Jump to content

Malwarebytes

I've been Exploited...please help

- - - - -
Started by drwizzz, Jun 10 2012 09:05 PM
exploit.drop.9

14 replies to this topic

#1
drwizzz
Posted 10 June 2012 - 09:05 PM

    New Member

  • Members
  • Pip
  • 30 posts
I need some help. Malwarebytes detected exploit.drop.9 and quarantined it. I then deleted the quarantined file. Subsequent scans come up negative however my Internet Explorer is still hijacked. I also use firefox and it does not appear hijacked but want to remove this Trojan as I don't know what else it is doing on my PC. Any help would be appreciated. Thanks.

Here are the DDS scans info:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Run by Butch at 22:00:27 on 2012-06-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.552 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\safeconnect\Uninstall.exe
C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\AOL\1174708395\ee\AOLSoftware.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint\Apntex.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Documents and Settings\Butch\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aol\aol search enhancement\AOLSearch.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: SecureBrowsing bho: {7632abca-b104-4fbc-9c70-419c4147061b} - c:\program files\m86security secure browsing\SecureBrowsing.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
BHO: Catcher Class: {adecbed6-0366-4377-a739-e69dfba04663} - c:\program files\moyea\flv downloader\MoyeaCth.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
TB: M86 Security Secure Browsing: {b99f805c-f0b1-48ea-8c8b-753bfcbed913} - c:\program files\m86security secure browsing\SecureBrowsing.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\butch\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ApplicationHistory] rundll32.exe "c:\documents and settings\butch\local settings\application data\deployment\applicationhistory\ckkzci.dll",DllRegisterServer
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /Stationary
mRun: [Switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exe
mRun: [SonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [HostManager] c:\program files\common files\aol\1174708395\ee\AOLSoftware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [DISCover] c:\program files\disc\DISCover.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
dRun: [ApplicationHistory] rundll32.exe "c:\documents and settings\butch\local settings\application data\deployment\applicationhistory\ckkzci.dll",DllRegisterServer
StartupFolder: c:\docume~1\butch\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\butch\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htm
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.0\aoltb.dll
Trusted Zone: trymedia.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238972247256
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{75E2B172-673C-4CED-B115-BFB722EAE233} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8698E6B8-1507-443B-A72A-1A9AA8F90825} : DhcpNameServer = 209.18.47.61 209.18.47.62
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\butch\application data\mozilla\firefox\profiles\gi2b1a6z.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\butch\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-16 64512]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-8-18 2152152]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-30 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-5-31 106656]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-8-18 15232]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120609.016\naveng.sys [2012-6-10 87928]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120609.016\navex15.sys [2012-6-10 1589752]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-8-10 226304]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-2-8 136176]
S2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scmanager.sys servicestart --> c:\program files\safeconnect\scManager.sys servicestart [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-2-8 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-3-23 1120960]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-3-26 280344]
.
=============== Created Last 30 ================
.
2012-05-27 12:51:36 -------- d-----w- c:\program files\Dropbox
2012-05-20 04:33:32 -------- d-----w- c:\documents and settings\butch\application data\RealNetworks
.
==================== Find3M ====================
.
2012-06-11 01:02:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-11 01:02:31 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 22:18:59 26112 ----a-w- c:\windows\system32\userinit.exe
.
============= FINISH: 22:01:43.70 ===============



The attach.txt file did not appear after DDS was completed.

