Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

businesslistingsearch.net redirect [Solved]


  • This topic is locked This topic is locked

#1
Grifftanen

Grifftanen

    Member

  • Member
  • PipPip
  • 52 posts
Any google search, when selecting any result, takes me to a pop-up redirect through businesslistingsearch.net. I never get to the actual searched selection. I've run Malwarebytes twice, both times it has found something and I remove it, but on reboot, this redirect is still here. Please help.
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I will need a look at the system, do the redirects occur in Firefox, IE or both

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
Grifftanen

Grifftanen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
OTL logfile created on: 10/31/2012 3:03:43 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Go\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.08% Memory free
3.84 Gb Paging File | 2.96 Gb Available in Paging File | 77.24% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 87.15 Gb Total Space | 2.83 Gb Free Space | 3.24% Space Free | Partition Type: NTFS
Drive F: | 6.01 Gb Total Space | 1.74 Gb Free Space | 28.92% Space Free | Partition Type: NTFS

Computer Name: ICE | User Name: Go | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/31 14:53:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Go\Desktop\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/04/10 16:06:42 | 000,951,656 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
PRC - [2011/04/10 16:06:40 | 000,730,472 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
PRC - [2011/04/10 16:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
PRC - [2008/08/29 18:34:04 | 002,084,488 | ---- | M] () -- C:\Program Files\OpenCASE\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
PRC - [2008/08/29 18:33:48 | 000,835,208 | ---- | M] (ExtendMedia Inc.) -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005/09/01 15:46:48 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/09/01 15:46:46 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/09/01 15:46:42 | 000,270,336 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2005/04/04 18:58:30 | 003,502,080 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005/04/04 18:58:30 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/17 08:52:21 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\dbc413807cb7360b3e26ef3ca1d54f9a\System.Web.ni.dll
MOD - [2012/06/17 08:50:35 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/17 08:50:10 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/06/17 08:50:06 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/17 08:49:06 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/05/12 14:36:32 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/11 20:35:57 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 20:35:51 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll
MOD - [2012/05/11 20:31:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/11 20:31:09 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/11 20:30:58 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/11 20:30:23 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2008/11/02 04:14:43 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CSMInterface\5.3.1.1__6cba14bfb4f12ba0\CSMInterface.dll
MOD - [2008/11/02 04:14:43 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CSMRemotable\5.3.1.1__93c818616a5c6d1f\CSMRemotable.dll
MOD - [2008/08/29 18:34:04 | 002,084,488 | ---- | M] () -- C:\Program Files\OpenCASE\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
MOD - [2008/08/29 18:34:02 | 000,036,488 | ---- | M] () -- C:\Program Files\OpenCASE\OpenCASE Media Agent\Interop.PortableDeviceApiLib.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/03/25 00:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2006/08/05 11:34:34 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/07/02 21:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/02 21:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/04/04 18:58:36 | 001,019,904 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
MOD - [2005/04/04 18:58:36 | 000,434,255 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
MOD - [2005/04/04 18:58:34 | 000,057,453 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
MOD - [2005/04/04 18:58:34 | 000,053,364 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
MOD - [2005/04/04 18:58:32 | 000,057,455 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
MOD - [2005/04/04 18:58:30 | 003,502,080 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
MOD - [2005/04/04 18:58:30 | 000,102,515 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
MOD - [2005/04/04 18:58:28 | 000,032,880 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
MOD - [2005/04/04 18:58:24 | 000,028,791 | ---- | M] () -- C:\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll


========== Services (SafeList) ==========

SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/04/10 16:06:38 | 005,240,168 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV - [2008/08/29 18:33:48 | 000,835,208 | ---- | M] (ExtendMedia Inc.) [Auto | Running] -- C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe -- (OpenCASE Media Agent)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2007/12/21 01:53:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/05/08 04:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 17:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 17:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 17:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\Avlib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/10/14 13:41:12 | 001,982,464 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2005/10/11 15:07:50 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2005/10/11 15:02:02 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2005/10/11 15:00:46 | 000,188,416 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2005/10/06 18:21:06 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/09/01 15:46:48 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/09/01 15:46:46 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/09/01 15:46:42 | 000,270,336 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/04/04 18:58:28 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\smap\tools32\IO.SYS -- (IO)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/25 20:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP)
DRV - [2011/06/25 20:56:44 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand)
DRV - [2011/04/10 16:07:03 | 000,027,648 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkGAport.sys -- (DisplayLinkGA)
DRV - [2011/04/10 16:07:03 | 000,024,448 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys -- (DisplayLinkmirror)
DRV - [2011/04/10 16:07:03 | 000,007,296 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys -- (DisplayLinkFilter)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/11/05 01:56:00 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/07/02 23:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/29 19:49:38 | 002,206,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2005/11/30 18:12:16 | 000,028,800 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2005/11/30 15:38:50 | 000,232,448 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2005/10/28 06:00:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2005/10/28 06:00:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/12 03:00:44 | 000,077,312 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifmsony.sys -- (tifmsony)
DRV - [2005/08/09 19:43:46 | 003,855,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005/07/08 16:40:42 | 000,260,144 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Nuvision.sys -- (NuVision)
DRV - [2005/03/04 14:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/09/24 14:02:58 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2003/09/24 14:02:58 | 000,146,560 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys -- (DVDVRRdr_xp)
DRV - [2003/09/24 14:02:56 | 000,260,224 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2003/09/24 14:02:56 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2003/09/24 14:02:56 | 000,022,777 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2003/09/24 14:02:56 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2000/12/05 16:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-404175723-207634962-619189434-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-404175723-207634962-619189434-1006\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-404175723-207634962-619189434-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-404175723-207634962-619189434-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-404175723-207634962-619189434-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-404175723-207634962-619189434-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Go\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Go\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/22 03:40:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/09 23:59:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/09 23:59:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Go\Application Data\Move Networks [2009/07/30 02:39:33 | 000,000,000 | ---D | M]

