Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FBI Virus Moneypak [Closed] [Solved]

Started by arkman , Mar 04 2013 09:05 AM

  • This topic is locked This topic is locked

#16
Essexboy
Posted 28 May 2013 - 12:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a bit of zero access to kill and some repairs to do

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
[2013/02/21 11:05:45 | 000,002,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\6949804.js
[2012/04/09 23:41:45 | 000,711,240 | ---- | C] () -- C:\WINDOWS\is-7UA4F.exe

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

Advertisements

#17
arkman
Posted 28 May 2013 - 01:41 PM

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
OTL logfile created on: 5/28/2013 2:55:40 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Tallg\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 683.88 Mb Available Physical Memory | 66.92% Memory free
2.40 Gb Paging File | 2.19 Gb Available in Paging File | 91.22% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.52 Gb Total Space | 4.01 Gb Free Space | 5.86% Space Free | Partition Type: NTFS

Computer Name: CHOMPER | User Name: Tallg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/28 13:54:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tallg\Desktop\OTL.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/13 13:22:20 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/04/13 16:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/02/28 17:29:54 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2006/02/28 17:25:48 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/02/28 17:25:20 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/02/28 17:22:50 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/02/22 21:10:16 | 001,354,240 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\menusw.exe
PRC - [2006/02/14 15:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/12/27 16:58:10 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005/10/12 00:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2004/11/17 23:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 12:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/29 16:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2006/02/28 17:39:02 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/02/28 17:39:02 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/28 17:39:02 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/02/13 17:15:04 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/11/28 19:45:50 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony\VAIO Camera Utility\VCULib.dll
MOD - [2005/05/20 20:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\filterservice.dll -- (wkscfgsrv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\NetwareWorkstation.dll -- (W2acehid)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (vproeventmonitor)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wg5n.dll -- (vmnetbridge)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wg6n.dll -- (vmkbd2)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\camdrl.dll -- (Via4in1)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\winachcf.dll -- (uisp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sit_flt.dll -- (U2SP)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\w550mdfl.dll -- (twdns)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\CnxTrUsb.dll -- (T6963C)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\bocdrive.dll -- (susbser)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ATMsg.dll -- (stunnel)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\RioS30.dll -- (ssoftservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\MRESP50a64.dll -- (SQLAgent$LG_LP2)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\oracleorahome92tnslistener.dll -- (sisagp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\regmanserv.dll -- (SimpTcp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\JiaoCap.dll -- (Si3132)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\USBDeviceService.dll -- (SED133x)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\spooler.dll -- (se58bus)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\aniwzcsdservice.dll -- (se44nd5)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wdmaud.dll -- (SDdriver)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\vpcvmm.dll -- (SbieDrv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SABSVC.dll -- (s7otranx)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\GameConsoleService.dll -- (s117mgmt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\es1371.dll -- (rismxdp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\icm10blk.dll -- (revudfservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}.dll -- (rdpdr)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\elnkservice.dll -- (rasirda)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\vpcbus.dll -- (ramaint)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\dimension4.dll -- (qbposdbservices)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hpdj.dll -- (pxfhmdfl)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sentinel.dll -- (PSDNServ)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\s125obex.dll -- (profos)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sentinel.dll -- (pptchpad)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tdrpman.dll -- (pdlnshay)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ipcsvc.dll -- (pcx1nd5)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\houdiniserver.dll -- (oracleorahome92tnslistener)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\klif.dll -- (omsad)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tosrfnds.dll -- (ntuneservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\S3GIGP.dll -- (ntcharge)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ASLDRService.dll -- (nmservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cdrbsdrv.dll -- (nisum)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\AlteraByteBlaster.dll -- (NICSer_WPC54G)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ceepwrsvc.dll -- (netmdsb)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\HIDSwvd.dll -- (MXOFX)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (msmframework)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\F700iob.dll -- (msi_wlan_service)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\EIO.dll -- (mi-raysat_3dsMax2008_32)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cdr4_xp.dll -- (meraksmtp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\motmodem.dll -- (MaVctrl)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SndTDriverV32.dll -- (ma_cmidi_installerservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\nsysaudm.dll -- (lsdiorw)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hpgate.dll -- (LKbdFlt2)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\personalsecuredriveservice.dll -- (lhidusb)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\WinDriver6.dll -- (k750mgmt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\fireport.dll -- (ispwdsvc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\fsma.dll -- (irda)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pca.dll -- (ihcservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\emAudio.dll -- (GoogleDesktopManager-010708-104812)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\haspnt.dll -- (filterservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\PcdrNt.dll -- (EUSBMSD)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\se59mdfl.dll -- (emupia)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pcandis5.dll -- (ELmon)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\w800obex.dll -- (EIO_XP)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pdiddcci.dll -- (dvpapi)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hclinetd.dll -- (DcFpoint)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ggsemc.dll -- (db2jds)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\MobilePreInstallerService.dll -- (cxlpt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\isapisearch.dll -- (ctprxy2k)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tnbrlds.dll -- (cpqdfw)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\RalinkRegistryWriter.dll -- (Cardex)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cercsr6.dll -- (cachemanxp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cwcwdm.dll -- (btwaudio)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\asuskeyboardservice.dll -- (bthmodem)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\o2flash.dll -- (bt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ntiopnp.dll -- (avipbb)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cicsclient.dll -- (avidsdmservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SilverLink.dll -- (avc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\XilinxPC4Driver.dll -- (aslm75)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\nla.dll -- (ASDR)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\gameenum.dll -- (arrayssl_vpn_service3,0,1,9)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/11 15:33:12 | 000,200,704 | ---- | M] (SoundMovieServer) [Disabled | Stopped] -- C:\WINDOWS\system32\snmvtsvc.exe -- (SoundMovieServer)
SRV - [2006/06/13 11:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 12:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 13:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2006/05/18 13:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2006/04/27 20:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 20:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 20:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 16:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SonyPI.sys -- (SPI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\DMICall.sys -- (DMICall)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\AegisP.sys -- (AegisP)
DRV - [2013/02/18 01:41:03 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 17:55:50 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/05/16 20:53:00 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/14 03:54:08 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/14 03:54:08 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/11 15:05:18 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2008/11/11 15:05:16 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/07/17 23:22:20 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/24 15:46:00 | 000,808,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/04/13 20:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/03/16 10:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 10:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - [2006/03/06 22:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/28 18:35:56 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/02/26 07:43:00 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/02/24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/22 21:13:12 | 000,013,440 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/02/22 21:13:04 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/02/10 11:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/08 17:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/29 03:28:08 | 000,055,680 | ---- | M] (Micro Vision Co.,Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mvc25U870.sys -- (Mvc25U870_VID_1262&PID_25FD)
DRV - [2005/11/21 18:06:02 | 000,009,216 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\shpf.sys -- (shpf)
DRV - [2005/11/17 13:40:00 | 001,076,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/21 15:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/17 12:43:00 | 000,241,408 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/25 09:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RMClock\RTCore32.sys -- (RTCore32)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{840EC0F1-817C-4457-9474-DF761719D960}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Tallg\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Tallg\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Tallg\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Tallg\Local Settings\Application Data\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)


[2010/05/16 12:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/05/28 14:39:19 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Biomenu] C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: westlaw.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{562E49FA-4568-466F-8F14-F0EBE8503C89}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\psfus: DllName - (fusstub.dll) - C:\WINDOWS\System32\fusstub.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tallg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tallg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/21 21:45:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/28 17:58:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tallg\Desktop\OTL.exe
[2013/05/28 14:39:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/28 14:35:06 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Tallg\My Documents\My Safe
[2013/05/28 12:22:31 | 000,000,000 | ---D | C] -- C:\FRST
[2009/03/21 13:19:36 | 007,522,240 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.7.exe
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/28 17:59:22 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/28 17:59:22 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/28 14:55:13 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/05/28 14:55:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/28 14:54:56 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/28 14:40:52 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006UA.job
[2013/05/28 14:40:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006Core.job
[2013/05/28 14:39:19 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2013/05/28 14:34:59 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/28 13:54:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tallg\Desktop\OTL.exe

========== Files Created - No Company Name ==========

[2012/04/11 00:24:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/17 00:10:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 01:06:46 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-FQ1CT.exe
[2011/08/19 12:35:39 | 000,162,784 | ---- | C] () -- C:\WINDOWS\hpoins29.dat.temp
[2011/08/19 12:35:39 | 000,000,799 | ---- | C] () -- C:\WINDOWS\hpomdl29.dat.temp
[2010/11/27 17:22:34 | 000,002,114 | ---- | C] () -- C:\Documents and Settings\Tallg\Application Data\SAS7_000.DAT
[2010/05/17 10:40:26 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\All Users\msrecovery.cfc
[2008/01/02 17:27:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/15 04:29:37 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Tallg\Application Data\wklnhst.dat
[2006/10/15 01:53:53 | 000,062,976 | ---- | C] () -- C:\Documents and Settings\Tallg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/14 23:52:50 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Tallg\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2013/02/15 13:00:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB61707$\1174779662\L
[2013/02/18 00:28:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB61707$\1174779662\U
[2013/02/17 23:57:48 | 000,000,804 | ---- | M] () -- C:\WINDOWS\$NtUninstallKB61707$\1174779662\L\00000004.@
[2006/07/22 14:12:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/03/21 16:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/06 20:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/11/27 15:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2006/10/15 02:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2012/02/04 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Examsoft
[2006/10/15 02:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/08/27 09:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/07/07 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/30 04:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2011/08/24 20:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/11/02 16:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2009/05/13 07:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2009/05/13 07:45:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
[2009/11/09 22:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/09 11:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/19 02:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/22 21:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/10/15 03:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Aim
[2013/01/29 13:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Azureus
[2010/11/27 15:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\DAEMON Tools Lite
[2009/02/16 19:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\ICAClient
[2006/11/04 00:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\InterVideo
[2006/10/15 02:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Leadertech
[2009/06/22 14:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\LimeWire
[2010/08/27 09:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\NCH Swift Sound
[2010/11/27 15:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Nuance
[2009/12/24 20:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\PPLiveVA
[2006/10/14 23:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Protector Suite
[2009/03/23 09:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\SMART Technologies
[2009/03/18 09:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\SMART Technologies Inc
[2007/12/21 17:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Snapfish
[2007/03/18 18:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Template
[2010/06/01 13:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\ThomsonWest
[2007/02/16 23:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Viewpoint
[2010/08/03 17:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\WinPatrol