#2
drwizzz
Posted 10 June 2012 - 09:16 PM

    New Member

  • Members
  • Pip
  • 30 posts
I think I found the Attach file:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 3/24/2007 4:17:53 PM
System Uptime: 6/10/2012 8:53:30 PM (1 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel® Core™2 CPU T5500 @ 1.66GHz | N/A | 1662/167mhz
.
==== Disk Partitions =========================
.
.
==== Installed Programs ======================
.
.
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Common File Installer
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop Elements 3.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Premiere Elements Updater 3.0.2
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
Adobe SVG Viewer 3.0
AIM 7
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
AOL You've Got Pictures Screensaver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.14 (Unicode)
Bewitched (remove only)
BlackBerry Desktop Software 6.0.2
Bonjour
Click to DVD 2.0.03 Menu Data
Click to DVD 2.5.30
Click to DVD Tutorial
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
DISCover
Download Updater (AOL LLC)
Dr. Neubrander's Forms as of January 24, 2012
Dr. Neubrander's Forms as of January 31, 2012
Dr. Neubrander's New Patient Forms as of December 20, 2011
Dropbox
DVgate Plus
FastStone Image Viewer 4.6
FreeScreenSharing
Google Chrome
Google Earth Plug-in
Google Update Helper
GoToMeeting 4.8.0.723
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Image Converter 2 Plus
ImageStation
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
InterVideo WinDVD for VAIO
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Java™ 6 Update 20
Java™ SE Runtime Environment 6 Update 1
JEOPARDY! (remove only)
LAME v3.99.3 (for Windows)
LAN Setting Utility
LiveUpdate 3.0 (Symantec Corporation)
M86Security Secure Browsing
Macromedia Flash Player 8
Macromedia Flash Player 8 Plugin
Malwarebytes Anti-Malware version 1.61.0.1400
McGraw-Hill EZ Test Desktop
mCore
mDriver
Memory Stick Formatter
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Starter Edition 2006
Microsoft Digital Image Starter Edition 2006 Editor
Microsoft Digital Image Starter Edition 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
mMHouse
Moyea FLV Downloader version 1.15.0.15
Moyea FLV Importer for Adobe Premiere Pro version 1.0.0.8
Moyea FLV Player version 1.5.2.7
Moyea FLV to Video Converter Pro version 1.29.1.6
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 12.0.1 (x86 en-US)
mPfMgr
mProSafe
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
Napster
Napster Burn Engine
NTREGOPT 1.1j
Office 2003 Trial Assistant
OpenMG AAC Add-on Module 1.0.00
OpenMG Limited Patch 4.5-06-05-12-01
OpenMG Metadata Extractor for Windows Media Player
OpenMG Secure Module 4.5.01
Opera 10.63
OSS MP3-WAV Converter version 5.0.0.0
PDF reDirect (remove only)
Quicken 2006
QuickTime
RCSProducts V12
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio DigitalMedia Audio
Roxio DigitalMedia Copy
Roxio DigitalMedia Data
SafeConnect
Search Enhancement by AOL Search
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Setting Utility Series
Soft Data Fax Modem with SmartCP
Sonic Encoders
SonicStage 4.0
Sony Certificate PCH
Sony MP4 Shared Library
Sony Utilities DLL
Sony Video Shared Library
Switch Sound File Converter
Symantec AntiVirus
Symantec KB-DocID:2003093015493306
The Da Vinci Code (remove only)
TweetDeck
Ultr@VNC Release 1.0.0 RC 18 - Win32
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
VAIO Backup Utility
VAIO Breeze Wallpaper
VAIO Central
VAIO Entertainment Platform
VAIO Event Service
VAIO Hardware Diagnostics
VAIO Light Flo Wallpaper
VAIO Media 5.0
VAIO Media AC3 Decoder 1.0
VAIO Media Integrated Server 5.0
VAIO Media Redistribution 5.0
VAIO Media Registration Tool 5.0
VAIO Media Tutorial
VAIO Original Screen Saver
VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
VAIO Power Management
VAIO Registration
VAIO Security Center
VAIO Support Central
VAIO Update 2
VAIO Wireless LAN Setup Utility
VAIOSurveySA
Viewpoint Media Player
VirtualDJ Home FREE
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 2.0.1
VPN Client
VZAccess Manager for RIM
WebFldrs XP
Wheel of Fortune (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix [See KB886612 for more information]
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wireless Switch Setting Utility
.
==== End Of File ===========================

#3
Maniac
Posted 11 June 2012 - 05:56 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,969 posts
  • Gender:Male
  • Location:Bulgaria, EU
Hello drwizzz! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at support@malwarebytes.org or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. If you choose to install more than one Anti-Virus program on your computer, then only one of them should be active in memory at a time. My suggestion is to uninstall Ad-Aware and to keep Symantec AntiVirus
.


Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 3

Download aswMBR.exe ( 1.8mB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image


Step 4

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.


In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log
  • OTL log with Extras.txt

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#4
drwizzz
Posted 11 June 2012 - 10:02 AM

    New Member

  • Members
  • Pip
  • 30 posts
Thank you for helping me with my issue.

Regarding Step 1: I have disabled the AdAware program for now. The Symantac program is a client

that was added to my computer by my employer. I do not have the same control over the Symantac

that consumers normally have but i believe it still updates and "protects" my computer.

Here is the MBAM log:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.11.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Butch :: CCRSYR04MBC [administrator]

6/11/2012 10:14:41 AM
mbam-log-2012-06-11 (10-14-41).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra |

Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223173
Time elapsed: 11 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) ->

Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-11 10:36:33
-----------------------------
10:36:33.061 OS Version: Windows 5.1.2600 Service Pack 3
10:36:33.061 Number of processors: 2 586 0xF06
10:36:33.061 ComputerName: CCRSYR04MBC UserName: Butch
10:36:36.452 Initialize success
10:37:42.280 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
10:37:42.280 Disk 0 Vendor: FUJITSU_MHV2120BH_PL 00000029 Size: 114473MB BusType: 3
10:37:42.280 Disk 1 \Device\Harddisk1\DR3 -> \Device\0000009f
10:37:42.280 Disk 1 Vendor: ( Size: 1922MB BusType: 0
10:37:42.342 Disk 0 MBR read successfully
10:37:42.342 Disk 0 MBR scan
10:37:42.342 Disk 0 Windows XP default MBR code
10:37:42.342 Disk 0 Partition 1 00 12 Compaq diag NTFS 7169 MB offset 63
10:37:42.358 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 107301 MB offset 14683410
10:37:42.358 Disk 0 scanning sectors +234436545
10:37:42.452 Disk 0 scanning C:\WINDOWS\system32\drivers
10:37:51.280 Service scanning
10:38:08.733 Modules scanning
10:38:15.780 Disk 0 trace - called modules:
10:38:15.811 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys

PCIIDEX.SYS
10:38:15.811 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9b8ab8]
10:38:15.811 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000096[0x8a9bb030]
10:38:15.811 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver ->

\Device\Ide\IdeDeviceP1T0L0-e[0x8a9ea940]
10:38:15.811 Scan finished successfully
10:39:06.233 Disk 0 MBR has been saved successfully to "C:\Documents and

Settings\Butch\Desktop\MBR.dat"
10:39:06.233 The log file has been saved successfully to "C:\Documents and

Settings\Butch\Desktop\aswMBR.txt"

#5
drwizzz
Posted 11 June 2012 - 10:02 AM

    New Member

  • Members
  • Pip
  • 30 posts
Here is OTL:


OTL logfile created on: 6/11/2012 10:44:33 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Butch\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 31.04% Memory free
3.84 Gb Paging File | 3.12 Gb Available in Paging File | 81.14% Paging File free
Paging file location(s): C:\pagefile.sys 2048 3048I:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.79 Gb Total Space | 7.77 Gb Free Space | 7.42% Space Free | Partition Type: NTFS
Drive D: | 1.88 Gb Total Space | 1.78 Gb Free Space | 94.79% Space Free | Partition Type: FAT
Drive E: | 298.09 Gb Total Space | 209.61 Gb Free Space | 70.32% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 229.72 Gb Free Space | 49.32% Space Free | Partition Type: NTFS
Drive I: | 1863.01 Gb Total Space | 1081.72 Gb Free Space | 58.06% Space Free | Partition Type: NTFS