[2009/03/11 01:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Go\Application Data\Mozilla\Extensions
[2009/03/11 01:45:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Go\Application Data\Mozilla\Extensions\[email protected]
[2011/12/11 15:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/21 00:04:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/20 21:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 21:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/25 10:31:22 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-404175723-207634962-619189434-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Go\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-404175723-207634962-619189434-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-404175723-207634962-619189434-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-404175723-207634962-619189434-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-404175723-207634962-619189434-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-404175723-207634962-619189434-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\S-1-5-21-404175723-207634962-619189434-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-404175723-207634962-619189434-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O8 - Extra context menu item: Append to existing PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\AIM\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} http://www.blackberr...re/AxLoader.cab (AxLoaderPassword Class)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-w...agi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} http://www.kodakgall..._2/axofupld.cab (Kodak Gallery Easy Upload Manager Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} http://imlive.com/ch...urce/ImlCID.cab (imlUCID Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06071909.cab (Reg Error: Key error.)
O16 - DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} http://aolsvc.aol.co...sh.1.0.0.10.cab (CPlayFirstParkingDasControl Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BEF25BB-FFDE-4C84-8B92-BCDC10AFA51F}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logitech\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\untitled.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\untitled.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/21 13:57:18 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2005/12/05 23:37:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:F *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/31 14:53:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Go\Desktop\OTL.exe
[2012/10/31 13:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Go\Desktop\121030 Cassa Action LIst & Backup
[2012/10/30 15:18:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Go\Recent
[2012/10/30 13:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/10/14 21:22:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/10/14 21:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/10/14 19:14:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/10/14 19:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/10/14 19:08:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/07/14 21:48:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Go\Application Data\pcouffin.sys
[2006/12/28 01:35:56 | 000,089,680 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Go\MSSSerif120.fon

========== Files - Modified Within 30 Days ==========

[2012/10/31 15:19:18 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/31 14:53:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Go\Desktop\OTL.exe
[2012/10/31 13:06:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/31 13:04:42 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012/10/31 13:04:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/31 13:04:08 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/24 00:37:45 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Go\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/14 18:57:01 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\87e2d931.pad
[2012/10/12 23:15:05 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/12 23:15:02 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/10/12 22:52:07 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/10/14 21:17:12 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/14 18:51:02 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\87e2d931.pad
[2012/02/18 13:52:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2009/08/24 19:42:33 | 000,001,258 | ---- | C] () -- C:\Documents and Settings\Go\.jmf-resource
[2009/07/14 21:48:57 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Go\Application Data\vso_ts_preview.xml
[2009/07/14 21:48:19 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Go\Application Data\inst.exe
[2009/07/14 21:48:19 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Go\Application Data\pcouffin.cat
[2009/07/14 21:48:19 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Go\Application Data\pcouffin.inf
[2008/12/07 22:03:07 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\Go\pool.bin
[2007/08/30 23:50:11 | 000,251,026 | ---- | C] () -- C:\Documents and Settings\Go\Local Settings\Application Data\imageCache.db
[2007/03/30 10:02:50 | 000,006,454 | ---- | C] () -- C:\Documents and Settings\Go\.plugin141_02.trace
[2006/11/17 01:42:21 | 000,002,506 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/10 02:35:41 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Go\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/31 21:08:13 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Go\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2005/12/06 15:45:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\alg.exe -- (ALG)
No service found with a name of wuauserv
No service found with a name of BITS
SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - [2008/04/13 20:11:54 | 000,021,504 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
No service found with a name of SharedAccess
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 08:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2005/10/31 11:56:00 | 000,700,416 | ---- | M] (LimeWire) -- C:\StubInstaller.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES >
[2004/08/04 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2004/08/04 08:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\WINDOWS\I386\SERVICES._

< MD5 for: SERVICES.EX_ >
[2004/08/04 08:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\WINDOWS\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2001/08/23 22:53:56 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=0984D1475332DCD85DDBC0B8A6D1A0DD -- C:\WINDOWS\mui\FALLBACK\040C\services.exe.mui
[2001/08/23 03:21:14 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=ACECA4F1B2CFD3ABD7CA626AC282255D -- C:\WINDOWS\mui\FALLBACK\0C0A\services.exe.mui
[2001/09/06 04:40:48 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=C2896FAB0221FD11630FD5CBBE48CE6F -- C:\WINDOWS\mui\FALLBACK\0416\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/11/01 00:57:02 | 000,001,602 | ---- | M] () MD5=7F76027DD75E1D1EF2EFE50BE2B21F45 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/10/14 19:33:06 | 000,000,313 | ---- | M] () MD5=9AC57996B33CF3AD6E10B9C13E11C6A8 -- C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\E7MLRR6E\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MS_ >
[2004/08/04 08:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\WINDOWS\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2004/08/04 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtUninstallKB307154$\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004/08/13 19:01:19 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=EA16F83B5E4964C100F6098CE9874927 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DL_ >
[2004/08/04 08:00:00 | 000,001,516 | ---- | M] () MD5=DBE00AC2D306E49623D471A292EF25DC -- C:\WINDOWS\I386\WINSOCK.DL_

< MD5 for: WINSOCK.DLL >
[2004/08/04 08:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB16084$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
  • 0

#4
Grifftanen

Grifftanen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I'm only using IE, I dont have firefox, so this is only occurring with IE. No Extras.txt was created. OTL didn't have an option for 64bit scan.
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What is your antivirus ?