========== Purity Check ==========



< End of report >




ComboFix 13-05-28.02 - Tallg 05/28/2013 15:12:04.10.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.732 [GMT -4:00]
Running from: c:\documents and settings\Tallg\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-28 )))))))))))))))))))))))))))))))
.
.
2013-05-28 18:39 . 2013-05-28 18:39 -------- d-----w- C:\_OTL
2013-05-28 16:22 . 2013-05-28 16:22 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 17:19 . 2009-03-21 17:19 7522240 ----a-w- c:\program files\Firefox Setup 3.0.7.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 20:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11 39936 ----a-w- c:\windows\system32\fusstub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 21:12 32768 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"=
"c:\\Documents and Settings\\Tallg\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.scr"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/21/2006 9:31 PM 9216]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 68168]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/14/2012 12:59 AM 398184]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/21/2006 9:31 PM 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/31/2011 11:51 PM 21104]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [8/24/2011 10:08 PM 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [8/24/2011 10:08 PM 3768]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/21/2006 9:31 PM 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/21/2006 9:31 PM 808448]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/31/2011 11:52 PM 682344]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/18/2013 1:41 AM 40776]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [9/17/2009 7:03 PM 4608]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys --> c:\windows\system32\DRIVERS\SonyPI.sys [?]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [8/24/2011 10:08 PM 200704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006Core.job
- c:\documents and settings\Tallg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006UA.job
- c:\documents and settings\Tallg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: westlaw.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{562E49FA-4568-466F-8F14-F0EBE8503C89}: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-58276266.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-28 15:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0b\03\02\0421n"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(952)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\config.dll
.
Completion time: 2013-05-28 15:27:19
ComboFix-quarantined-files.txt 2013-05-28 19:27
.
Pre-Run: 4,259,966,976 bytes free
Post-Run: 4,353,146,880 bytes free
.
- - End Of File - - B8867EE73E420DC2E9348D74207011DA



Everything seems to be working fine. Not sure if it matters but the screen hung at "Windows is shutting down" on the reboot. Ended up having to reboot it by holding down the power button...
  • 0

#18
Essexboy
Posted 28 May 2013 - 03:24 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now do one further reboot and let me know how it is behaving
  • 0

#19
arkman
Posted 28 May 2013 - 03:36 PM

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Shut perfectly the next two times. I think everything is ok. Thank you!
  • 0

#20
Essexboy
Posted 28 May 2013 - 03:38 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#21
Essexboy
Posted 01 June 2013 - 06:05 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#22
Essexboy
Posted 10 September 2013 - 08:01 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#23
arkman
Posted 10 September 2013 - 10:16 AM

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-09-2013
Ran by SYSTEM on REATOGO on 10-09-2013 14:14:11
Running from X:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-12-17] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2005-12-17] (Intel Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [118784 2004-11-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718 2006-02-28] (Intel Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182 2006-02-28] (Intel Corporation)
HKLM\...\Run: [EOUApp] - C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [569413 2006-02-28] (Intel Corporation)
HKLM\...\Run: [SonyPowerCfg] - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [217088 2006-06-13] (Sony Corporation)
HKLM\...\Run: [VAIO Update 2] - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [151552 2005-10-12] (Sony Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [7561216 2006-06-20] (NVIDIA Corporation)
HKLM\...\Run: [Biomenu] - C:\Program Files\Protector Suite QL\menusw.exe [1354240 2006-02-22] (UPEK Inc.)
HKLM\...\Run: [Switcher.exe] - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [176128 2006-02-14] (Sony Corporation)
HKLM\...\Run: [VAIO Recovery] - C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [28672 2003-04-20] (Sony Electronics Inc)
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [323976 2010-05-31] (BillP Studios)
HKLM\...\Run: [ISBMgr.exe] - C:\Program Files\Sony\ISB Utility\ISBMgr.exe [32768 2004-02-20] (Sony Corporation)
HKLM\...\Run: [VAIOCameraUtility] - C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe [69632 2005-12-27] (Sony Corporation)
HKLM\...\Run: [DisplaySwitch] - C:\Documents and Settings\Tallg\Templates\securitywindrv.exe [55808 2013-08-28] (Hilgraeve, Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\psfus: fusstub.dll (UPEK Inc.)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 323
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [HonorAutoRunSetting] 1
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 67108863
HKLM\...\Policies\Explorer: [NoDrives] 0
HKU\Tallg\...\Run: [SsAAD.exe] - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [ 2006-05-08] ()
HKU\Tallg\...\Run: [Google Update] - C:\Documents and Settings\Tallg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [ 2010-06-30] (Google Inc.)
HKU\Tallg\...\Run: [Adobe CSS5.1 Manager] - C:\Documents and Settings\Tallg\Local Settings\Application Data\7028ac83-8829-47e0-873d-9d089686e621ad\aceddead.exe [ 2013-08-28] () <===== ATTENTION
HKU\Tallg\...\Policies\Explorer\Run: [aceddead] - C:\Documents and Settings\Tallg\Local Settings\Application Data\7028ac83-8829-47e0-873d-9d089686e621ad\aceddead.exe [ 2013-08-28] ()

========================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2007-12-13] ()
S3 Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [32768 2005-07-14] (Sony Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2006-02-28] (Intel Corporation )
S4 SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [200704 2008-11-11] (SoundMovieServer)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2006-04-27] (Sony Corporation)
S2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [176128 2006-04-13] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2084864 2006-06-13] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [770048 2006-05-18] (Sony Corporation)
S4 arrayssl_vpn_service3,0,1,9; %systemroot%\system32\gameenum.dll [x]
S4 ASDR; %systemroot%\system32\nla.dll [x]
S4 aslm75; %systemroot%\system32\XilinxPC4Driver.dll [x]
S4 avc; %systemroot%\system32\SilverLink.dll [x]
S4 avidsdmservice; %systemroot%\system32\cicsclient.dll [x]
S4 avipbb; %systemroot%\system32\ntiopnp.dll [x]
S4 bt; %systemroot%\system32\o2flash.dll [x]
S4 bthmodem; %systemroot%\system32\asuskeyboardservice.dll [x]
S4 btwaudio; %systemroot%\system32\cwcwdm.dll [x]
S4 cachemanxp; %systemroot%\system32\cercsr6.dll [x]
S4 Cardex; %systemroot%\system32\RalinkRegistryWriter.dll [x]
S4 cpqdfw; %systemroot%\system32\tnbrlds.dll [x]
S4 ctprxy2k; %systemroot%\system32\isapisearch.dll [x]
S4 cxlpt; %systemroot%\system32\MobilePreInstallerService.dll [x]
S4 db2jds; %systemroot%\system32\ggsemc.dll [x]
S4 DcFpoint; %systemroot%\system32\hclinetd.dll [x]
S4 dvpapi; %systemroot%\system32\pdiddcci.dll [x]
S4 EIO_XP; %systemroot%\system32\w800obex.dll [x]
S4 ELmon; %systemroot%\system32\pcandis5.dll [x]
S4 emupia; %systemroot%\system32\se59mdfl.dll [x]
S4 EUSBMSD; %systemroot%\system32\PcdrNt.dll [x]
S4 filterservice; %systemroot%\system32\haspnt.dll [x]
S4 GoogleDesktopManager-010708-104812; %systemroot%\system32\emAudio.dll [x]
S4 ihcservice; %systemroot%\system32\pca.dll [x]
S4 irda; %systemroot%\system32\fsma.dll [x]
S4 ispwdsvc; %systemroot%\system32\fireport.dll [x]
S4 k750mgmt; %systemroot%\system32\WinDriver6.dll [x]
S4 lhidusb; %systemroot%\system32\personalsecuredriveservice.dll [x]
S4 LKbdFlt2; %systemroot%\system32\hpgate.dll [x]
S4 lsdiorw; %systemroot%\system32\nsysaudm.dll [x]
S4 MaVctrl; %systemroot%\system32\motmodem.dll [x]
S4 ma_cmidi_installerservice; %systemroot%\system32\SndTDriverV32.dll [x]
S4 meraksmtp; %systemroot%\system32\cdr4_xp.dll [x]
S4 mi-raysat_3dsMax2008_32; %systemroot%\system32\EIO.dll [x]
S4 msi_wlan_service; %systemroot%\system32\F700iob.dll [x]
S4 msmframework; %systemroot%\system32\WD_FireWire_HID.dll [x]
S4 MXOFX; %systemroot%\system32\HIDSwvd.dll [x]
S4 netmdsb; %systemroot%\system32\ceepwrsvc.dll [x]
S4 NICSer_WPC54G; %systemroot%\system32\AlteraByteBlaster.dll [x]
S4 nisum; %systemroot%\system32\cdrbsdrv.dll [x]
S4 nmservice; %systemroot%\system32\ASLDRService.dll [x]
S4 ntcharge; %systemroot%\system32\S3GIGP.dll [x]
S4 ntuneservice; %systemroot%\system32\tosrfnds.dll [x]
S4 omsad; %systemroot%\system32\klif.dll [x]
S4 oracleorahome92tnslistener; %systemroot%\system32\houdiniserver.dll [x]
S4 pcx1nd5; %systemroot%\system32\ipcsvc.dll [x]
S4 pdlnshay; %systemroot%\system32\tdrpman.dll [x]
S4 pptchpad; %systemroot%\system32\sentinel.dll [x]
S4 profos; %systemroot%\system32\s125obex.dll [x]
S4 PSDNServ; %systemroot%\system32\sentinel.dll [x]
S4 pxfhmdfl; %systemroot%\system32\hpdj.dll [x]
S4 qbposdbservices; %systemroot%\system32\dimension4.dll [x]
S4 ramaint; %systemroot%\system32\vpcbus.dll [x]
S4 rasirda; %systemroot%\system32\elnkservice.dll [x]
S4 rdpdr; %systemroot%\system32\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}.dll [x]
S4 revudfservice; %systemroot%\system32\icm10blk.dll [x]
S4 rismxdp; %systemroot%\system32\es1371.dll [x]
S4 s117mgmt; %systemroot%\system32\GameConsoleService.dll [x]
S4 s7otranx; %systemroot%\system32\SABSVC.dll [x]
S4 SbieDrv; %systemroot%\system32\vpcvmm.dll [x]
S4 SDdriver; %systemroot%\system32\wdmaud.dll [x]
S4 se44nd5; %systemroot%\system32\aniwzcsdservice.dll [x]
S4 se58bus; %systemroot%\system32\spooler.dll [x]
S4 SED133x; %systemroot%\system32\USBDeviceService.dll [x]
S4 Si3132; %systemroot%\system32\JiaoCap.dll [x]
S4 SimpTcp; %systemroot%\system32\regmanserv.dll [x]
S4 sisagp; %systemroot%\system32\oracleorahome92tnslistener.dll [x]
S4 SQLAgent$LG_LP2; %systemroot%\system32\MRESP50a64.dll [x]
S4 ssoftservice; %systemroot%\system32\RioS30.dll [x]
S4 stunnel; %systemroot%\system32\ATMsg.dll [x]
S4 susbser; %systemroot%\system32\bocdrive.dll [x]
S4 T6963C; %systemroot%\system32\CnxTrUsb.dll [x]
S4 twdns; %systemroot%\system32\w550mdfl.dll [x]
S4 U2SP; %systemroot%\system32\sit_flt.dll [x]
S4 uisp; %systemroot%\system32\winachcf.dll [x]
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
S4 Via4in1; %systemroot%\system32\camdrl.dll [x]
S4 vmkbd2; %systemroot%\system32\wg6n.dll [x]
S4 vmnetbridge; %systemroot%\system32\wg5n.dll [x]
S4 vproeventmonitor; %systemroot%\system32\WD_FireWire_HID.dll [x]
S4 W2acehid; %systemroot%\system32\NetwareWorkstation.dll [x]
S4 wkscfgsrv; %systemroot%\system32\filterservice.dll [x]