Computer Name: CCRSYR04MBC | User Name: Butch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/11 10:41:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Butch\Desktop\OTL.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Butch\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/04/25 08:25:56 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/04 15:01:43 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe
PRC - [2011/02/28 20:17:39 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2009/06/17 10:51:24 | 000,292,632 | ---- | M] (Impulse Point, LLC) -- c:\Program Files\SafeConnect\Uninstall.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/09/25 20:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1174708395\ee\aolsoftware.exe
PRC - [2006/08/27 17:46:54 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2006/06/20 19:11:00 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2006/06/15 02:40:34 | 000,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/06/15 02:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/06/15 02:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/06/01 20:55:30 | 001,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe
PRC - [2006/06/01 20:54:30 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe
PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2006/03/24 18:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/24 18:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/03/24 18:14:48 | 000,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/02/14 16:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2005/11/28 16:39:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2005/11/28 16:39:30 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2005/10/12 00:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
PRC - [2005/03/11 21:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
PRC - [2004/11/17 23:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2004/10/18 17:42:18 | 000,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
PRC - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
PRC - [2004/10/15 16:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
PRC - [2004/08/19 12:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2004/02/20 17:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/10 21:02:31 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll
MOD - [2012/04/25 08:25:56 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/04/12 03:42:39 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b77fa627\system.drawing.dll
MOD - [2012/04/12 03:42:33 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_08a5292b\system.windows.forms.dll
MOD - [2012/04/12 03:41:59 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2012/01/11 03:02:21 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e3ecdad3\mscorlib.dll
MOD - [2012/01/11 03:02:11 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_3703fa30\system.xml.dll
MOD - [2012/01/11 03:01:54 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7f621009\system.dll
MOD - [2012/01/11 03:01:37 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/11 03:01:36 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2012/01/11 03:01:33 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/06/06 10:20:02 | 000,065,344 | ---- | M] () -- C:\WINDOWS\system32\PDFreDirectMonNT.dll
MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/03/25 00:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007/07/12 23:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2006/08/10 05:15:30 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006/08/10 05:15:27 | 000,573,440 | ---- | M] () -- c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll
MOD - [2006/08/10 05:15:27 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll
MOD - [2006/07/03 00:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/03 00:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/06/20 19:11:00 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2004/10/18 17:42:18 | 000,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
MOD - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
MOD - [2004/10/04 04:46:50 | 000,147,456 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll
MOD - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/04/25 08:25:57 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/27 10:08:17 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/02/28 20:17:39 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Stopped] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager)
SRV - [2008/01/06 19:52:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/03/23 23:52:32 | 001,120,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2006/06/20 19:11:00 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2006/06/15 02:40:28 | 000,115,952 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/06/15 02:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/06/15 02:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/06/13 12:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2006/06/07 13:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2006/05/18 14:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2006/05/18 14:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2006/05/08 08:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2006/04/27 20:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/04/27 20:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2006/04/27 20:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2006/03/24 18:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/24 18:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2005/11/28 16:39:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2005/11/28 16:39:30 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2005/11/25 16:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/07/14 23:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment)
SRV - [2005/03/11 21:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring)
SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)
SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor)
SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Butch\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/05/16 00:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/05/16 00:15:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/04/25 05:44:51 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120609.016\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/04/25 05:44:47 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120609.016\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2007/03/23 23:52:32 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/07/24 20:38:20 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/07/24 20:38:20 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/07/24 20:38:20 | 000,208,256 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/07/03 02:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/14 14:04:00 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/23 11:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/05/05 17:19:50 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/04/13 23:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/03/16 13:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2006/03/15 13:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM)
DRV - [2006/02/24 04:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/02/21 22:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2006/02/10 14:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/02/08 20:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/19 21:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 21:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/11/04 10:20:40 | 000,303,735 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/08/01 19:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/07/11 21:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt)
DRV - [2005/06/29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/01/26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/01/06 16:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/26 15:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5)
DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)
DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\SearchScopes,DefaultScope = {CBBD6A3C-FD5A-4520-9DFA-39F288A8A9CF}
IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\SearchScopes\{CBBD6A3C-FD5A-4520-9DFA-39F288A8A9CF}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 08:25:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 08:34:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/07 10:42:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/06/29 08:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Butch\Application Data\Mozilla\Extensions
[2010/06/29 08:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Butch\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/06/01 15:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\extensions
[2010/05/01 10:47:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/30 09:43:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/24 07:45:43 | 000,000,000 | ---D | M] (M86Security Secure Browsing) -- C:\Documents and Settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\extensions\securebrowsing@m86security.com
[2012/02/04 22:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/25 08:25:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/06/02 18:01:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/01/29 09:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/29 09:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/21 08:42:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SecureBrowsing bho) - {7632ABCA-B104-4fbc-9C70-419C4147061B} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll (M86Security LTD)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O2 - BHO: (Catcher Class) - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.)
O3 - HKLM\..\Toolbar: (M86 Security Secure Browsing) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll (M86Security LTD)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O3 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\Toolbar\WebBrowser: (M86 Security Secure Browsing) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll (M86Security LTD)
O3 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1174708395\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKU\.DEFAULT..\Run: [ApplicationHistory] C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll (MainConcept AG)
O4 - HKU\S-1-5-18..\Run: [ApplicationHistory] C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll (MainConcept AG)
O4 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005..\Run: [ApplicationHistory] C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll (MainConcept AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk = C:\Program Files\SafeConnect\SCClient.exe (Impulse Point, LLC)
O4 - Startup: C:\Documents and Settings\Butch\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Butch\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 3.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1238972247256 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebo...Uploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75E2B172-673C-4CED-B115-BFB722EAE233}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8698E6B8-1507-443B-A72A-1A9AA8F90825}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\ideas.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\ideas.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/10 03:51:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/10 21:54:52 | 000,000,170 | ---- | M] () - I:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/11 10:41:48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Butch\Desktop\OTL.exe
[2012/06/11 10:36:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Butch\Desktop\aswMBR.exe
[2012/06/04 22:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Butch\Desktop\salt-city-communications-llc-ckljienfnpc2
[2012/06/04 14:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Butch\Desktop\the-salt-city-communications-story-zsezkin-s68s
[2012/05/27 08:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/05/23 17:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Butch\Desktop\oswego_presentation
[2012/05/20 00:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Butch\Application Data\RealNetworks
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/11 10:41:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Butch\Desktop\OTL.exe
[2012/06/11 10:39:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\MBR.dat
[2012/06/11 10:37:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005UA.job
[2012/06/11 10:36:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Butch\Desktop\aswMBR.exe
[2012/06/11 10:25:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/11 10:09:41 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/06/11 08:24:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/11 08:24:20 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job
[2012/06/11 08:24:14 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job
[2012/06/11 08:23:22 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/11 08:22:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/11 08:22:25 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/10 21:43:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Butch\Desktop\dds.scr
[2012/06/10 20:07:03 | 000,030,711 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\MediaHandler.jpg
[2012/06/10 10:05:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/06/10 10:05:24 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/06/10 08:49:04 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\Butch\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/06/09 12:37:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005Core.job
[2012/06/04 22:39:25 | 000,084,768 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\VCAP_June5Agenda.pdf
[2012/06/04 22:10:44 | 030,026,567 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\salt-city-communications-llc-ckljienfnpc2.zip
[2012/06/04 14:39:39 | 061,106,100 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\the-salt-city-communications-story-zsezkin-s68s.zip
[2012/06/04 13:44:51 | 000,055,801 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\Amtrak - Reservations - Confirmation.pdf
[2012/06/03 12:02:00 | 000,126,810 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\branding 5 copy.jpg
[2012/05/30 14:15:31 | 012,646,435 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\no_church_in_the_wild-Jayz_Kayne.flv
[2012/05/29 22:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/05/29 19:17:13 | 000,080,114 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\pbsuniworldblast1_01.jpg
[2012/05/27 08:51:58 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Butch\Start Menu\Programs\Startup\Dropbox.lnk
[2012/05/27 08:51:00 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\Dropbox.lnk
[2012/05/23 20:40:58 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\Google Chrome.lnk
[2012/05/23 20:40:58 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Butch\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/05/12 12:42:13 | 000,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 12:09:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/12 12:02:10 | 000,445,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/12 12:02:10 | 000,072,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/11 10:39:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\MBR.dat
[2012/06/10 20:07:25 | 000,030,711 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\MediaHandler.jpg
[2012/06/10 08:49:04 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\Butch\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012/06/09 02:33:09 | 000,157,424 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\SU_awards_ceremony.jpg
[2012/06/09 02:29:31 | 000,079,388 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\Regional_award.jpg
[2012/06/04 22:39:24 | 000,084,768 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\VCAP_June5Agenda.pdf
[2012/06/04 22:10:31 | 030,026,567 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\salt-city-communications-llc-ckljienfnpc2.zip
[2012/06/04 14:38:50 | 061,106,100 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\the-salt-city-communications-story-zsezkin-s68s.zip
[2012/06/04 13:44:49 | 000,055,801 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\Amtrak - Reservations - Confirmation.pdf
[2012/06/03 12:02:00 | 000,126,810 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\branding 5 copy.jpg
[2012/05/30 14:15:29 | 012,646,435 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\no_church_in_the_wild-Jayz_Kayne.flv
[2012/05/29 19:25:13 | 000,080,114 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\pbsuniworldblast1_01.jpg
[2012/05/29 08:52:42 | 000,103,712 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\watson copy.GIF
[2012/02/15 11:32:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/05/21 10:52:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/21 10:52:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010/06/16 10:30:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/14 13:09:53 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