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application
    Posted Image
  • Then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.

  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  • Get the report by selecting Reports

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Please copy and paste its contents on your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#6
Grifftanen

Grifftanen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
15:52:07.0671 2992 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
15:52:07.0921 2992 ============================================================
15:52:07.0921 2992 Current date / time: 2012/10/31 15:52:07.0921
15:52:07.0921 2992 SystemInfo:
15:52:07.0921 2992
15:52:07.0921 2992 OS Version: 5.1.2600 ServicePack: 3.0
15:52:07.0921 2992 Product type: Workstation
15:52:07.0921 2992 ComputerName: ICE
15:52:07.0921 2992 UserName: Go
15:52:07.0921 2992 Windows directory: C:\WINDOWS
15:52:07.0921 2992 System windows directory: C:\WINDOWS
15:52:07.0921 2992 Processor architecture: Intel x86
15:52:07.0921 2992 Number of processors: 1
15:52:07.0921 2992 Page size: 0x1000
15:52:07.0921 2992 Boot type: Normal boot
15:52:07.0921 2992 ============================================================
15:52:10.0125 2992 Drive \Device\Harddisk0\DR0 - Size: 0x174A446000 (93.16 Gb), SectorSize: 0x200, Cylinders: 0x2F81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
15:52:10.0125 2992 ============================================================
15:52:10.0125 2992 \Device\Harddisk0\DR0:
15:52:10.0140 2992 MBR partitions:
15:52:10.0140 2992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC02F10, BlocksNum 0xAE4DF31
15:52:10.0140 2992 ============================================================
15:52:10.0140 2992 Initialize success
15:52:10.0140 2992 ============================================================
15:55:45.0296 4320 ============================================================
15:55:45.0296 4320 Scan started
15:55:45.0296 4320 Mode: Manual; SigCheck; TDLFS;
15:55:45.0296 4320 ============================================================
15:55:45.0546 4320 ================ Scan system memory ========================
15:55:47.0250 4320 System memory - ok
15:55:47.0250 4320 ================ Scan services =============================
15:55:47.0281 4320 6to4 - ok
15:55:47.0281 4320 Abiosdsk - ok
15:55:47.0296 4320 abp480n5 - ok
15:55:47.0296 4320 ACPI - ok
15:55:47.0296 4320 ACPIEC - ok
15:55:47.0312 4320 Adobe LM Service - ok
15:55:47.0312 4320 Adobe Version Cue CS2 - ok
15:55:47.0328 4320 Adobe Version Cue CS3 - ok
15:55:47.0328 4320 adpu160m - ok
15:55:47.0343 4320 aec - ok
15:55:47.0343 4320 AegisP - ok
15:55:47.0343 4320 AFD - ok
15:55:47.0359 4320 AFGMp50 - ok
15:55:47.0359 4320 AFGSp50 - ok
15:55:47.0375 4320 Aha154x - ok
15:55:47.0375 4320 aic78u2 - ok
15:55:47.0390 4320 aic78xx - ok
15:55:47.0390 4320 Alerter - ok
15:55:47.0390 4320 ALG - ok
15:55:47.0406 4320 AliIde - ok
15:55:47.0406 4320 amsint - ok
15:55:47.0421 4320 ApfiltrService - ok
15:55:47.0421 4320 Apple Mobile Device - ok
15:55:47.0437 4320 appliand - ok
15:55:47.0437 4320 appliandMP - ok
15:55:47.0453 4320 AppMgmt - ok
15:55:47.0453 4320 Arp1394 - ok
15:55:47.0453 4320 asc - ok
15:55:47.0468 4320 asc3350p - ok
15:55:47.0468 4320 asc3550 - ok
15:55:47.0484 4320 aspnet_state - ok
15:55:47.0500 4320 AsyncMac - ok
15:55:47.0500 4320 atapi - ok
15:55:47.0515 4320 Atdisk - ok
15:55:47.0515 4320 Atmarpc - ok
15:55:47.0531 4320 AudioSrv - ok
15:55:47.0531 4320 audstub - ok
15:55:47.0546 4320 Beep - ok
15:55:47.0546 4320 Bonjour Service - ok
15:55:47.0562 4320 Browser - ok
15:55:47.0562 4320 catchme - ok
15:55:47.0562 4320 cbidf2k - ok
15:55:47.0578 4320 CCDECODE - ok