==================== Drivers (Whitelisted) ====================

S2 FdRedir; C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [13440 2006-02-22] (UPEK Inc.)
S2 FileDisk2; C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [33024 2006-02-22] (UPEK Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-01-25] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-01-25] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [202112 2005-10-18] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [998656 2005-10-18] (Conexant Systems, Inc.)
S3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [36352 2005-10-21] (Infineon Technologies AG)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-09-04] (Malwarebytes Corporation)
S3 Mvc25U870_VID_1262&PID_25FD; C:\Windows\System32\Drivers\Mvc25U870.sys [55680 2005-12-29] (Micro Vision Co.,Ltd)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 RTCore32; C:\Program Files\RMClock\RTCore32.sys [4608 2005-05-25] ()
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [13568 2006-02-28] (Intel Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-03-14] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-03-14] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [68168 2010-05-16] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 shpf; C:\Windows\System32\DRIVERS\shpf.sys [9216 2005-11-21] (Sony Corporation)
S3 SndTVideo; C:\Windows\System32\DRIVERS\SndTVideo.sys [3768 2008-11-11] (Windows ® 2000 DDK provider)
S3 SonyImgF; C:\Windows\System32\DRIVERS\SonyImgF.sys [30080 2006-03-06] (Sony Corporation)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1076472 2005-11-17] (SigmaTel, Inc.)
S2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2007-07-17] (Symantec Corporation)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2011-07-22] (RapidSolution Software AG)
S3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [808448 2007-01-24] (Texas Instruments)
S3 w39n51; C:\Windows\System32\DRIVERS\w39n51.sys [1428480 2006-02-26] (Intel® Corporation)
S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [241408 2005-10-17] (Marvell)
S2 AegisP; system32\DRIVERS\AegisP.sys [x]
S5 AppMgmt; C:\Windows\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\Tallg\LOCALS~1\Temp\catchme.sys [x]
S1 DMICall; system32\DRIVERS\DMICall.sys [x]
S3 HPZipr12; system32\DRIVERS\HPZipr12.sys [x]
S3 ialm; system32\DRIVERS\ialmnt5.sys [x]
S4 IntelIde; No ImagePath
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SPI; system32\DRIVERS\SonyPI.sys [x]
S3 TlntSvr;
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-04 23:30 - 2013-09-04 23:29 - 00090112 _____ C:\Windows\Minidump\Mini090413-01.dmp
2013-08-30 10:31 - 2013-09-04 21:20 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-08-30 10:26 - 2013-08-30 10:27 - 00005367 _____ C:\Windows\KB2834904-v2.log
2013-08-30 10:26 - 2013-08-30 10:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2834904-v2_WM11$
2013-08-30 10:24 - 2013-08-30 10:24 - 00090112 _____ C:\Windows\Minidump\Mini083013-01.dmp
2013-08-30 10:24 - 2013-08-30 10:24 - 00000000 __RSD C:\Documents and Settings\Tallg\My Documents\My Safe
2013-08-28 21:37 - 2013-08-28 21:37 - 00105984 _____ C:\Documents and Settings\Tallg\jucheck.exe
2013-08-28 21:37 - 2013-08-28 21:37 - 00000000 ____D C:\Documents and Settings\Tallg\Local Settings\Application Data\7028ac83-8829-47e0-873d-9d089686e621ad
2013-08-28 21:37 - 2013-08-28 21:37 - 00000000 _____ C:\Documents and Settings\Tallg\vlcplayer.exe
2013-08-28 21:37 - 2013-08-28 21:37 - 00000000 _____ C:\Documents and Settings\Tallg\icq.exe
2013-08-21 09:51 - 2013-08-21 09:42 - 41515127 _____ C:\Documents and Settings\Tallg\Desktop\2151455[1].flv
2013-08-21 09:44 - 2013-08-21 09:42 - 45967471 _____ C:\Documents and Settings\Tallg\Desktop\2151382[1].flv
2013-08-20 09:56 - 2013-08-20 09:57 - 00016315 _____ C:\Windows\KB2862772-IE8.log
2013-08-20 09:51 - 2013-08-20 09:51 - 00007641 _____ C:\Windows\KB2863058.log
2013-08-20 09:51 - 2013-08-20 09:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2863058$
2013-08-20 09:51 - 2013-08-20 09:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2859537$
2013-08-20 09:51 - 2013-08-20 09:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2850869$
2013-08-20 09:49 - 2013-08-20 09:49 - 00000000 __HDC C:\Windows\$NtUninstallKB2849470$
2013-08-14 08:58 - 2013-08-20 09:51 - 00013819 _____ C:\Windows\KB2850869.log
2013-08-14 08:57 - 2013-08-20 09:51 - 00014634 _____ C:\Windows\KB2859537.log