========== LOP Check ==========

[2008/11/28 15:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/09/08 10:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/12/13 01:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation
[2010/06/14 13:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2006/08/22 15:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/10/11 11:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/04/23 16:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF reDirect
[2011/04/30 00:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2009/04/05 18:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2009/08/08 07:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/24 22:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/10 12:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/08 18:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/03/26 15:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\acccore
[2012/06/08 09:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Audacity
[2011/04/30 02:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Blackberry Desktop
[2009/10/12 11:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/06/11 08:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Dropbox
[2012/03/24 07:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Finjan
[2007/03/26 14:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\InterVideo
[2007/03/26 18:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Leadertech
[2008/04/16 06:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Moyea
[2009/12/08 10:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\NCH Swift Sound
[2009/08/04 21:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\OfficeUpdate12
[2010/10/13 14:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Opera
[2011/04/23 16:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\PDF reDirect
[2011/04/30 02:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Research In Motion
[2007/06/13 11:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Smith Micro
[2012/01/16 12:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\TeamViewer
[2007/08/02 15:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Template
[2010/06/29 08:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Thunderbird
[2011/06/27 15:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2007/03/28 09:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Viewpoint
[2012/06/11 10:09:41 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 6/11/2012 10:44:33 AM - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Butch\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 31.04% Memory free
3.84 Gb Paging File | 3.12 Gb Available in Paging File | 81.14% Paging File free
Paging file location(s): C:\pagefile.sys 2048 3048I:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 104.79 Gb Total Space | 7.77 Gb Free Space | 7.42% Space Free | Partition Type: NTFS
Drive D: | 1.88 Gb Total Space | 1.78 Gb Free Space | 94.79% Space Free | Partition Type: FAT
Drive E: | 298.09 Gb Total Space | 209.61 Gb Free Space | 70.32% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 229.72 Gb Free Space | 49.32% Space Free | Partition Type: NTFS
Drive I: | 1863.01 Gb Total Space | 1081.72 Gb Free Space | 58.06% Space Free | Partition Type: NTFS