15:55:47.0578 4320 cd20xrnt - ok
15:55:47.0578 4320 Cdaudio - ok
15:55:47.0593 4320 Cdfs - ok
15:55:47.0593 4320 Cdr4_xp - ok
15:55:47.0609 4320 Cdralw2k - ok
15:55:47.0609 4320 Cdrom - ok
15:55:47.0625 4320 cdudf_xp - ok
15:55:47.0625 4320 Changer - ok
15:55:47.0640 4320 CiSvc - ok
15:55:47.0640 4320 ClipSrv - ok
15:55:47.0656 4320 clr_optimization_v2.0.50727_32 - ok
15:55:47.0656 4320 CmBatt - ok
15:55:47.0671 4320 CmdIde - ok
15:55:47.0671 4320 Compbatt - ok
15:55:47.0687 4320 COMSysApp - ok
15:55:47.0703 4320 Cpqarray - ok
15:55:47.0703 4320 CryptSvc - ok
15:55:47.0703 4320 dac2w2k - ok
15:55:47.0718 4320 dac960nt - ok
15:55:47.0718 4320 DcomLaunch - ok
15:55:47.0734 4320 Dhcp - ok
15:55:47.0734 4320 Disk - ok
15:55:47.0765 4320 DisplayLinkFilter - ok
15:55:47.0781 4320 DisplayLinkGA - ok
15:55:47.0781 4320 DisplayLinkmirror - ok
15:55:47.0796 4320 DisplayLinkService - ok
15:55:47.0796 4320 dmadmin - ok
15:55:47.0812 4320 dmboot - ok
15:55:47.0812 4320 DMICall - ok
15:55:47.0812 4320 dmio - ok
15:55:47.0828 4320 dmload - ok
15:55:47.0828 4320 dmserver - ok
15:55:47.0843 4320 DMusic - ok
15:55:47.0843 4320 Dnscache - ok
15:55:47.0843 4320 Dot3svc - ok
15:55:47.0859 4320 dpti2o - ok
15:55:47.0859 4320 drmkaud - ok
15:55:47.0875 4320 DVDVRRdr_xp - ok
15:55:47.0875 4320 dvd_2K - ok
15:55:47.0890 4320 EapHost - ok
15:55:47.0890 4320 ERSvc - ok
15:55:47.0906 4320 Eventlog - ok
15:55:47.0906 4320 EventSystem - ok
15:55:47.0906 4320 EvtEng - ok
15:55:47.0921 4320 Fastfat - ok
15:55:47.0921 4320 FastUserSwitchingCompatibility - ok
15:55:47.0937 4320 Fdc - ok
15:55:47.0937 4320 Fips - ok
15:55:47.0953 4320 FLEXnet Licensing Service - ok
15:55:47.0953 4320 Flpydisk - ok
15:55:47.0953 4320 FltMgr - ok
15:55:47.0968 4320 FontCache3.0.0.0 - ok
15:55:47.0968 4320 Fs_Rec - ok
15:55:47.0984 4320 Ftdisk - ok
15:55:47.0984 4320 GEARAspiWDM - ok
15:55:48.0000 4320 gmer - ok
15:55:48.0000 4320 Gpc - ok
15:55:48.0015 4320 HDAudBus - ok
15:55:48.0015 4320 helpsvc - ok
15:55:48.0015 4320 HidServ - ok
15:55:48.0031 4320 hidusb - ok
15:55:48.0031 4320 hkmsvc - ok
15:55:48.0046 4320 hpn - ok
15:55:48.0046 4320 HPZid412 - ok
15:55:48.0062 4320 HPZipr12 - ok
15:55:48.0062 4320 HPZius12 - ok
15:55:48.0078 4320 HSFHWAZL - ok
15:55:48.0078 4320 HSF_DPV - ok
15:55:48.0078 4320 HTTP - ok
15:55:48.0093 4320 HTTPFilter - ok
15:55:48.0093 4320 i2omgmt - ok
15:55:48.0109 4320 i2omp - ok
15:55:48.0109 4320 i8042prt - ok
15:55:48.0125 4320 ialm - ok
15:55:48.0125 4320 IDriverT - ok
15:55:48.0140 4320 idsvc - ok
15:55:48.0140 4320 Image Converter video recording monitor for VAIO Entertainment - ok
15:55:48.0140 4320 Imapi - ok
15:55:48.0156 4320 ImapiService - ok
15:55:48.0171 4320 ini910u - ok
15:55:48.0171 4320 IntcAzAudAddService - ok
15:55:48.0187 4320 IntelIde - ok
15:55:48.0187 4320 intelppm - ok
15:55:48.0203 4320 IO - ok
15:55:48.0203 4320 Ip6Fw - ok
15:55:48.0203 4320 IpFilterDriver - ok
15:55:48.0218 4320 IpInIp - ok
15:55:48.0218 4320 IpNat - ok
15:55:48.0234 4320 iPod Service - ok
15:55:48.0234 4320 Iprip - ok
15:55:48.0250 4320 IPSec - ok
15:55:48.0250 4320 IRENUM - ok
15:55:48.0265 4320 isapnp - ok
15:55:48.0265 4320 JavaQuickStarterService - ok
15:55:48.0281 4320 Kbdclass - ok
15:55:48.0281 4320 kmixer - ok
15:55:48.0296 4320 KSecDD - ok
15:55:48.0296 4320 lanmanserver - ok
15:55:48.0296 4320 lanmanworkstation - ok
15:55:48.0312 4320 lbrtfdc - ok
15:55:48.0312 4320 LBTServ - ok
15:55:48.0328 4320 LHidFilt - ok
15:55:48.0343 4320 LmHosts - ok
15:55:48.0343 4320 LMouFilt - ok
15:55:48.0359 4320 MBAMProtector - ok
15:55:48.0359 4320 MBAMScheduler - ok
15:55:48.0375 4320 MBAMService - ok
15:55:48.0375 4320 mdmxsdk - ok
15:55:48.0375 4320 Messenger - ok
15:55:48.0390 4320 mmc_2K - ok
15:55:48.0390 4320 mnmdd - ok