==================== One Month Modified Files and Folders =======

2013-09-05 01:02 - 2006-07-21 21:44 - 01640324 _____ C:\Windows\WindowsUpdate.log
2013-09-05 01:01 - 2011-08-26 20:18 - 00869924 _____ C:\Windows\setupapi.log
2013-09-05 01:01 - 2006-07-22 14:53 - 00050868 _____ C:\Windows\System32\nvapps.xml
2013-09-05 01:01 - 2006-07-21 14:41 - 00000159 _____ C:\Windows\wiadebug.log
2013-09-05 01:01 - 2006-07-21 14:41 - 00000048 _____ C:\Windows\wiaservc.log
2013-09-05 00:46 - 2013-09-05 00:46 - 00062152 _____ C:\OTL.Txt
2013-09-04 23:29 - 2013-09-04 23:30 - 00090112 _____ C:\Windows\Minidump\Mini090413-01.dmp
2013-09-04 21:20 - 2013-08-30 10:31 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-09-04 21:19 - 2006-07-21 21:31 - 00001158 _____ C:\Windows\System32\wpa.dbl
2013-08-30 10:27 - 2013-08-30 10:26 - 00005367 _____ C:\Windows\KB2834904-v2.log
2013-08-30 10:27 - 2013-08-30 10:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2834904-v2_WM11$
2013-08-30 10:27 - 2006-07-21 14:37 - 02699999 _____ C:\Windows\FaxSetup.log
2013-08-30 10:27 - 2006-07-21 14:37 - 01275346 _____ C:\Windows\ocgen.log
2013-08-30 10:27 - 2006-07-21 14:37 - 01020905 _____ C:\Windows\tsoc.log
2013-08-30 10:27 - 2006-07-21 14:37 - 00895304 _____ C:\Windows\comsetup.log
2013-08-30 10:27 - 2006-07-21 14:37 - 00541094 _____ C:\Windows\ntdtcsetup.log
2013-08-30 10:27 - 2006-07-21 14:37 - 00424202 _____ C:\Windows\iis6.log
2013-08-30 10:27 - 2006-07-21 14:37 - 00147036 _____ C:\Windows\ocmsn.log
2013-08-30 10:27 - 2006-07-21 14:37 - 00132967 _____ C:\Windows\msgsocm.log
2013-08-30 10:27 - 2006-07-21 14:37 - 00001374 _____ C:\Windows\imsins.log
2013-08-30 10:24 - 2013-08-30 10:24 - 00090112 _____ C:\Windows\Minidump\Mini083013-01.dmp
2013-08-30 10:24 - 2013-08-30 10:24 - 00000000 __RSD C:\Documents and Settings\Tallg\My Documents\My Safe
2013-08-30 10:24 - 2010-10-05 01:37 - 00000000 ____D C:\Windows\Minidump
2013-08-28 21:37 - 2013-08-28 21:37 - 00105984 _____ C:\Documents and Settings\Tallg\jucheck.exe
2013-08-28 21:37 - 2013-08-28 21:37 - 00000000 ____D C:\Documents and Settings\Tallg\Local Settings\Application Data\7028ac83-8829-47e0-873d-9d089686e621ad
2013-08-28 21:37 - 2013-08-28 21:37 - 00000000 _____ C:\Documents and Settings\Tallg\vlcplayer.exe
2013-08-28 21:37 - 2013-08-28 21:37 - 00000000 _____ C:\Documents and Settings\Tallg\icq.exe
2013-08-27 11:32 - 2009-10-06 17:20 - 00000000 ____D C:\Documents and Settings\Tallg\Application Data\vlc
2013-08-22 11:32 - 2006-07-21 21:47 - 00032546 _____ C:\Windows\SchedLgU.Txt
2013-08-22 11:31 - 2006-10-14 23:52 - 00000178 ___SH C:\Documents and Settings\Tallg\ntuser.ini
2013-08-22 10:23 - 2006-07-22 14:11 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-21 09:42 - 2013-08-21 09:51 - 41515127 _____ C:\Documents and Settings\Tallg\Desktop\2151455[1].flv
2013-08-21 09:42 - 2013-08-21 09:44 - 45967471 _____ C:\Documents and Settings\Tallg\Desktop\2151382[1].flv
2013-08-20 09:57 - 2013-08-20 09:56 - 00016315 _____ C:\Windows\KB2862772-IE8.log
2013-08-20 09:57 - 2006-07-22 13:39 - 00358405 _____ C:\Windows\updspapi.log
2013-08-20 09:57 - 2006-07-21 14:37 - 00001374 _____ C:\Windows\imsins.BAK
2013-08-20 09:56 - 2009-06-20 12:47 - 00000000 ____D C:\Windows\ie8updates
2013-08-20 09:55 - 2013-07-30 16:57 - 00000000 ____D C:\Windows\System32\MRT
2013-08-20 09:52 - 2009-11-11 11:59 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-20 09:51 - 2013-08-20 09:51 - 00007641 _____ C:\Windows\KB2863058.log
2013-08-20 09:51 - 2013-08-20 09:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2863058$
2013-08-20 09:51 - 2013-08-20 09:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2859537$
2013-08-20 09:51 - 2013-08-20 09:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2850869$
2013-08-20 09:51 - 2013-08-14 08:58 - 00013819 _____ C:\Windows\KB2850869.log
2013-08-20 09:51 - 2013-08-14 08:57 - 00014634 _____ C:\Windows\KB2859537.log
2013-08-20 09:51 - 2007-02-17 01:53 - 00662552 _____ C:\Windows\System32\TZLog.log
2013-08-20 09:49 - 2013-08-20 09:49 - 00000000 __HDC C:\Windows\$NtUninstallKB2849470$
2013-08-20 09:47 - 2006-07-21 14:37 - 00502576 _____ C:\Windows\System32\PerfStringBackup.INI

Files to move or delete:
====================
C:\Documents and Settings\Tallg\Local Settings\Application Data\7028ac83-8829-47e0-873d-9d089686e621ad\aceddead.exe
C:\Documents and Settings\Tallg\icq.exe
C:\Documents and Settings\Tallg\jucheck.exe
C:\Documents and Settings\Tallg\vlcplayer.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\csrssr.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\GLF10.EXE
C:\Documents and Settings\Tallg\Local Settings\Temp\vlc-2.0.6-win32.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\{77E59630-BE2B-47F7-93F3-8F749E2A2A72}\InstallFlashPlayer.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\e4j28.tmp_dir1374671142\i4jdel.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\WSSU\Setup.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\VES\Setup.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\VCU\Setup.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\SUS\Setup.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\SnyUtils\Setup.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\LSU\Setup.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\BattChk\Setup.exe
C:\Windows\Tasks\{2EE01527-F854-4F30-9E43-445BB07AA1E4}.job

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-08-30 10:26 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP375

RP: -> 2013-08-28 20:55 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP374

RP: -> 2013-08-27 11:18 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP373

RP: -> 2013-08-22 10:02 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP372

RP: -> 2013-08-21 09:39 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP371

RP: -> 2013-08-20 09:42 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP370

RP: -> 2013-08-14 08:48 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP369

RP: -> 2013-08-08 08:58 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP368

RP: -> 2013-08-07 08:54 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP367

RP: -> 2013-08-02 12:31 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP366

RP: -> 2013-08-01 08:57 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP365

RP: -> 2013-07-31 17:05 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP364

RP: -> 2013-07-30 16:54 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP363

RP: -> 2013-07-27 20:00 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP362

RP: -> 2013-07-27 17:38 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP361

RP: -> 2013-07-27 17:16 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP360

RP: -> 2013-07-25 12:32 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP359

RP: -> 2013-07-24 09:57 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP358

RP: -> 2013-07-24 08:59 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP357

RP: -> 2013-07-22 20:03 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP356

RP: -> 2013-07-22 09:17 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP355

RP: -> 2013-07-19 09:04 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP354

RP: -> 2013-07-17 21:32 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP353

RP: -> 2013-07-14 17:30 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP352

RP: -> 2013-07-13 21:29 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP351


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 1021.98 MB
Available physical RAM: 809.37 MB
Total Pagefile: 905.55 MB
Available Pagefile: 830 MB
Total Virtual: 2047.88 MB
Available Virtual: 1992.97 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:68.52 GB) (Free:1.47 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive x: (ReatogoPE) (Removable) (Total:7.32 GB) (Free:6.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 26EA8E76)
Partition 1: (Not Active) - (Size=6 GB) - (Type=12)
Partition 2: (Active) - (Size=69 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 0192BBD7)
No partition Table on disk 1.

==================== End Of Log ============================
  • 0

#24
Essexboy
Posted 10 September 2013 - 10:58 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A different version this time

Download the attached fixlist.txt to the same location as FRST
[attachment=66436:fixlist.txt]
Run FRST as before and press Fix
On completion boot to normal mode and run the following :

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#25
arkman
Posted 10 September 2013 - 07:17 PM

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi Essexboy,

I ran the fixlist.txt in FRST and rebooted into normal mode. However, when attempting to run OTL the FBI moneypak screen popped up? Thanks!
  • 0

Advertisements

#26
arkman
Posted 10 September 2013 - 07:34 PM

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
This was fixlog.txt that saved on the USB...

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 05-09-2013
Ran by SYSTEM at 2013-09-11 09:11:10 Run:7
Running from X:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Tallg\...\Run: [Adobe CSS5.1 Manager] - C:\Documents and Settings\Tallg\Local Settings\Application Data\7028ac83-8829-47e0-873d-9d089686e621ad\aceddead.exe [ 2013-08-28] () <===== ATTENTION
HKU\Tallg\...\Policies\Explorer\Run: [aceddead] - C:\Documents and Settings\Tallg\Local Settings\Application Data\7028ac83-8829-47e0-873d-9d089686e621ad\aceddead.exe [ 2013-08-28] ()
C:\Documents and Settings\Tallg\Local Settings\Application Data\7028ac83-8829-47e0-873d-9d089686e621ad\aceddead.exe
C:\Documents and Settings\Tallg\icq.exe
C:\Documents and Settings\Tallg\jucheck.exe
C:\Documents and Settings\Tallg\vlcplayer.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\csrssr.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\GLF10.EXE
C:\Documents and Settings\Tallg\Local Settings\Temp\vlc-2.0.6-win32.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\{77E59630-BE2B-47F7-93F3-8F749E2A2A72}\InstallFlashPlayer.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\e4j28.tmp_dir1374671142\i4jdel.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\WSSU\Setup.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\VES\Setup.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\VCU\Setup.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\SUS\Setup.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\SnyUtils\Setup.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\LSU\Setup.exe
C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\BattChk\Setup.exe
C:\Windows\Tasks\{2EE01527-F854-4F30-9E43-445BB07AA1E4}.job

*****************

HKU\Tallg\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe CSS5.1 Manager => Value not found.
HKU\HKU\Tallg\...\Policies\Explorer\Run: [aceddead] - C:\Documents and Settings\Tallg\Local Settings\Application Data\7028ac83-8829-47e0-873d-9d089686e621ad\aceddead.exe [ 2013-08-28] ()\Software\Microsoft\Windows\CurrentVersion\Run\\aceddead => Value not found.
HKU\Tallg\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\aceddead => Value not found.
"C:\Documents and Settings\Tallg\Local Settings\Application Data\7028ac83-8829-47e0-873d-9d089686e621ad\aceddead.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\icq.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\jucheck.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\vlcplayer.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\Local Settings\Temp\csrssr.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\Local Settings\Temp\GLF10.EXE" => File/Directory not found.
"C:\Documents and Settings\Tallg\Local Settings\Temp\vlc-2.0.6-win32.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\Local Settings\Temp\{77E59630-BE2B-47F7-93F3-8F749E2A2A72}\InstallFlashPlayer.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\Local Settings\Temp\e4j28.tmp_dir1374671142\i4jdel.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\WSSU\Setup.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\VES\Setup.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\VCU\Setup.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\SUS\Setup.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\SnyUtils\Setup.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\LSU\Setup.exe" => File/Directory not found.
"C:\Documents and Settings\Tallg\Local Settings\Temp\Drivers\BattChk\Setup.exe" => File/Directory not found.
"C:\Windows\Tasks\{2EE01527-F854-4F30-9E43-445BB07AA1E4}.job" => File/Directory not found.