Computer Name: CCRSYR04MBC | User Name: Butch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2399893216-1284573121-3459454606-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"2967:TCP" = 2967:TCP:*:Enabled:Symantec
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"2967:TCP" = 2967:TCP:*:Enabled:Symantec
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.)
"C:\RCS\extender.exe" = C:\RCS\extender.exe:LocalSubNet:Enabled:RCS Extender -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1174708395\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1174708395\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc)
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc)
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- ()
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection)
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.)
"C:\Program Files\Sony\Click to DVD 2\CtoDvd.exe" = C:\Program Files\Sony\Click to DVD 2\CtoDvd.exe:*:Enabled:Click to DVD -- (Sony Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Microsoft Office\Office\SBT\DMM\directmail.exe" = C:\Program Files\Microsoft Office\Office\SBT\DMM\directmail.exe:*:Enabled:Microsoft Direct Mail Manager -- (Microsoft - Envelope Manager)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\McGraw-Hill\MH_EZTest\jre\bin\java.exe" = C:\McGraw-Hill\MH_EZTest\jre\bin\java.exe:*:Enabled:java -- ()
"C:\McGraw-Hill\MH_EZTest\mysql\bin\mysqld.exe" = C:\McGraw-Hill\MH_EZTest\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Documents and Settings\Butch\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Butch\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library
"{04605217-DD32-4090-9D9A-E5345222B9E1}" =
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2E190C8E-682A-409D-9329-539E24C9D1C1}" = Opera 10.63
"{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"{37ADBECF-1420-4557-B8CC-BED57053C3FF}" = Click to DVD Tutorial
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2
"{48AFBB60-8CF5-4605-BB04-704DD8702B80}" = VZAccess Manager for RIM
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility
"{5B82682E-C555-45DA-8E2C-CE6525427AC9}" = Click to DVD 2.5.30
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8
"{634D08B4-CFAC-CCB9-5891-FAB02B3FD9C1}" = TweetDeck
"{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper
"{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.5.2.7
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}" = Symantec AntiVirus
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript
"{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{86914AE6-BD70-4051-B65E-B4127F5776DA}" = RCSProducts V12
"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{908994F4-EBD2-40E0-B8F3-7004FA54E909}" = VAIO Media Tutorial
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO
"{966C4B44-A1A0-4254-A7F8-D325FB147133}_is1" = Dr. Neubrander's New Patient Forms as of December 20, 2011
"{966C4B44-A1A0-4254-A7F8-D325FB147134}_is1" = Dr. Neubrander's Forms as of January 31, 2012
"{966C4B44-A1A0-4254-A7F8-D325FB147135}_is1" = Dr. Neubrander's Forms as of January 24, 2012
"{966C4B44-A1A0-4254-A7F8-D325FB147136}_is1" = Dr. Neubrander's Forms as of January 24, 2012
"{966C4B44-A1A0-4254-A7F8-D325FB147137}_is1" = Dr. Neubrander's Forms as of January 24, 2012
"{966C4B44-A1A0-4254-A7F8-D325FB147138}_is1" = Dr. Neubrander's Forms as of January 24, 2012
"{966C4B44-A1A0-4254-A7F8-D325FB147139}_is1" = Dr. Neubrander's Forms as of January 24, 2012
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1" = Moyea FLV to Video Converter Pro version 1.29.1.6
"{A87EBA79-93DB-4A87-B9BA-62F8FB12D993}" = ImageStation
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = Ultr@VNC Release 1.0.0 RC 18 - Win32
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8D25596-7DD3-40EA-987A-4DA8BE5D65E5}" = Adobe Premiere Elements Updater 3.0.2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D9952D4E-766C-4CD3-BF2E-A2C3D8B15EF3}" = VAIO Backup Utility
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3D278BD-FC97-4F87-BB1F-689AE0CB9122}" = Macromedia Flash Player 8 Plugin
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea FLV Downloader version 1.15.0.15
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_7" = AIM 7
"AOL Search Enhancement" = Search Enhancement by AOL Search
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Bewitched" = Bewitched (remove only)
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_104D1700" = Soft Data Fax Modem with SmartCP
"com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DISCover" = DISCover
"EZ Test Desktop" = McGraw-Hill EZ Test Desktop
"FastStone Image Viewer" = FastStone Image Viewer 4.6
"Finjan Secure Browsing" = M86Security Secure Browsing
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01
"InstallShield_{86914AE6-BD70-4051-B65E-B4127F5776DA}" = RCSProducts V12
"InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA
"JEOPARDY!" = JEOPARDY! (remove only)
"LAME_is1" = LAME v3.99.3 (for Windows)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moyea FLV Importer for Adobe Premiere Pro_is1" = Moyea FLV Importer for Adobe Premiere Pro version 1.0.0.8
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NTREGOPT_is1" = NTREGOPT 1.1j
"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01
"OSS MP3-WAV Converter_is1" = OSS MP3-WAV Converter version 5.0.0.0
"PDF reDirect" = PDF reDirect (remove only)
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 15.0" = RealPlayer
"SafeConnect" = SafeConnect
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Switch" = Switch Sound File Converter
"The Da Vinci Code" = The Da Vinci Code (remove only)
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 2.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WGA" = Windows Genuine Advantage Validation Tool
"Wheel of Fortune" = Wheel of Fortune (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2399893216-1284573121-3459454606-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FreeScreenSharing" = FreeScreenSharing
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/11/2012 10:51:53 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Backdoor.Tidserv.I!inf in File: c:\WINDOWS\compbatt.old
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 6/11/2012 10:51:56 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: Risk was partially removed.

Error - 6/11/2012 10:52:38 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 6/11/2012 10:52:38 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 6/11/2012 10:52:38 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Backdoor.Tidserv.I!inf in File: c:\WINDOWS\compbatt.old
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 6/11/2012 10:52:41 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: Risk was partially removed.

Error - 6/11/2012 10:53:06 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 6/11/2012 10:53:06 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: The file was left unchanged.

Error - 6/11/2012 10:53:06 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711685
Description = Risk Found!Risk: Backdoor.Tidserv.I!inf in File: c:\WINDOWS\compbatt.old
by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description:
The file was left unchanged.

Error - 6/11/2012 10:53:07 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old
by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied.
Action Description: Risk was partially removed.


< End of report >



ALSO: When shutting down the computer the system holds up and says "rundll.exe" does not close and I have "end now" in order to shut down.


Thanks

#6
Maniac
Posted 11 June 2012 - 04:18 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,969 posts
  • Gender:Male
  • Location:Bulgaria, EU
Step 1

I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player


Step 2

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O3 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [ApplicationHistory] C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll (MainConcept AG)
O4 - HKU\S-1-5-18..\Run: [ApplicationHistory] C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll (MainConcept AG)
O4 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005..\Run: [ApplicationHistory] C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll (MainConcept AG)

:files
C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment

:Commands
[emptytemp]
[clearallrestorepoints]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles


Step 3

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.


In your next reply, post the following log files:

  • OTL Fix log
  • ComboFix log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#7
drwizzz
Posted 11 June 2012 - 06:06 PM

    New Member

  • Members
  • Pip
  • 30 posts
Viewpoint Media Player has been uninstalled.

OTL Fix Log:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2399893216-1284573121-3459454606-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ApplicationHistory deleted successfully.
C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ApplicationHistory not found.
File C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll not found.
Registry value HKEY_USERS\S-1-5-21-2399893216-1284573121-3459454606-1005\Software\Microsoft\Windows\CurrentVersion\Run\\ApplicationHistory deleted successfully.
File C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll not found.
========== FILES ==========
C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory folder moved successfully.
C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Butch
->Temp folder emptied: 51844397 bytes
->Temporary Internet Files folder emptied: 10299387 bytes
->Java cache emptied: 163926967 bytes
->FireFox cache emptied: 468519870 bytes
->Google Chrome cache emptied: 45263310 bytes
->Opera cache emptied: 225657 bytes
->Flash cache emptied: 58341 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 9076870 bytes
->Java cache emptied: 9930 bytes
->Flash cache emptied: 56359 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 5675025 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2333014 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 14890728 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 58798342 bytes

Total Files Cleaned = 793.00 mb

Unable to stop System Restore Service. Error code 1722. Restore points not cleared.
Error creating restore point.

OTL by OldTimer - Version 3.2.48.0 log created on 06112012_175440

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



ComboFix Log:


ComboFix 12-06-11.04 - Butch 06/11/2012 18:41:29.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1152 [GMT -4:00]
Running from: c:\documents and settings\Butch\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\setupapi.log
c:\windows\system32\regobj.dll
I:\Autorun.inf
I:\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))
.
.
2012-06-11 21:54 . 2012-06-11 21:54 -------- d-----w- C:\_OTL
2012-05-27 12:51 . 2012-05-27 12:51 -------- d-----w- c:\program files\Dropbox
2012-05-20 04:33 . 2012-05-20 04:33 -------- d-----w- c:\documents and settings\Butch\Application Data\RealNetworks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 01:02 . 2012-04-02 17:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-11 01:02 . 2011-05-15 04:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2006-08-10 07:32 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-11 13:14 . 2004-08-03 23:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-08-10 07:32 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2010-03-15 03:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 22:18 . 2006-08-10 07:32 26112 ----a-w- c:\windows\system32\userinit.exe
2012-04-25 12:25 . 2012-02-05 02:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"HostManager"="c:\program files\Common Files\AOL\1174708395\ee\AOLSoftware.exe" [2006-09-26 50736]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-02 1077248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-03-04 296056]
.
c:\documents and settings\Butch\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Butch\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-3-26 1524776]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 297240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-05-08 13:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1174708395\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\SBT\\DMM\\directmail.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\McGraw-Hill\\MH_EZTest\\jre\\bin\\java.exe"=
"c:\\McGraw-Hill\\MH_EZTest\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Butch\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2967:TCP"= 2967:TCP:Symantec
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/16/2010 11:49 AM 64512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/31/2012 1:58 PM 106656]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/10/2006 3:33 AM 226304]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2011 7:44 PM 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2152152]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2011 7:44 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:26 AM 129976]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 2:40 AM 115952]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 14:08]
.
2012-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005Core.job
- c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005UA.job
- c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57]
.
2012-06-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]
.
2012-06-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-11 18:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1344)
c:\windows\system32\VESWinlogon.dll
.
Completion time: 2012-06-11 18:59:46
ComboFix-quarantined-files.txt 2012-06-11 22:59
ComboFix2.txt 2012-03-21 13:00
.
Pre-Run: 9,000,591,360 bytes free
Post-Run: 8,948,617,216 bytes free
.
- - End Of File - - FA162DD6E3ADAC0BC16BC5D5F464DD56

#8
Maniac
Posted 12 June 2012 - 04:10 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,969 posts
  • Gender:Male
  • Location:Bulgaria, EU
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

DDS::
Trusted Zone: trymedia.com

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#9
drwizzz
Posted 12 June 2012 - 08:52 AM

    New Member

  • Members
  • Pip
  • 30 posts
ComboFix 12-06-11.04 - Butch 06/12/2012 9:23.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1111 [GMT -4:00]
Running from: c:\documents and settings\Butch\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Butch\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 )))))))))))))))))))))))))))))))
.
.
2012-06-11 21:54 . 2012-06-11 21:54 -------- d-----w- C:\_OTL
2012-05-27 12:51 . 2012-05-27 12:51 -------- d-----w- c:\program files\Dropbox
2012-05-20 04:33 . 2012-05-20 04:33 -------- d-----w- c:\documents and settings\Butch\Application Data\RealNetworks
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-11 01:02 . 2012-04-02 17:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-11 01:02 . 2011-05-15 04:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2006-08-10 07:32 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-04-11 13:14 . 2004-08-03 23:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-08-10 07:32 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-04 19:56 . 2010-03-15 03:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-20 22:18 . 2006-08-10 07:32 26112 ----a-w- c:\windows\system32\userinit.exe
2012-04-25 12:25 . 2012-02-05 02:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-11_22.53.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-12 12:16 . 2012-06-12 12:16 16384 c:\windows\Temp\Perflib_Perfdata_884.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]
"HostManager"="c:\program files\Common Files\AOL\1174708395\ee\AOLSoftware.exe" [2006-09-26 50736]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-02 1077248]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-03-04 296056]
.
c:\documents and settings\Butch\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Butch\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-3-26 1524776]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 297240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
2006-05-08 13:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1174708395\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\SBT\\DMM\\directmail.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\McGraw-Hill\\MH_EZTest\\jre\\bin\\java.exe"=
"c:\\McGraw-Hill\\MH_EZTest\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Documents and Settings\\Butch\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2967:TCP"= 2967:TCP:Symantec
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/16/2010 11:49 AM 64512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/31/2012 1:58 PM 106656]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/10/2006 3:33 AM 226304]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2011 7:44 PM 136176]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [8/10/2006 3:32 AM 14336]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2152152]
S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784]
S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2011 7:44 PM 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:26 AM 129976]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 2:40 AM 115952]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/10/2006 3:32 AM 14336]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPHLPSVC
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 14:08]
.
2012-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57]
.
2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005Core.job
- c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57]
.
2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005UA.job
- c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57]
.
2012-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]
.
2012-06-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-12 09:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1344)
c:\windows\system32\VESWinlogon.dll
.
- - - - - - - > 'explorer.exe'(5112)
c:\windows\system32\WININET.dll
c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-06-12 09:42:21
ComboFix-quarantined-files.txt 2012-06-12 13:42
ComboFix2.txt 2012-06-11 22:59
ComboFix3.txt 2012-03-21 13:00
.
Pre-Run: 8,766,124,032 bytes free
Post-Run: 8,769,560,576 bytes free
.
- - End Of File - - A32F9F4C43963A31536A8AF0839ABF2E

#10
Maniac
Posted 12 June 2012 - 09:03 AM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,969 posts
  • Gender:Male
  • Location:Bulgaria, EU
Very good! :)

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#11
drwizzz
Posted 12 June 2012 - 01:22 PM

    New Member

  • Members
  • Pip
  • 30 posts
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=cb44a455f1c8264f86e449556842a0aa
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-06-12 06:14:40
# local_time=2012-06-12 02:14:40 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 61982499 61982499 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=364620
# found=4
# cleaned=4
# scan_time=11107
C:\Documents and Settings\Butch\Desktop\cnet2_ComboFix_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP1\A0000562.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\06112012_175440\C_Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll a variant of Win32/Kryptik.AGJV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
I:\465_G\maxtor\021907_viao_D\updates\sspsetup1_.exe probably a variant of Win32/Agent.EZSDFRQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#12
Maniac
Posted 12 June 2012 - 04:09 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,969 posts
  • Gender:Male
  • Location:Bulgaria, EU
How are things now?
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#13
drwizzz
Posted 12 June 2012 - 05:42 PM

    New Member

  • Members
  • Pip
  • 30 posts
The re-direct in IE has stopped.

I have done searches in Crome and Firefox and they seem to working fine now.

The "rundll.exe" hangup when the computer shuts down has stopped.

Things look good...

THANK YOU, THANK YOU, THANK YOU!

#14
Maniac
Posted 12 June 2012 - 05:51 PM

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 16,969 posts
  • Gender:Male
  • Location:Bulgaria, EU
Glad I could help! :)

Please run OTL and then click on CleanUp button.

Please uninstall ESET Online Scanner and manually delete aswMBR.

Some malware prevention tips:
http://forums.malwar...=0


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

#15
LDTate
Posted 15 June 2012 - 05:57 PM

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 20,060 posts
  • Gender:Male
  • Location:Missouri, USA
Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Consumer Support Specialist

Posted Image

Follow us: Twitter, Become a fan: Facebook
Back to Resolved HijackThis Logs · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Computer Help
  3. Malware Removal - HijackThis Logs
  4. Resolved HijackThis Logs

Products

About

Partners

Follow Us