15:55:48.0406 4320 mnmsrvc - ok
15:55:48.0406 4320 Modem - ok
15:55:48.0421 4320 Mouclass - ok
15:55:48.0421 4320 mouhid - ok
15:55:48.0453 4320 MountMgr - ok
15:55:48.0468 4320 mraid35x - ok
15:55:48.0468 4320 MRxDAV - ok
15:55:48.0484 4320 MRxSmb - ok
15:55:48.0484 4320 MSCSPTISRV - ok
15:55:48.0500 4320 MSDTC - ok
15:55:48.0500 4320 Msfs - ok
15:55:48.0515 4320 MSIServer - ok
15:55:48.0515 4320 MSKSSRV - ok
15:55:48.0531 4320 MSPCLOCK - ok
15:55:48.0531 4320 MSPQM - ok
15:55:48.0531 4320 mssmbios - ok
15:55:48.0546 4320 MSSQL$MICROSOFTBCM - ok
15:55:48.0546 4320 MSSQLServerADHelper - ok
15:55:48.0562 4320 MSTEE - ok
15:55:48.0562 4320 Mup - ok
15:55:48.0578 4320 NABTSFEC - ok
15:55:48.0578 4320 napagent - ok
15:55:48.0593 4320 NDIS - ok
15:55:48.0593 4320 NdisIP - ok
15:55:48.0593 4320 NdisTapi - ok
15:55:48.0609 4320 Ndisuio - ok
15:55:48.0609 4320 NdisWan - ok
15:55:48.0625 4320 NDProxy - ok
15:55:48.0625 4320 NetBIOS - ok
15:55:48.0640 4320 NetBT - ok
15:55:48.0640 4320 NetDDE - ok
15:55:48.0656 4320 NetDDEdsdm - ok
15:55:48.0656 4320 Netlogon - ok
15:55:48.0656 4320 Netman - ok
15:55:48.0671 4320 NetTcpPortSharing - ok
15:55:48.0671 4320 NIC1394 - ok
15:55:48.0687 4320 Nla - ok
15:55:48.0687 4320 Npfs - ok
15:55:48.0703 4320 Ntfs - ok
15:55:48.0703 4320 NtLmSsp - ok
15:55:48.0718 4320 NtmsSvc - ok
15:55:48.0718 4320 Null - ok
15:55:48.0734 4320 NuVision - ok
15:55:48.0734 4320 NwlnkFlt - ok
15:55:48.0734 4320 NwlnkFwd - ok
15:55:48.0750 4320 ohci1394 - ok
15:55:48.0750 4320 OpenCASE Media Agent - ok
15:55:48.0765 4320 ose - ok
15:55:48.0765 4320 p2pgasvc - ok
15:55:48.0781 4320 p2pimsvc - ok
15:55:48.0781 4320 p2psvc - ok
15:55:48.0796 4320 PACSPTISVR - ok
15:55:48.0796 4320 Parport - ok
15:55:48.0812 4320 PartMgr - ok
15:55:48.0812 4320 ParVdm - ok
15:55:48.0828 4320 pavboot - ok
15:55:48.0828 4320 PCI - ok
15:55:48.0828 4320 PCIDump - ok
15:55:48.0843 4320 PCIIde - ok
15:55:48.0843 4320 Pcmcia - ok
15:55:48.0859 4320 pcouffin - ok
15:55:48.0859 4320 PDCOMP - ok
15:55:48.0875 4320 PDFRAME - ok
15:55:48.0875 4320 PDRELI - ok
15:55:48.0875 4320 PDRFRAME - ok
15:55:48.0890 4320 perc2 - ok
15:55:48.0890 4320 perc2hib - ok
15:55:48.0921 4320 PlugPlay - ok
15:55:48.0921 4320 Pml Driver HPZ12 - ok
15:55:48.0937 4320 PNRPSvc - ok
15:55:48.0937 4320 PolicyAgent - ok
15:55:48.0953 4320 PptpMiniport - ok
15:55:48.0953 4320 ProtectedStorage - ok
15:55:48.0968 4320 PSched - ok
15:55:48.0968 4320 Ptilink - ok
15:55:48.0968 4320 pwd_2k - ok
15:55:48.0984 4320 PxHelp20 - ok
15:55:48.0984 4320 ql1080 - ok
15:55:49.0000 4320 Ql10wnt - ok
15:55:49.0000 4320 ql12160 - ok
15:55:49.0015 4320 ql1240 - ok
15:55:49.0015 4320 ql1280 - ok
15:55:49.0031 4320 RasAcd - ok
15:55:49.0031 4320 RasAuto - ok
15:55:49.0046 4320 Rasl2tp - ok
15:55:49.0046 4320 RasMan - ok
15:55:49.0046 4320 RasPppoe - ok
15:55:49.0062 4320 Raspti - ok
15:55:49.0062 4320 Rdbss - ok
15:55:49.0078 4320 RDPCDD - ok
15:55:49.0078 4320 rdpdr - ok
15:55:49.0093 4320 RDPWD - ok
15:55:49.0109 4320 RDSessMgr - ok
15:55:49.0109 4320 redbook - ok
15:55:49.0109 4320 RegSrvc - ok
15:55:49.0125 4320 RemoteAccess - ok
15:55:49.0125 4320 RemoteRegistry - ok
15:55:49.0140 4320 RimUsb - ok
15:55:49.0140 4320 RimVSerPort - ok
15:55:49.0156 4320 ROOTMODEM - ok
15:55:49.0156 4320 RpcLocator - ok
15:55:49.0171 4320 RpcSs - ok
15:55:49.0171 4320 RSVP - ok
15:55:49.0187 4320 RTL8023xp - ok
15:55:49.0187 4320 S24EventMonitor - ok
15:55:49.0187 4320 s24trans - ok
15:55:49.0203 4320 SamSs - ok
15:55:49.0203 4320 SCardSvr - ok
15:55:49.0218 4320 Schedule - ok
15:55:49.0218 4320 Secdrv - ok
15:55:49.0234 4320 seclogon - ok
15:55:49.0234 4320 SENS - ok
15:55:49.0250 4320 Serial - ok
15:55:49.0265 4320 Sfloppy - ok
15:55:49.0281 4320 ShellHWDetection - ok