==== End of Fixlog ====
  • 0

#27
Essexboy
Posted 11 September 2013 - 05:55 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I do not give in that easily

Could you run one more FRST scan for me please. Are you able to get to safe mode OK ?
  • 0

#28
arkman
Posted 11 September 2013 - 11:33 AM

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
When I try to enter safemode I get the blue screen.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-09-2013 (ATTENTION: ====> FRST version is 7 days old and could be outdated)
Ran by SYSTEM on REATOGO on 12-09-2013 02:12:57
Running from X:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [igfxhkcmd] - C:\WINDOWS\system32\hkcmd.exe [77824 2005-12-17] (Intel Corporation)
HKLM\...\Run: [igfxpers] - C:\WINDOWS\system32\igfxpers.exe [118784 2005-12-17] (Intel Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [118784 2004-11-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [667718 2006-02-28] (Intel Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [602182 2006-02-28] (Intel Corporation)
HKLM\...\Run: [EOUApp] - C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [569413 2006-02-28] (Intel Corporation)
HKLM\...\Run: [SonyPowerCfg] - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [217088 2006-06-13] (Sony Corporation)
HKLM\...\Run: [VAIO Update 2] - C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [151552 2005-10-12] (Sony Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [7561216 2006-06-20] (NVIDIA Corporation)
HKLM\...\Run: [Biomenu] - C:\Program Files\Protector Suite QL\menusw.exe [1354240 2006-02-22] (UPEK Inc.)
HKLM\...\Run: [Switcher.exe] - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe [176128 2006-02-14] (Sony Corporation)
HKLM\...\Run: [VAIO Recovery] - C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe [28672 2003-04-20] (Sony Electronics Inc)
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [323976 2010-05-31] (BillP Studios)
HKLM\...\Run: [ISBMgr.exe] - C:\Program Files\Sony\ISB Utility\ISBMgr.exe [32768 2004-02-20] (Sony Corporation)
HKLM\...\Run: [VAIOCameraUtility] - C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe [69632 2005-12-27] (Sony Corporation)
HKLM\...\Run: [DisplaySwitch] - C:\Documents and Settings\Tallg\Templates\securitywindrv.exe [55808 2013-08-28] (Hilgraeve, Inc.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k [x]
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\psfus: fusstub.dll (UPEK Inc.)
Winlogon\Notify\VESWinlogon: VESWinlogon.dll [X]
HKLM\...\Policies\Explorer: [NoDriveTypeAutoRun] 323
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [HonorAutoRunSetting] 1
HKLM\...\Policies\Explorer: [NoDriveAutoRun] 67108863
HKLM\...\Policies\Explorer: [NoDrives] 0
HKU\Tallg\...\Run: [SsAAD.exe] - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [ 2006-05-08] ()
HKU\Tallg\...\Run: [Google Update] - C:\Documents and Settings\Tallg\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [ 2010-06-30] (Google Inc.)

========================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [68096 2007-12-13] ()
S3 Image Converter video recording monitor for VAIO Entertainment; C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [32768 2005-07-14] (Sony Corporation)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [227232 2010-01-15] (McAfee, Inc.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [540745 2006-02-28] (Intel Corporation )
S4 SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [200704 2008-11-11] (SoundMovieServer)
S3 SPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [69718 2006-04-27] (Sony Corporation)
S2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [176128 2006-04-13] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-AppServer; C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe [2084864 2006-06-13] (Sony Corporation)
S3 VAIOMediaPlatform-IntegratedServer-UPnP; C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [770048 2006-05-18] (Sony Corporation)
S4 arrayssl_vpn_service3,0,1,9; %systemroot%\system32\gameenum.dll [x]
S4 ASDR; %systemroot%\system32\nla.dll [x]
S4 aslm75; %systemroot%\system32\XilinxPC4Driver.dll [x]
S4 avc; %systemroot%\system32\SilverLink.dll [x]
S4 avidsdmservice; %systemroot%\system32\cicsclient.dll [x]
S4 avipbb; %systemroot%\system32\ntiopnp.dll [x]
S4 bt; %systemroot%\system32\o2flash.dll [x]
S4 bthmodem; %systemroot%\system32\asuskeyboardservice.dll [x]
S4 btwaudio; %systemroot%\system32\cwcwdm.dll [x]
S4 cachemanxp; %systemroot%\system32\cercsr6.dll [x]
S4 Cardex; %systemroot%\system32\RalinkRegistryWriter.dll [x]
S4 cpqdfw; %systemroot%\system32\tnbrlds.dll [x]
S4 ctprxy2k; %systemroot%\system32\isapisearch.dll [x]
S4 cxlpt; %systemroot%\system32\MobilePreInstallerService.dll [x]
S4 db2jds; %systemroot%\system32\ggsemc.dll [x]
S4 DcFpoint; %systemroot%\system32\hclinetd.dll [x]
S4 dvpapi; %systemroot%\system32\pdiddcci.dll [x]
S4 EIO_XP; %systemroot%\system32\w800obex.dll [x]
S4 ELmon; %systemroot%\system32\pcandis5.dll [x]
S4 emupia; %systemroot%\system32\se59mdfl.dll [x]
S4 EUSBMSD; %systemroot%\system32\PcdrNt.dll [x]
S4 filterservice; %systemroot%\system32\haspnt.dll [x]
S4 GoogleDesktopManager-010708-104812; %systemroot%\system32\emAudio.dll [x]
S4 ihcservice; %systemroot%\system32\pca.dll [x]
S4 irda; %systemroot%\system32\fsma.dll [x]
S4 ispwdsvc; %systemroot%\system32\fireport.dll [x]
S4 k750mgmt; %systemroot%\system32\WinDriver6.dll [x]
S4 lhidusb; %systemroot%\system32\personalsecuredriveservice.dll [x]
S4 LKbdFlt2; %systemroot%\system32\hpgate.dll [x]
S4 lsdiorw; %systemroot%\system32\nsysaudm.dll [x]
S4 MaVctrl; %systemroot%\system32\motmodem.dll [x]
S4 ma_cmidi_installerservice; %systemroot%\system32\SndTDriverV32.dll [x]
S4 meraksmtp; %systemroot%\system32\cdr4_xp.dll [x]
S4 mi-raysat_3dsMax2008_32; %systemroot%\system32\EIO.dll [x]
S4 msi_wlan_service; %systemroot%\system32\F700iob.dll [x]
S4 msmframework; %systemroot%\system32\WD_FireWire_HID.dll [x]
S4 MXOFX; %systemroot%\system32\HIDSwvd.dll [x]
S4 netmdsb; %systemroot%\system32\ceepwrsvc.dll [x]
S4 NICSer_WPC54G; %systemroot%\system32\AlteraByteBlaster.dll [x]
S4 nisum; %systemroot%\system32\cdrbsdrv.dll [x]
S4 nmservice; %systemroot%\system32\ASLDRService.dll [x]
S4 ntcharge; %systemroot%\system32\S3GIGP.dll [x]
S4 ntuneservice; %systemroot%\system32\tosrfnds.dll [x]
S4 omsad; %systemroot%\system32\klif.dll [x]
S4 oracleorahome92tnslistener; %systemroot%\system32\houdiniserver.dll [x]
S4 pcx1nd5; %systemroot%\system32\ipcsvc.dll [x]
S4 pdlnshay; %systemroot%\system32\tdrpman.dll [x]
S4 pptchpad; %systemroot%\system32\sentinel.dll [x]
S4 profos; %systemroot%\system32\s125obex.dll [x]
S4 PSDNServ; %systemroot%\system32\sentinel.dll [x]
S4 pxfhmdfl; %systemroot%\system32\hpdj.dll [x]
S4 qbposdbservices; %systemroot%\system32\dimension4.dll [x]
S4 ramaint; %systemroot%\system32\vpcbus.dll [x]
S4 rasirda; %systemroot%\system32\elnkservice.dll [x]
S4 rdpdr; %systemroot%\system32\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}.dll [x]
S4 revudfservice; %systemroot%\system32\icm10blk.dll [x]
S4 rismxdp; %systemroot%\system32\es1371.dll [x]
S4 s117mgmt; %systemroot%\system32\GameConsoleService.dll [x]
S4 s7otranx; %systemroot%\system32\SABSVC.dll [x]
S4 SbieDrv; %systemroot%\system32\vpcvmm.dll [x]
S4 SDdriver; %systemroot%\system32\wdmaud.dll [x]
S4 se44nd5; %systemroot%\system32\aniwzcsdservice.dll [x]
S4 se58bus; %systemroot%\system32\spooler.dll [x]
S4 SED133x; %systemroot%\system32\USBDeviceService.dll [x]
S4 Si3132; %systemroot%\system32\JiaoCap.dll [x]
S4 SimpTcp; %systemroot%\system32\regmanserv.dll [x]
S4 sisagp; %systemroot%\system32\oracleorahome92tnslistener.dll [x]
S4 SQLAgent$LG_LP2; %systemroot%\system32\MRESP50a64.dll [x]
S4 ssoftservice; %systemroot%\system32\RioS30.dll [x]
S4 stunnel; %systemroot%\system32\ATMsg.dll [x]
S4 susbser; %systemroot%\system32\bocdrive.dll [x]
S4 T6963C; %systemroot%\system32\CnxTrUsb.dll [x]
S4 twdns; %systemroot%\system32\w550mdfl.dll [x]
S4 U2SP; %systemroot%\system32\sit_flt.dll [x]
S4 uisp; %systemroot%\system32\winachcf.dll [x]
S3 VAIOMediaPlatform-IntegratedServer-HTTP; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" [x]
S3 VAIOMediaPlatform-Mobile-Gateway; "C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" [x]
S4 Via4in1; %systemroot%\system32\camdrl.dll [x]
S4 vmkbd2; %systemroot%\system32\wg6n.dll [x]
S4 vmnetbridge; %systemroot%\system32\wg5n.dll [x]
S4 vproeventmonitor; %systemroot%\system32\WD_FireWire_HID.dll [x]
S4 W2acehid; %systemroot%\system32\NetwareWorkstation.dll [x]
S4 wkscfgsrv; %systemroot%\system32\filterservice.dll [x]

==================== Drivers (Whitelisted) ====================

S2 FdRedir; C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [13440 2006-02-22] (UPEK Inc.)
S2 FileDisk2; C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys [33024 2006-02-22] (UPEK Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-01-25] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-01-25] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [202112 2005-10-18] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [998656 2005-10-18] (Conexant Systems, Inc.)
S3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [36352 2005-10-21] (Infineon Technologies AG)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-09-04] (Malwarebytes Corporation)
S3 Mvc25U870_VID_1262&PID_25FD; C:\Windows\System32\Drivers\Mvc25U870.sys [55680 2005-12-29] (Micro Vision Co.,Ltd)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 RTCore32; C:\Program Files\RMClock\RTCore32.sys [4608 2005-05-25] ()
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [13568 2006-02-28] (Intel Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-03-14] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-03-14] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [68168 2010-05-16] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 shpf; C:\Windows\System32\DRIVERS\shpf.sys [9216 2005-11-21] (Sony Corporation)
S3 SndTVideo; C:\Windows\System32\DRIVERS\SndTVideo.sys [3768 2008-11-11] (Windows ® 2000 DDK provider)
S3 SonyImgF; C:\Windows\System32\DRIVERS\SonyImgF.sys [30080 2006-03-06] (Sony Corporation)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1076472 2005-11-17] (SigmaTel, Inc.)
S2 symlcbrd; C:\WINDOWS\system32\drivers\symlcbrd.sys [10344 2007-07-17] (Symantec Corporation)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [37920 2011-07-22] (RapidSolution Software AG)
S3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [808448 2007-01-24] (Texas Instruments)
S3 w39n51; C:\Windows\System32\DRIVERS\w39n51.sys [1428480 2006-02-26] (Intel® Corporation)
S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [241408 2005-10-17] (Marvell)
S2 AegisP; system32\DRIVERS\AegisP.sys [x]
S5 AppMgmt; C:\Windows\system32\svchost.exe [14336 2008-04-13] (Microsoft Corporation)
S3 catchme; \??\C:\DOCUME~1\Tallg\LOCALS~1\Temp\catchme.sys [x]
S1 DMICall; system32\DRIVERS\DMICall.sys [x]
S3 HPZipr12; system32\DRIVERS\HPZipr12.sys [x]
S3 ialm; system32\DRIVERS\ialmnt5.sys [x]
S4 IntelIde; No ImagePath
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SPI; system32\DRIVERS\SonyPI.sys [x]
S3 TlntSvr;
S3 USBAAPL; System32\Drivers\usbaapl.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-05 00:46 - 2013-09-05 00:46 - 00062152 _____ C:\OTL.Txt
2013-09-04 23:30 - 2013-09-04 23:29 - 00090112 _____ C:\Windows\Minidump\Mini090413-01.dmp
2013-08-30 10:31 - 2013-09-04 21:20 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-08-30 10:26 - 2013-08-30 10:27 - 00005367 _____ C:\Windows\KB2834904-v2.log
2013-08-30 10:26 - 2013-08-30 10:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2834904-v2_WM11$
2013-08-30 10:24 - 2013-08-30 10:24 - 00090112 _____ C:\Windows\Minidump\Mini083013-01.dmp
2013-08-30 10:24 - 2013-08-30 10:24 - 00000000 __RSD C:\Documents and Settings\Tallg\My Documents\My Safe
2013-08-28 21:37 - 2013-09-11 06:57 - 00000000 ____D C:\Documents and Settings\Tallg\Local Settings\Application Data\7028ac83-8829-47e0-873d-9d089686e621ad
2013-08-20 09:56 - 2013-08-20 09:57 - 00016315 _____ C:\Windows\KB2862772-IE8.log
2013-08-20 09:51 - 2013-08-20 09:51 - 00007641 _____ C:\Windows\KB2863058.log
2013-08-20 09:51 - 2013-08-20 09:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2863058$
2013-08-20 09:51 - 2013-08-20 09:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2859537$
2013-08-20 09:51 - 2013-08-20 09:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2850869$
2013-08-20 09:49 - 2013-08-20 09:49 - 00000000 __HDC C:\Windows\$NtUninstallKB2849470$
2013-08-14 08:58 - 2013-08-20 09:51 - 00013819 _____ C:\Windows\KB2850869.log
2013-08-14 08:57 - 2013-08-20 09:51 - 00014634 _____ C:\Windows\KB2859537.log

==================== One Month Modified Files and Folders =======

2013-09-11 09:14 - 2006-07-21 21:44 - 01661390 _____ C:\Windows\WindowsUpdate.log
2013-09-11 09:13 - 2011-08-26 20:18 - 00875583 _____ C:\Windows\setupapi.log
2013-09-11 09:13 - 2006-07-22 14:53 - 00050868 _____ C:\Windows\System32\nvapps.xml
2013-09-11 09:13 - 2006-07-21 14:41 - 00000159 _____ C:\Windows\wiadebug.log
2013-09-11 09:13 - 2006-07-21 14:41 - 00000049 _____ C:\Windows\wiaservc.log
2013-09-11 09:12 - 2013-09-11 09:12 - 00090112 _____ C:\Windows\Minidump\Mini091113-01.dmp
2013-09-11 09:12 - 2010-10-05 01:37 - 00000000 ____D C:\Windows\Minidump
2013-09-11 06:59 - 2013-01-29 13:11 - 00000000 ____D C:\Documents and Settings\Tallg\Desktop\Vuze
2013-09-11 06:59 - 2006-07-21 21:31 - 00001158 _____ C:\Windows\System32\wpa.dbl
2013-09-11 06:57 - 2013-08-28 21:37 - 00000000 ____D C:\Documents and Settings\Tallg\Local Settings\Application Data\7028ac83-8829-47e0-873d-9d089686e621ad
2013-09-05 00:46 - 2013-09-05 00:46 - 00062152 _____ C:\OTL.Txt
2013-09-04 23:29 - 2013-09-04 23:30 - 00090112 _____ C:\Windows\Minidump\Mini090413-01.dmp
2013-09-04 21:20 - 2013-08-30 10:31 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-08-30 10:27 - 2013-08-30 10:26 - 00005367 _____ C:\Windows\KB2834904-v2.log
2013-08-30 10:27 - 2013-08-30 10:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2834904-v2_WM11$
2013-08-30 10:27 - 2006-07-21 14:37 - 02699999 _____ C:\Windows\FaxSetup.log
2013-08-30 10:27 - 2006-07-21 14:37 - 01275346 _____ C:\Windows\ocgen.log
2013-08-30 10:27 - 2006-07-21 14:37 - 01020905 _____ C:\Windows\tsoc.log
2013-08-30 10:27 - 2006-07-21 14:37 - 00895304 _____ C:\Windows\comsetup.log
2013-08-30 10:27 - 2006-07-21 14:37 - 00541094 _____ C:\Windows\ntdtcsetup.log
2013-08-30 10:27 - 2006-07-21 14:37 - 00424202 _____ C:\Windows\iis6.log
2013-08-30 10:27 - 2006-07-21 14:37 - 00147036 _____ C:\Windows\ocmsn.log
2013-08-30 10:27 - 2006-07-21 14:37 - 00132967 _____ C:\Windows\msgsocm.log
2013-08-30 10:27 - 2006-07-21 14:37 - 00001374 _____ C:\Windows\imsins.log
2013-08-30 10:24 - 2013-08-30 10:24 - 00090112 _____ C:\Windows\Minidump\Mini083013-01.dmp
2013-08-30 10:24 - 2013-08-30 10:24 - 00000000 __RSD C:\Documents and Settings\Tallg\My Documents\My Safe
2013-08-27 11:32 - 2009-10-06 17:20 - 00000000 ____D C:\Documents and Settings\Tallg\Application Data\vlc
2013-08-22 11:32 - 2006-07-21 21:47 - 00032546 _____ C:\Windows\SchedLgU.Txt
2013-08-22 11:31 - 2006-10-14 23:52 - 00000178 ___SH C:\Documents and Settings\Tallg\ntuser.ini
2013-08-22 10:23 - 2006-07-22 14:11 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-20 09:57 - 2013-08-20 09:56 - 00016315 _____ C:\Windows\KB2862772-IE8.log
2013-08-20 09:57 - 2006-07-22 13:39 - 00358405 _____ C:\Windows\updspapi.log
2013-08-20 09:57 - 2006-07-21 14:37 - 00001374 _____ C:\Windows\imsins.BAK
2013-08-20 09:56 - 2009-06-20 12:47 - 00000000 ____D C:\Windows\ie8updates
2013-08-20 09:55 - 2013-07-30 16:57 - 00000000 ____D C:\Windows\System32\MRT
2013-08-20 09:52 - 2009-11-11 11:59 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-20 09:51 - 2013-08-20 09:51 - 00007641 _____ C:\Windows\KB2863058.log
2013-08-20 09:51 - 2013-08-20 09:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2863058$
2013-08-20 09:51 - 2013-08-20 09:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2859537$
2013-08-20 09:51 - 2013-08-20 09:51 - 00000000 __HDC C:\Windows\$NtUninstallKB2850869$
2013-08-20 09:51 - 2013-08-14 08:58 - 00013819 _____ C:\Windows\KB2850869.log
2013-08-20 09:51 - 2013-08-14 08:57 - 00014634 _____ C:\Windows\KB2859537.log
2013-08-20 09:51 - 2007-02-17 01:53 - 00662552 _____ C:\Windows\System32\TZLog.log
2013-08-20 09:49 - 2013-08-20 09:49 - 00000000 __HDC C:\Windows\$NtUninstallKB2849470$
2013-08-20 09:47 - 2006-07-21 14:37 - 00502576 _____ C:\Windows\System32\PerfStringBackup.INI

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-08-30 10:26 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP375

RP: -> 2013-08-28 20:55 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP374

RP: -> 2013-08-27 11:18 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP373

RP: -> 2013-08-22 10:02 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP372

RP: -> 2013-08-21 09:39 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP371

RP: -> 2013-08-20 09:42 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP370

RP: -> 2013-08-14 08:48 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP369

RP: -> 2013-08-08 08:58 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP368

RP: -> 2013-08-07 08:54 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP367

RP: -> 2013-08-02 12:31 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP366

RP: -> 2013-08-01 08:57 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP365

RP: -> 2013-07-31 17:05 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP364

RP: -> 2013-07-30 16:54 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP363

RP: -> 2013-07-27 20:00 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP362

RP: -> 2013-07-27 17:38 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP361

RP: -> 2013-07-27 17:16 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP360

RP: -> 2013-07-25 12:32 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP359

RP: -> 2013-07-24 09:57 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP358

RP: -> 2013-07-24 08:59 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP357

RP: -> 2013-07-22 20:03 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP356

RP: -> 2013-07-22 09:17 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP355

RP: -> 2013-07-19 09:04 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP354

RP: -> 2013-07-17 21:32 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP353

RP: -> 2013-07-14 17:30 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP352

RP: -> 2013-07-13 21:29 - 024576 _restore{54C72960-2267-4872-93F9-556BF4397A54}\RP351


==================== Memory info ===========================

Percentage of memory in use: 20%
Total physical RAM: 1021.98 MB
Available physical RAM: 808.06 MB
Total Pagefile: 905.55 MB
Available Pagefile: 829.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1992.97 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:68.52 GB) (Free:1.47 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive x: (ReatogoPE) (Removable) (Total:7.32 GB) (Free:6.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 26EA8E76)
Partition 1: (Not Active) - (Size=6 GB) - (Type=12)
Partition 2: (Active) - (Size=69 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 0192BBD7)
No partition Table on disk 1.

==================== End Of Log ============================
  • 0

#29
Essexboy
Posted 11 September 2013 - 11:41 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This should get the bugger :)

Download the attached fixlist.txt
[attachment=66457:fixlist.txt]
Run as before and then run OTL from normal windows
  • 0

#30
arkman
Posted 11 September 2013 - 01:02 PM

arkman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Only the OTL.txt appeared..

OTL logfile created on: 9/12/2013 7:51:14 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Tallg\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 672.06 Mb Available Physical Memory | 65.76% Memory free
2.40 Gb Paging File | 2.18 Gb Available in Paging File | 90.61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.52 Gb Total Space | 1.47 Gb Free Space | 2.14% Space Free | Partition Type: NTFS
Drive F: | 7.32 Gb Total Space | 6.97 Gb Free Space | 95.11% Space Free | Partition Type: NTFS

Computer Name: CHOMPER | User Name: Tallg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/11 14:49:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tallg\Desktop\OTL.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2008/04/13 20:12:33 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/06/13 13:22:20 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/04/13 13:36:36 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/02/28 17:29:54 | 000,569,413 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2006/02/28 17:25:48 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2006/02/28 17:25:20 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2006/02/28 17:22:50 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/02/22 21:10:16 | 001,354,240 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\menusw.exe
PRC - [2006/02/14 15:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/12/27 13:58:10 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
PRC - [2005/10/12 00:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2004/11/17 23:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/08/19 12:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/02/20 17:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe


========== Modules (No Company Name) ==========

MOD - [2010/03/29 16:02:48 | 000,520,234 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2008/09/16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/02/28 17:39:02 | 000,876,544 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/02/28 17:39:02 | 000,208,965 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/28 17:39:02 | 000,053,322 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/02/13 17:15:04 | 000,970,862 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\acAuth.dll
MOD - [2005/11/28 16:45:50 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony\VAIO Camera Utility\VCULib.dll
MOD - [2005/05/20 17:42:20 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\filterservice.dll -- (wkscfgsrv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\NetwareWorkstation.dll -- (W2acehid)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (vproeventmonitor)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wg5n.dll -- (vmnetbridge)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wg6n.dll -- (vmkbd2)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\camdrl.dll -- (Via4in1)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\winachcf.dll -- (uisp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sit_flt.dll -- (U2SP)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\w550mdfl.dll -- (twdns)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\CnxTrUsb.dll -- (T6963C)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\bocdrive.dll -- (susbser)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ATMsg.dll -- (stunnel)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\RioS30.dll -- (ssoftservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\MRESP50a64.dll -- (SQLAgent$LG_LP2)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\oracleorahome92tnslistener.dll -- (sisagp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\regmanserv.dll -- (SimpTcp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\JiaoCap.dll -- (Si3132)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\USBDeviceService.dll -- (SED133x)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\spooler.dll -- (se58bus)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\aniwzcsdservice.dll -- (se44nd5)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\wdmaud.dll -- (SDdriver)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\vpcvmm.dll -- (SbieDrv)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SABSVC.dll -- (s7otranx)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\GameConsoleService.dll -- (s117mgmt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\es1371.dll -- (rismxdp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\icm10blk.dll -- (revudfservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\{85ccb53b-23d8-4e73-b1b7-9ddb71827d9b}.dll -- (rdpdr)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\elnkservice.dll -- (rasirda)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\vpcbus.dll -- (ramaint)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\dimension4.dll -- (qbposdbservices)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hpdj.dll -- (pxfhmdfl)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sentinel.dll -- (PSDNServ)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\s125obex.dll -- (profos)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\sentinel.dll -- (pptchpad)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tdrpman.dll -- (pdlnshay)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ipcsvc.dll -- (pcx1nd5)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\houdiniserver.dll -- (oracleorahome92tnslistener)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\klif.dll -- (omsad)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tosrfnds.dll -- (ntuneservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\S3GIGP.dll -- (ntcharge)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ASLDRService.dll -- (nmservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cdrbsdrv.dll -- (nisum)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\AlteraByteBlaster.dll -- (NICSer_WPC54G)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ceepwrsvc.dll -- (netmdsb)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\HIDSwvd.dll -- (MXOFX)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\WD_FireWire_HID.dll -- (msmframework)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\F700iob.dll -- (msi_wlan_service)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\EIO.dll -- (mi-raysat_3dsMax2008_32)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cdr4_xp.dll -- (meraksmtp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\motmodem.dll -- (MaVctrl)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SndTDriverV32.dll -- (ma_cmidi_installerservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\nsysaudm.dll -- (lsdiorw)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hpgate.dll -- (LKbdFlt2)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\personalsecuredriveservice.dll -- (lhidusb)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\WinDriver6.dll -- (k750mgmt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\fireport.dll -- (ispwdsvc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\fsma.dll -- (irda)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pca.dll -- (ihcservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\emAudio.dll -- (GoogleDesktopManager-010708-104812)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\haspnt.dll -- (filterservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\PcdrNt.dll -- (EUSBMSD)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\se59mdfl.dll -- (emupia)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pcandis5.dll -- (ELmon)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\w800obex.dll -- (EIO_XP)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\pdiddcci.dll -- (dvpapi)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\hclinetd.dll -- (DcFpoint)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ggsemc.dll -- (db2jds)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\MobilePreInstallerService.dll -- (cxlpt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\isapisearch.dll -- (ctprxy2k)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\tnbrlds.dll -- (cpqdfw)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\RalinkRegistryWriter.dll -- (Cardex)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cercsr6.dll -- (cachemanxp)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cwcwdm.dll -- (btwaudio)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\asuskeyboardservice.dll -- (bthmodem)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\o2flash.dll -- (bt)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\ntiopnp.dll -- (avipbb)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\cicsclient.dll -- (avidsdmservice)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\SilverLink.dll -- (avc)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\XilinxPC4Driver.dll -- (aslm75)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\nla.dll -- (ASDR)
SRV - File not found [Disabled | Stopped] -- %systemroot%\system32\gameenum.dll -- (arrayssl_vpn_service3,0,1,9)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/11/11 15:33:12 | 000,200,704 | ---- | M] (SoundMovieServer) [Disabled | Stopped] -- C:\WINDOWS\system32\snmvtsvc.exe -- (SoundMovieServer)
SRV - [2006/06/13 11:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 12:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 13:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2006/05/18 13:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2006/04/27 20:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 20:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 20:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/13 13:36:36 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2005/07/14 22:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SonyPI.sys -- (SPI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ialmnt5.sys -- (ialm)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\HPZipr12.sys -- (HPZipr12)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\DMICall.sys -- (DMICall)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Tallg\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\AegisP.sys -- (AegisP)
DRV - [2013/09/04 21:20:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/22 17:55:50 | 000,037,920 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2010/05/16 20:53:00 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/14 03:54:08 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/03/14 03:54:08 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/11 15:05:18 | 000,003,768 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTVideo.sys -- (SndTVideo)
DRV - [2008/11/11 15:05:16 | 000,023,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SndTAudio.sys -- (SndTAudio)
DRV - [2008/08/21 23:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 23:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/07/17 23:22:20 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/01/24 15:46:00 | 000,808,448 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/04/13 20:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/03/16 10:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 10:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd)
DRV - [2006/03/06 22:39:00 | 000,030,080 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2006/02/28 18:35:56 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/02/26 07:43:00 | 001,428,480 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2006/02/24 01:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/22 21:13:12 | 000,013,440 | ---- | M] (UPEK Inc.) [File_System | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\FdRedir.sys -- (FdRedir)
DRV - [2006/02/22 21:13:04 | 000,033,024 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Protector Suite QL\Drivers\filedisk.sys -- (FileDisk2)
DRV - [2006/02/10 11:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/08 17:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/29 03:28:08 | 000,055,680 | ---- | M] (Micro Vision Co.,Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mvc25U870.sys -- (Mvc25U870_VID_1262&PID_25FD)
DRV - [2005/11/21 18:06:02 | 000,009,216 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\shpf.sys -- (shpf)
DRV - [2005/11/17 13:40:00 | 001,076,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/21 15:19:34 | 000,036,352 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2005/10/18 20:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/10/18 20:52:34 | 000,202,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/10/18 20:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/17 12:43:00 | 000,241,408 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 18:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/05/25 09:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\RMClock\RTCore32.sys -- (RTCore32)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2000/11/09 19:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-21-2919104967-2981136551-2492303643-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2919104967-2981136551-2492303643-1006\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2919104967-2981136551-2492303643-1006\..\SearchScopes\{840EC0F1-817C-4457-9474-DF761719D960}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-2919104967-2981136551-2492303643-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2919104967-2981136551-2492303643-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Tallg\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Tallg\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Tallg\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Tallg\Local Settings\Application Data\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)


[2010/05/16 12:13:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2013/05/28 15:25:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Biomenu] C:\Program Files\Protector Suite QL\menusw.exe (UPEK Inc.)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\SONYSYS\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-2919104967-2981136551-2492303643-1006..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2919104967-2981136551-2492303643-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2919104967-2981136551-2492303643-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2919104967-2981136551-2492303643-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2919104967-2981136551-2492303643-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKU\S-1-5-21-2919104967-2981136551-2492303643-1006\..Trusted Domains: westlaw.com ([]https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane..._2.3.10.115.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{562E49FA-4568-466F-8F14-F0EBE8503C89}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\psfus: DllName - (fusstub.dll) - C:\WINDOWS\System32\fusstub.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Tallg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tallg\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/21 21:45:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/09/04 16:53:54 | 000,000,053 | ---- | M] () - F:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/08/30 10:31:06 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/08/30 10:24:52 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Tallg\My Documents\My Safe
[2013/08/28 21:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tallg\Local Settings\Application Data\7028ac83-8829-47e0-873d-9d089686e621ad
[2009/03/21 13:19:36 | 007,522,240 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.0.7.exe
[1 C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/12 07:52:10 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006UA.job
[2013/09/12 07:48:40 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013/09/12 07:48:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/12 07:48:29 | 1071,697,920 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/11 14:49:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tallg\Desktop\OTL.exe
[2013/09/11 06:59:33 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/04 21:20:19 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013/08/20 09:57:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/20 09:47:13 | 000,442,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/20 09:47:13 | 000,071,910 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2013/05/28 15:05:52 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/05/28 15:05:52 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/05/28 15:05:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/05/28 15:05:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/05/28 15:05:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/11 00:24:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/17 00:10:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/16 01:06:46 | 000,709,968 | ---- | C] () -- C:\WINDOWS\is-FQ1CT.exe
[2010/11/27 17:22:34 | 000,002,114 | ---- | C] () -- C:\Documents and Settings\Tallg\Application Data\SAS7_000.DAT
[2010/05/17 10:40:26 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\All Users\msrecovery.cfc
[2008/01/02 17:27:34 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/10/15 04:29:37 | 000,000,096 | ---- | C] () -- C:\Documents and Settings\Tallg\Application Data\wklnhst.dat
[2006/10/15 01:53:53 | 000,061,952 | ---- | C] () -- C:\Documents and Settings\Tallg\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/14 23:52:50 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Tallg\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2013/02/15 13:00:40 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB61707$\1174779662\L
[2013/02/18 00:28:37 | 000,000,000 | ---D | M] -- C:\WINDOWS\$NtUninstallKB61707$\1174779662\U
[2013/02/17 23:57:48 | 000,000,804 | ---- | M] () -- C:\WINDOWS\$NtUninstallKB61707$\1174779662\L\00000004.@
[2006/07/22 14:12:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/03/21 16:55:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/11/06 20:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/11/27 15:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2006/10/15 02:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2012/02/04 21:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Examsoft
[2006/10/15 02:15:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/08/27 09:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/07/07 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/12/30 04:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PPLiveVA
[2011/08/24 20:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2009/11/02 16:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2009/05/13 07:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Thunder Network
[2009/05/13 07:45:39 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\thunder_vod_cache
[2009/11/09 22:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/09 11:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/19 02:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/22 21:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2006/10/15 03:00:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Aim
[2013/07/24 09:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Azureus
[2010/11/27 15:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\DAEMON Tools Lite
[2009/02/16 19:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\ICAClient
[2006/11/04 00:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\InterVideo
[2006/10/15 02:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Leadertech
[2009/06/22 14:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\LimeWire
[2010/08/27 09:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\NCH Swift Sound
[2010/11/27 15:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Nuance
[2009/12/24 20:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\PPLiveVA
[2006/10/14 23:53:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Protector Suite
[2009/03/23 09:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\SMART Technologies
[2009/03/18 09:05:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\SMART Technologies Inc
[2007/12/21 17:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Snapfish
[2007/03/18 18:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Template
[2010/06/01 13:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\ThomsonWest
[2007/02/16 23:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\Viewpoint
[2010/08/03 17:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tallg\Application Data\WinPatrol

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 20:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 09:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 20:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 20:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 20:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
No service found with a name of HidServ
SRV - [2008/04/13 20:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 20:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [On_Demand | Stopped] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 20:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 20:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 09:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 20:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 20:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 20:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 20:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 20:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 01:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 20:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 20:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 20:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 20:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 19:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 20:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 20:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 20:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 20:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
No service found with a name of Wmi
SRV - [2008/04/13 20:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 20:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 02:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SERVICES >
[2006/02/28 08:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES._ >
[2006/02/28 08:00:00 | 000,001,989 | ---- | M] () MD5=29BB3BBBE3D49156A42BFB3DD000F554 -- C:\WINDOWS\I386\SERVICES._

< MD5 for: SERVICES.EX_ >
[2006/02/28 08:00:00 | 000,049,955 | ---- | M] () MD5=85A738BA493104ED103B26CADEB8B543 -- C:\WINDOWS\I386\SERVICES.EX_

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2006/02/28 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.HTML >
[2008/04/16 12:29:04 | 000,004,166 | ---- | M] () MD5=DB0CABD236311DDEB186C9B8A13F39A6 -- C:\Program Files\BillP Studios\WinPatrol\services.html

< MD5 for: SERVICES.LNK >
[2006/07/21 21:45:27 | 000,001,602 | ---- | M] () MD5=64E34903D04C7303B93C1ED31734E2B7 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MS_ >
[2006/02/28 08:00:00 | 000,003,649 | ---- | M] () MD5=64E9F61D2ED093C361862DE36433B5E1 -- C:\WINDOWS\I386\SERVICES.MS_

< MD5 for: SERVICES.MSC >
[2006/02/28 08:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2006/02/28 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2006/02/28 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtUninstallKB307154$\winlogon.exe
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004/08/13 19:01:19 | 000,502,784 | ---- | M] (Microsoft Corporation) MD5=EA16F83B5E4964C100F6098CE9874927 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is B431-22E1
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
08/20/2013 09:46 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
08/20/2013 09:46 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 1,546,772,480 bytes free

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP