 14:02:58 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2003/09/24 14:02:56 | 000,260,224 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/09/24 14:02:56 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/09/24 14:02:56 | 000,022,777 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/09/24 14:02:56 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2000/12/05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Go\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Go\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/22 03:40:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/09 23:59:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/09 23:59:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Go\Application Data\Move Networks [2009/07/30 02:39:33 | 000,000,000 | -H-D | M]

[2009/03/11 01:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Go\Application Data\Mozilla\Extensions
[2009/03/11 01:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Go\Application Data\Mozilla\Extensions\[email protected]
[2011/12/11 15:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/21 00:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 21:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 21:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {373F4DD9-1EAB-4AE4-A3A8-6F6A2C0DCFB7} - C:\WINDOWS\system32\fastsrch.dll ()
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKCU..\Run: [ScanSoft] C:\Documents and Settings\Go\Local Settings\Application Data\ScanSoft\aafnqebg.dll ()
O4 - Startup: C:\Documents and Settings\Go\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Append to existing PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberr...re/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-w...agi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/ch...urce/ImlCID.cab (imlUCID Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06071909.cab (Reg Error: Key error.)
O16 - DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} http://aolsvc.aol.co...sh.1.0.0.10.cab (CPlayFirstParkingDasControl Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BEF25BB-FFDE-4C84-8B92-BCDC10AFA51F}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\untitled.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\untitled.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/21 13:57:18 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2005/12/05 23:37:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{421f2166-daa3-11dd-bf86-00166f64563f}\Shell - "" = AutoRun
O33 - MountPoints2\{421f2166-daa3-11dd-bf86-00166f64563f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{421f2166-daa3-11dd-bf86-00166f64563f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk /k:F *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/23 01:17:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Go\Desktop\OTL.exe
[2012/08/22 11:15:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Go\Recent
[2012/08/19 18:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Go\Local Settings\Application Data\ScanSoft
[2012/08/05 20:28:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Go\Start Menu\Programs\Applian Technologies
[2012/08/05 20:28:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Replay Video Capture 6
[2012/08/05 20:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Replay Video Capture 6
[2009/07/14 21:48:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Go\Application Data\pcouffin.sys
[2006/12/28 01:35:56 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Go\MSSSerif120.fon
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/23 01:17:32 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Go\Desktop\OTL.exe
[2012/08/23 01:07:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/23 01:07:13 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/08/23 01:06:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/23 01:06:48 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/19 19:07:37 | 000,076,288 | ---- | M] () -- C:\Documents and Settings\Go\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/19 18:17:55 | 000,123,392 | ---- | M] () -- C:\WINDOWS\System32\fastsrch.dll
[2012/08/19 17:58:11 | 001,816,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/18 18:53:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/08 23:08:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/07/24 02:19:52 | 000,047,677 | ---- | M] () -- C:\Documents and Settings\Go\Desktop\robert-lebensfeld_house-of-bespoke[1].pdf
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/19 18:17:55 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\fastsrch.dll
[2012/07/24 02:19:52 | 000,047,677 | ---- | C] () -- C:\Documents and Settings\Go\Desktop\robert-lebensfeld_house-of-bespoke[1].pdf
[2012/02/18 13:52:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/08/24 19:42:33 | 000,001,258 | ---- | C] () -- C:\Documents and Settings\Go\.jmf-resource
[2009/07/14 21:48:57 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Go\Application Data\vso_ts_preview.xml
[2009/07/14 21:48:19 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Go\Application Data\inst.exe
[2009/07/14 21:48:19 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Go\Application Data\pcouffin.cat
[2009/07/14 21:48:19 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Go\Application Data\pcouffin.inf
[2008/12/07 22:03:07 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Go\pool.bin
[2007/08/30 23:50:11 | 000,251,026 | ---- | C] () -- C:\Documents and Settings\Go\Local Settings\Application Data\imageCache.db
[2007/03/30 10:02:50 | 000,006,454 | ---- | C] () -- C:\Documents and Settings\Go\.plugin141_02.trace
[2006/11/17 01:42:21 | 000,002,506 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/10 02:35:41 | 000,076,288 | ---- | C] () -- C:\Documents and Settings\Go\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/31 21:08:13 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Go\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2011/08/31 01:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applian
[2008/09/21 13:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/04/07 02:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2010/04/01 23:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2008/04/13 13:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ExtendMedia
[2009/02/13 15:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2006/10/04 23:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2006/10/04 23:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008/04/13 13:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/17 17:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/04/22 02:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/29 23:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/21 23:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/10/07 00:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\Aim
[2010/04/06 01:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\AMS
[2008/09/21 13:44:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\Autodesk
[2007/09/26 14:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\Blackberry Desktop
[2007/02/17 01:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\Canon
[2009/10/17 16:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\ContentGuard
[2011/07/27 22:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\FrostWire
[2007/01/02 12:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\InterVideo
[2006/12/28 01:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\Leadertech
[2012/08/23 01:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\LimeWire
[2009/06/29 01:32:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\Opera
[2012/01/06 21:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\redsn0w
[2011/08/31 01:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\Replay Media Catcher 4
[2007/09/26 15:13:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\Research In Motion
[2006/10/04 23:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\ScanSoft
[2007/04/27 17:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\UVU
[2009/12/07 00:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Go\Application Data\Vso
[2012/08/23 01:07:13 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========

< End of report >

OTL Extra Log:

OTL Extras logfile created on: 8/23/2012 1:18:00 AM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Documents and Settings\Go\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 41.73% Memory free
3.84 Gb Paging File | 2.75 Gb Available in Paging File | 71.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 1.53 Gb Free Space | 1.76% Space Free | Partition Type: NTFS
Drive F: | 6.01 Gb Total Space | 1.74 Gb Free Space | 28.92% Space Free | Partition Type: NTFS

Computer Name: ICE | User Name: Go | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"58181:TCP" = 58181:TCP:*:Enabled:PandoRest Listening Port
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\LimeWire\LimeWire.exe" = C:\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\NBC Direct\StoreFrontPlayer.exe" = C:\NBC Direct\StoreFrontPlayer.exe:*:Enabled:NBC Direct Beta -- (ExtendMedia Inc.)
"C:\Program Files\OpenCASE\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe" = C:\Program Files\OpenCASE\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe:*:Enabled:PandoRest Application Name -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\AIM\aim.exe" = C:\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire
"C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe" = C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe:*:Enabled:DisplayLinkIpadSoftware -- (DisplayLink Corp.)
"C:\Documents and Settings\Go\Desktop\redsn0w_win_0.9.10b2\redsn0w.exe" = C:\Documents and Settings\Go\Desktop\redsn0w_win_0.9.10b2\redsn0w.exe:*:Enabled:redsn0w
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{1771FDC8-D846-4B77-996A-C80DAD42C03F}" = OpenCASE Media Agent
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1A0F7DFF-6F13-458C-8EC3-5386E8C251C6}" = BlackBerry Device Software Updater
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{222421DC-CAEB-42EC-AF15-09A39AA5C94D}" = Adobe Creative Suite 3 Design Standard
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 29
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55937F00-A69B-4049-8D3A-1C7729742B6F}" = BUM
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710BF966-43C8-4216-A8EC-BC4E169FF7C1}" = MobileMe Control Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.13.178
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7A647B7A-9FE7-44A2-9041-C04528D44EB9}" = NBC Direct Beta
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{861C4DFA-E691-4BA6-BE6B-D5BA211990B6}" = DisplayLink Core Software
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8976EE26-04BC-4435-A6F7-42C2B08B08E6}" = BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93BA291E-5D6D-4F6A-82F4-773649A63044}" = DisplayLink iPad Software
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9B3367FE-8575-435E-A80D-B2E9EA67497A}" = BlackBerry v4.2.2 for the 8830 Series Wireless Device
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4DBF0C9-E294-4C01-A205-73B8ED947D50}" = Adobe Setup
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.00
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F804AE2A-92AD-4189-B8B1-7D4207F7AB13}" = BlackBerry Desktop Software 4.2.1
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"474492506B458A0013C8197612FA45B887DF7B06" = Windows Driver Package - Sony Corporation (SPI) HIDCLASS (08/20/2002 7.0.3.820)
"AC3Filter" = AC3Filter (remove only)
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.3.1 Professional
"Adobe Acrobat 8 Professional_831" = Adobe Acrobat 8.3.1 - CPSID_83708
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_0e772471f6aed60c960ed52600a76bd" = Add or Remove Adobe Creative Suite 3 Design Standard
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"AOL Instant Messenger" = AOL Instant Messenger
"AOL Search Enhancement" = Search Enhancement by AOL Search
"Audacity_is1" = Audacity 1.2.6
"AudibleDownloadManager" = Audible Download Manager
"AudibleManager" = AudibleManager
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"BlackBerry_{F804AE2A-92AD-4189-B8B1-7D4207F7AB13}" = BlackBerry Desktop Software 4.2.1
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"FLV Player" = FLV Player 2.0 (build 25)
"GSpot" = GSpot Codec Information Appliance
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"LimeWire" = LimeWire 5.6.2
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MouseSuite98" = Sony USB Mouse
"Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OfotoEZUpload" = KODAK EASYSHARE Gallery Upload ActiveX Control
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"Replay Media Catcher 4" = Replay Media Catcher 4 (4.4.3)
"Replay Video Capture6.0.6" = Replay Video Capture 6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zinio Reader" = Zinio Reader

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{9863F141-7A33-4c9a-A5F2-96996461B216}" = KODAK EASYSHARE Gallery Easy Upload, v2.1
"Move Media Player" = Move Media Player
"Sun Download Manager 2.0 (web)" = Sun Download Manager 2.0 (web)

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/19/2012 7:22:28 PM | Computer Name = ICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/19/2012 7:22:28 PM | Computer Name = ICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 697657

Error - 8/19/2012 7:22:28 PM | Computer Name = ICE | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 697657

Error - 8/19/2012 7:43:03 PM | Computer Name = ICE | Source = Application Error | ID = 1000
Description = Faulting application divx plus player.exe, version 10.3.2.6, faulting
module ir50_32.dll, version 5.2562.15.55, fault address 0x0004e000.

Error - 8/19/2012 7:43:09 PM | Computer Name = ICE | Source = Application Error | ID = 1001
Description = Fault bucket -1466232398.

Error - 8/19/2012 7:43:37 PM | Computer Name = ICE | Source = Application Error | ID = 1000
Description = Faulting application divx plus player.exe, version 10.3.2.6, faulting
module ir50_32.dll, version 5.2562.15.55, fault address 0x0004e000.

Error - 8/22/2012 9:33:32 AM | Computer Name = ICE | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.6:5353 13 6.1.168.192.in-addr.arpa.
PTR ICE-2.local.

Error - 8/22/2012 9:33:32 AM | Computer Name = ICE | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 11 6.1.168.192.in-addr.arpa.
PTR ICE.local.

Error - 8/23/2012 1:07:31 AM | Computer Name = ICE | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.6:5353 13 6.1.168.192.in-addr.arpa.
PTR ICE-2.local.

Error - 8/23/2012 1:07:31 AM | Computer Name = ICE | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 11 6.1.168.192.in-addr.arpa.
PTR ICE.local.

[ System Events ]
Error - 8/8/2012 10:24:29 PM | Computer Name = ICE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 8/10/2012 9:57:57 PM | Computer Name = ICE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 8/11/2012 12:49:38 PM | Computer Name = ICE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 8/18/2012 6:00:46 PM | Computer Name = ICE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 8/19/2012 5:57:10 PM | Computer Name = ICE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 8/21/2012 1:18:53 AM | Computer Name = ICE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 8/22/2012 9:32:47 AM | Computer Name = ICE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 8/22/2012 11:17:54 AM | Computer Name = ICE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 8/22/2012 11:39:21 AM | Computer Name = ICE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

Error - 8/23/2012 1:06:55 AM | Computer Name = ICE | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume F:.

< End of report >

#2
ali.B

Posted 23 August 2012 - 01:43 AM

Trusted Helper

Malware Removal
3,086 posts

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
MOD - [2012/08/19 18:17:55 | 000,123,392 | ---- | M] () -- C:\WINDOWS\system32\fastsrch.dll
O2 - BHO: (Reg Error: Value error.) - {373F4DD9-1EAB-4AE4-A3A8-6F6A2C0DCFB7} - C:\WINDOWS\system32\fastsrch.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O33 - MountPoints2\{421f2166-daa3-11dd-bf86-00166f64563f}\Shell - "" = AutoRun
O33 - MountPoints2\{421f2166-daa3-11dd-bf86-00166f64563f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{421f2166-daa3-11dd-bf86-00166f64563f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2012/08/19 18:17:55 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\fastsrch.dll

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

THEN

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Click on the Delete button.

The report has been created on the desktop.

Next click on the ShortcutsFix
The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

#3
Grifftanen

Posted 25 August 2012 - 08:54 AM

Member

Topic Starter
Member
52 posts

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{373F4DD9-1EAB-4AE4-A3A8-6F6A2C0DCFB7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{373F4DD9-1EAB-4AE4-A3A8-6F6A2C0DCFB7}\ deleted successfully.
C:\WINDOWS\system32\fastsrch.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{421f2166-daa3-11dd-bf86-00166f64563f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{421f2166-daa3-11dd-bf86-00166f64563f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{421f2166-daa3-11dd-bf86-00166f64563f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{421f2166-daa3-11dd-bf86-00166f64563f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{421f2166-daa3-11dd-bf86-00166f64563f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{421f2166-daa3-11dd-bf86-00166f64563f}\ not found.
File G:\LaunchU3.exe -a not found.
File C:\WINDOWS\System32\fastsrch.dll not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Go\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Go\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Go
->Temp folder emptied: 901757059 bytes
->Temporary Internet Files folder emptied: 395297237 bytes
->Java cache emptied: 7196558 bytes
->FireFox cache emptied: 32049354 bytes
->Flash cache emptied: 1092934 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 81010517 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 11184657 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 101214944 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 391671194 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4620897 bytes

Total Files Cleaned = 1,838.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Go
->Flash cache emptied: 492 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.58.1 log created on 08252012_103110

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Go\Local Settings\Temp\fla4.tmp not found!
File\Folder C:\Documents and Settings\Go\Local Settings\Temporary Internet Files\Content.IE5\Z6MUGG09\AMEX_2012050904_RON@x15[1].htm not found!
File\Folder C:\Documents and Settings\Go\Local Settings\Temporary Internet Files\Content.IE5\Z6MUGG09\clk[1].htm not found!
File\Folder C:\Documents and Settings\Go\Local Settings\Temporary Internet Files\Content.IE5\Z6MUGG09\likebox[3].htm not found!
File\Folder C:\Documents and Settings\Go\Local Settings\Temporary Internet Files\Content.IE5\Z6MUGG09\tr-clk[1].htm not found!
File\Folder C:\Documents and Settings\Go\Local Settings\Temporary Internet Files\Content.IE5\WL2K33SW\clk[1].htm not found!
File\Folder C:\Documents and Settings\Go\Local Settings\Temporary Internet Files\Content.IE5\WL2K33SW\destinations[1].htm not found!
File\Folder C:\Documents and Settings\Go\Local Settings\Temporary Internet Files\Content.IE5\WL2K33SW\emily[1].html not found!
File\Folder C:\Documents and Settings\Go\Local Settings\Temporary Internet Files\Content.IE5\WL2K33SW\engine[1].htm not found!
File\Folder C:\Documents and Settings\Go\Local Settings\Temporary Internet Files\Content.IE5\P9SQKP2E\f[1].htm not found!
File\Folder C:\Documents and Settings\Go\Local Settings\Temporary Internet Files\Content.IE5\C9GBZ87I\-WzdRTzRa5k6HlJK6-dK9Q[1].eot not found!
File\Folder C:\Documents and Settings\Go\Local Settings\Temporary Internet Files\Content.IE5\C9GBZ87I\V86VyqXbc09Sss3BPsMj1_Y6323mHUZFJMgTvxaG2iE[1].eot not found!
C:\Documents and Settings\Go\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_418.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#4
Grifftanen

Posted 25 August 2012 - 09:16 AM

Member

Topic Starter
Member
52 posts

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Go :: ICE [administrator]

Protection: Enabled

8/25/2012 11:01:47 AM
mbam-log-2012-08-25 (11-01-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224466
Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCR\AppID\activex.DLL (Adware.180Solutions) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#5
ali.B

Posted 25 August 2012 - 09:18 AM

Trusted Helper

Malware Removal
3,086 posts

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.
Post the log it produces

Step 2

ESET Online Scanner

Click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Things i would like to see in your reply:

Malwarebytes Results.
Eset scanner report.
Update on how your computer is running

#6
Grifftanen

Posted 25 August 2012 - 09:45 AM

Member

Topic Starter
Member
52 posts

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Go [Admin rights]
Mode: Scan -- Date: 08/25/2012 11:25:35

¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] aafnqebg.dll -- C:\Documents and Settings\Go\Local Settings\Application Data\ScanSoft\aafnqebg.dll -> UNLOADED
[SUSP PATH] aafnqebg.dll -- C:\Documents and Settings\Go\Local Settings\Application Data\ScanSoft\aafnqebg.dll -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : ScanSoft (RUNDLL32.EXE "C:\Documents and Settings\Go\Local Settings\Application Data\ScanSoft\aafnqebg.dll",FECoreInstance) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-404175723-207634962-619189434-1006[...]\Run : ScanSoft (RUNDLL32.EXE "C:\Documents and Settings\Go\Local Settings\Application Data\ScanSoft\aafnqebg.dll",FECoreInstance) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541010G9SA00 +++++
--- User ---
[MBR] 41bfa875ef5cf9e45562bcfcce59b775
[BSP] dd1561a198ac5fd7786131b6a27a09b6 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 6149 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12594960 | Size: 89243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#7
Grifftanen

Posted 25 August 2012 - 09:45 AM

Member

Topic Starter
Member
52 posts

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Go [Admin rights]
Mode: Remove -- Date: 08/25/2012 11:27:47

¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] aafnqebg.dll -- C:\Documents and Settings\Go\Local Settings\Application Data\ScanSoft\aafnqebg.dll -> UNLOADED
[SUSP PATH] aafnqebg.dll -- C:\Documents and Settings\Go\Local Settings\Application Data\ScanSoft\aafnqebg.dll -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : ScanSoft (RUNDLL32.EXE "C:\Documents and Settings\Go\Local Settings\Application Data\ScanSoft\aafnqebg.dll",FECoreInstance) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HTS541010G9SA00 +++++
--- User ---
[MBR] 41bfa875ef5cf9e45562bcfcce59b775
[BSP] dd1561a198ac5fd7786131b6a27a09b6 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 6149 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 12594960 | Size: 89243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#8
Grifftanen

Posted 25 August 2012 - 09:45 AM

Member

Topic Starter
Member
52 posts

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Go [Admin rights]
Mode: Shortcuts HJfix -- Date: 08/25/2012 11:35:57

¤¤¤ Bad processes: 2 ¤¤¤
[SUSP PATH] aafnqebg.dll -- C:\Documents and Settings\Go\Local Settings\Application Data\ScanSoft\aafnqebg.dll -> UNLOADED
[SUSP PATH] aafnqebg.dll -- C:\Documents and Settings\Go\Local Settings\Application Data\ScanSoft\aafnqebg.dll -> KILLED [TermProc]

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 18 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 14 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 87 / Fail 0
My documents: Success 15 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 1628 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\Harddisk0\DP(2)0x1805e2000-0x15c9be6200+2 -- 0x3 --> Restored
[D:] \Device\Harddisk1\DP(1)0-0+4 -- 0x2 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\Harddisk0\DP(1)0x7e00-0x1805da200+1 -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

#9
Grifftanen

Posted 25 August 2012 - 10:07 AM

Member

Topic Starter
Member
52 posts

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.25.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Go :: ICE [administrator]

Protection: Enabled

8/25/2012 11:58:10 AM
mbam-log-2012-08-25 (11-58-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224835
Time elapsed: 7 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10
Grifftanen

Posted 25 August 2012 - 05:29 PM

Member

Topic Starter
Member
52 posts

C:\_OTL\MovedFiles\08252012_103110\C_WINDOWS\system32\fastsrch.dll a variant of Win32/Injector.PKW trojan cleaned by deleting - quarantined

#11
Grifftanen

Posted 25 August 2012 - 05:32 PM

Member

Topic Starter
Member
52 posts

It appears to be running much better. Google still only opens a search term in a new window instead of the same, and when I empty the recycle bin, I get an error message that I cannot delete one file, the filename specified is not valid or too long. Specify a different file name. Thanks.

#12
ali.B

Posted 26 August 2012 - 12:07 AM

Trusted Helper

Malware Removal
3,086 posts

Can you try emptying the file one by one and let me know what file is causing the error

#13
ali.B

Posted 29 August 2012 - 08:22 AM

Trusted Helper

Malware Removal
3,086 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.