15:55:49.0281 4320 Simbad - ok
15:55:49.0296 4320 SimpTcp - ok
15:55:49.0296 4320 SLIP - ok
15:55:49.0312 4320 SNC - ok
15:55:49.0312 4320 SonyImgF - ok
15:55:49.0328 4320 Sparrow - ok
15:55:49.0328 4320 splitter - ok
15:55:49.0328 4320 Spooler - ok
15:55:49.0343 4320 SPTISRV - ok
15:55:49.0343 4320 SQLAgent$MICROSOFTBCM - ok
15:55:49.0359 4320 sr - ok
15:55:49.0359 4320 srservice - ok
15:55:49.0375 4320 Srv - ok
15:55:49.0375 4320 SSDPSRV - ok
15:55:49.0390 4320 SSScsiSV - ok
15:55:49.0390 4320 stisvc - ok
15:55:49.0390 4320 streamip - ok
15:55:49.0406 4320 swenum - ok
15:55:49.0406 4320 swmidi - ok
15:55:49.0421 4320 SwPrv - ok
15:55:49.0437 4320 sxuptp - ok
15:55:49.0437 4320 symc810 - ok
15:55:49.0453 4320 symc8xx - ok
15:55:49.0453 4320 sym_hi - ok
15:55:49.0468 4320 sym_u3 - ok
15:55:49.0468 4320 sysaudio - ok
15:55:49.0468 4320 SysmonLog - ok
15:55:49.0484 4320 TapiSrv - ok
15:55:49.0500 4320 Tcpip - ok
15:55:49.0500 4320 Tcpip6 - ok
15:55:49.0500 4320 TDPIPE - ok
15:55:49.0515 4320 TDTCP - ok
15:55:49.0515 4320 TermDD - ok
15:55:49.0531 4320 TermService - ok
15:55:49.0531 4320 Themes - ok
15:55:49.0546 4320 tifmsony - ok
15:55:49.0546 4320 TlntSvr - ok
15:55:49.0562 4320 TosIde - ok
15:55:49.0562 4320 TrkWks - ok
15:55:49.0578 4320 tunmp - ok
15:55:49.0578 4320 UdfReadr_xp - ok
15:55:49.0593 4320 Udfs - ok
15:55:49.0593 4320 ultra - ok
15:55:49.0593 4320 Update - ok
15:55:49.0609 4320 upnphost - ok
15:55:49.0609 4320 UPS - ok
15:55:49.0625 4320 USBAAPL - ok
15:55:49.0625 4320 usbccgp - ok
15:55:49.0640 4320 usbehci - ok
15:55:49.0640 4320 usbhub - ok
15:55:49.0656 4320 usbprint - ok
15:55:49.0656 4320 usbscan - ok
15:55:49.0671 4320 usbstor - ok
15:55:49.0671 4320 usbuhci - ok
15:55:49.0687 4320 usbvm321 - ok
15:55:49.0687 4320 VAIO Entertainment TV Device Arbitration Service - ok
15:55:49.0703 4320 VAIOMediaPlatform-IntegratedServer-AppServer - ok
15:55:49.0703 4320 VAIOMediaPlatform-IntegratedServer-HTTP - ok
15:55:49.0718 4320 VAIOMediaPlatform-IntegratedServer-UPnP - ok
15:55:49.0718 4320 Vcsw - ok
15:55:49.0734 4320 VgaSave - ok
15:55:49.0734 4320 ViaIde - ok
15:55:49.0750 4320 VolSnap - ok
15:55:49.0750 4320 VSS - ok
15:55:49.0765 4320 VzCdbSvc - ok
15:55:49.0765 4320 VzFw - ok
15:55:49.0781 4320 w29n51 - ok
15:55:49.0781 4320 W32Time - ok
15:55:49.0796 4320 Wanarp - ok
15:55:49.0796 4320 Wdf01000 - ok
15:55:49.0812 4320 WDICA - ok
15:55:49.0812 4320 wdmaud - ok
15:55:49.0828 4320 WebClient - ok
15:55:49.0828 4320 winachsf - ok
15:55:49.0843 4320 winmgmt - ok
15:55:49.0859 4320 WMDM PMSP Service - ok
15:55:49.0859 4320 WmdmPmSN - ok
15:55:49.0875 4320 Wmi - ok
15:55:49.0875 4320 WmiApSrv - ok
15:55:49.0890 4320 WMPNetworkSvc - ok
15:55:49.0890 4320 WpdUsb - ok
15:55:49.0906 4320 WSTCODEC - ok
15:55:49.0921 4320 WudfPf - ok
15:55:49.0921 4320 WudfRd - ok
15:55:49.0921 4320 WudfSvc - ok
15:55:49.0937 4320 WZCSVC - ok
15:55:49.0937 4320 xmlprov - ok
15:55:49.0953 4320 ================ Scan global ===============================
15:55:49.0968 4320 [Global] - ok
15:55:49.0968 4320 ================ Scan MBR ==================================
15:55:50.0000 4320 [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk0\DR0
15:55:50.0375 4320 \Device\Harddisk0\DR0 - ok
15:55:50.0375 4320 ================ Scan VBR ==================================
15:55:50.0390 4320 [ 9CE44F0B2E743C556AD381DB1B421D2A ] \Device\Harddisk0\DR0\Partition1
15:55:50.0390 4320 \Device\Harddisk0\DR0\Partition1 - ok
15:55:50.0390 4320 ============================================================
15:55:50.0390 4320 Scan finished
15:55:50.0390 4320 ============================================================
15:55:50.0421 5200 Detected object count: 0
15:55:50.0421 5200 Actual detected object count: 0
  • 0

#7
Grifftanen

Grifftanen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
ComboFix 12-10-31.03 - Go 10/31/2012 16:08:44.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1390 [GMT -4:00]
Running from: c:\documents and settings\Go\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\87e2d931.pad
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB16084$\54345193\@
c:\windows\$NtUninstallKB16084$\54345193\Desktop.ini
c:\windows\$NtUninstallKB16084$\54345193\L\[email protected]
c:\windows\$NtUninstallKB16084$\54345193\L\201d3dde
c:\windows\$NtUninstallKB16084$\54345193\L\guoteajd
c:\windows\$NtUninstallKB16084$\54345193\U\[email protected]
c:\windows\$NtUninstallKB16084$\54345193\U\[email protected]
c:\windows\$NtUninstallKB16084$\54345193\U\[email protected]
c:\windows\$NtUninstallKB16084$\54345193\U\[email protected]
c:\windows\$NtUninstallKB16084$\54345193\U\[email protected]
c:\windows\$NtUninstallKB16084$\731579075
c:\windows\system32\MUI\040C\tourstart.exe
c:\windows\system32\MUI\0416\tourstart.exe
c:\windows\system32\MUI\0C0A\tourstart.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\$NtUninstallKB16084$ . . . . Failed to delete
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IO
-------\Legacy_NPF
-------\Service_IO
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))))
.
.
2012-10-31 20:03 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-10-31 20:03 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 03:15 . 2012-04-01 23:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 03:15 . 2011-05-16 14:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 23:54 . 2012-08-25 14:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14 . 2005-12-06 02:20 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2005-12-06 02:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2005-12-06 02:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2005-12-06 02:20 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2005-12-06 02:20 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 17:01 . 2008-01-29 16:02 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 17:01 . 2008-01-29 16:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 13:29 . 2005-12-06 02:20 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-21 04:04 . 2011-12-11 19:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Adobe Version Cue CS2"="c:\adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\itunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\documents and settings\Go\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\limewire\LimeWire.exe [2010-11-7 503808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-30 17:12 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:F *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 17:24 624056 ----a-w- c:\adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 01:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 06:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
2005-04-04 22:58 856064 ----a-w- c:\adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 12:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-06-12 02:51 53248 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2008-10-05 03:24 235936 -c--a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12 32768 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-07-15 16:36 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-09-24 18:02 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-01 22:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2005-10-20 06:07 184320 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-10-12 05:36 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2005-12-01 09:20 69632 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/18/2012 4:16 PM 28552]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [4/10/2011 4:06 PM 5240168]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [12/5/2005 10:20 PM 14336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/19/2012 1:11 AM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/25/2012 10:57 AM 676936]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [8/29/2008 6:33 PM 835208]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [8/31/2011 1:41 AM 28256]
R3 DisplayLinkFilter;DisplayLinkFilter;c:\windows\system32\drivers\DisplayLinkFilter.sys [4/10/2011 4:07 PM 7296]
R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [4/10/2011 4:07 PM 27648]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [4/10/2011 4:07 PM 24448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/25/2012 10:57 AM 22856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [7/14/2009 9:48 PM 47360]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/5/2005 10:21 PM 28800]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [8/31/2011 1:41 AM 28256]
S3 NuVision;Hauppauge WinTV USB Pro (NTSC FM);c:\windows\system32\drivers\Nuvision.sys [9/14/2009 9:52 PM 260144]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-10-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} - hxxp://aolsvc.aol.com/onlinegames/free-trial-parking-dash/parkingdash.1.0.0.10.cab
FF - ProfilePath - c:\documents and settings\Go\Application Data\Mozilla\Firefox\Profiles\vf8zb5ir.default\
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1108)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(312)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenCASE\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
.
**************************************************************************
.
Completion time: 2012-10-31 17:04:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-31 21:04
ComboFix2.txt 2008-11-04 00:30
.
Pre-Run: 2,752,843,776 bytes free
Post-Run: 7,303,462,912 bytes free
.
- - End Of File - - 736F8041A7C63533FB14CEC618898A7A
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me know how the computer is behaving after this, you really should have an antivirus

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\windows\$NtUninstallKB16084$



Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#9
Grifftanen

Grifftanen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
ComboFix 12-10-31.03 - Go 10/31/2012 17:24:06.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1348 [GMT -4:00]
Running from: c:\documents and settings\Go\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Go\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Go\Application Data\inst.exe
c:\documents and settings\Go\Application Data\vso_ts_preview.xml
c:\windows\dasetup.log
c:\windows\EventSystem.log
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\Thumbs.db
c:\windows\$NtUninstallKB16084$ . . . . Failed to delete
.
.
((((((((((((((((((((((((( Files Created from 2012-09-28 to 2012-10-31 )))))))))))))))))))))))))))))))
.
.
2012-10-31 21:17 . 2011-08-17 13:49 138496 -c--a-w- c:\windows\system32\dllcache\afd.sys
2012-10-31 21:17 . 2011-08-17 13:49 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 03:15 . 2012-04-01 23:00 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-13 03:15 . 2011-05-16 14:04 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 23:54 . 2012-08-25 14:57 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-28 15:14 . 2005-12-06 02:20 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2005-12-06 02:20 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2005-12-06 02:20 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2005-12-06 02:20 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2005-12-06 02:20 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 17:01 . 2008-01-29 16:02 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 17:01 . 2008-01-29 16:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 13:29 . 2005-12-06 02:20 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2004-08-03 22:59 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-11-21 04:04 . 2011-12-11 19:08 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-08-05 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-08-05 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-08-05 114688]
"RTHDCPL"="RTHDCPL.EXE" [2005-08-09 14743552]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"Adobe Version Cue CS2"="c:\adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 856064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\itunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\documents and settings\Go\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\limewire\LimeWire.exe [2010-11-7 503808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 06:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-30 17:12 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:F *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2011-08-30 17:24 624056 ----a-w- c:\adobe\Acrobat 8.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 01:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 06:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Version Cue CS2]
2005-04-04 22:58 856064 ----a-w- c:\adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2004-11-18 03:47 118784 ----a-w- c:\program files\Apoint\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 12:51 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-28 01:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-06-12 02:51 53248 ----a-w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2008-10-05 03:24 235936 -c--a-w- c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 22:12 32768 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-10 03:30 421776 ----a-w- c:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
2003-07-15 16:36 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2003-09-24 18:02 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
2003-05-01 22:44 65536 ----a-w- c:\program files\Common Files\Roxio Shared\System\EngUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SonyPowerCfg]
2005-10-20 06:07 184320 ----a-w- c:\program files\Sony\VAIO Power Management\SPMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 17:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
2003-04-20 04:08 28672 ----a-w- c:\windows\SONYSYS\VAIO Recovery\PartSeal.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]
2005-10-12 05:36 151552 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOCameraUtility]
2005-12-01 09:20 69632 ----a-w- c:\program files\Sony\VAIO Camera Utility\VCUServe.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [3/18/2012 4:16 PM 28552]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [4/10/2011 4:06 PM 5240168]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [12/5/2005 10:20 PM 14336]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/19/2012 1:11 AM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/25/2012 10:57 AM 676936]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [8/29/2008 6:33 PM 835208]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [8/31/2011 1:41 AM 28256]
R3 DisplayLinkFilter;DisplayLinkFilter;c:\windows\system32\drivers\DisplayLinkFilter.sys [4/10/2011 4:07 PM 7296]
R3 DisplayLinkGA;DisplayLinkGA;c:\windows\system32\drivers\DisplayLinkGAport.sys [4/10/2011 4:07 PM 27648]
R3 DisplayLinkmirror;DisplayLinkmirror;c:\windows\system32\drivers\DisplayLinkmirrorport.sys [4/10/2011 4:07 PM 24448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/25/2012 10:57 AM 22856]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [7/14/2009 9:48 PM 47360]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [12/5/2005 10:21 PM 28800]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [8/31/2011 1:41 AM 28256]
S3 NuVision;Hauppauge WinTV USB Pro (NTSC FM);c:\windows\system32\drivers\Nuvision.sys [9/14/2009 9:52 PM 260144]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys --> c:\windows\system32\DRIVERS\sxuptp.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-10-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {F135A813-7152-4532-AC8D-28AC2136DFC7} - hxxp://aolsvc.aol.com/onlinegames/free-trial-parking-dash/parkingdash.1.0.0.10.cab
FF - ProfilePath - c:\documents and settings\Go\Application Data\Mozilla\Firefox\Profiles\vf8zb5ir.default\
.
.
**************************************************************************
.
disk not found C:\
.
please note that you need administrator rights to perform deep scan
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1104)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(3444)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\DisplayLink Core Software\DisplayLinkUI.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\OpenCASE\OpenCASE Media Agent\PandoBinaries\NBCPandoREST.exe
.
**************************************************************************
.
Completion time: 2012-10-31 17:54:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-31 21:54
ComboFix2.txt 2012-10-31 21:04
ComboFix3.txt 2008-11-04 00:30
.
Pre-Run: 7,361,716,224 bytes free
Post-Run: 7,360,217,088 bytes free
.
- - End Of File - - 57ADA7503B22CC80E7CF3CC587C81F0F
  • 0

#10
Grifftanen

Grifftanen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Seemingly running much better, thanks. I haven't had a redirect pop-up since the first ComboFix completed.
  • 0

Advertisements


#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Lets have a look for orphans now

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#12
Grifftanen

Grifftanen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.31.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Go :: ICE [administrator]

10/31/2012 6:40:30 PM
mbam-log-2012-10-31 (18-40-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 230978
Time elapsed: 7 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SYSTEM\CurrentControlSet\Services\redbook (Rootkit.0Access) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\system32\drivers\redbook.sys (Rootkit.0Access) -> Quarantined and deleted successfully.

(end)
  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any outstanding problems ?
  • 0

#14
Grifftanen

Grifftanen

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Seems to be ok. Thanks so much for your help.
  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP