TechSpot

Dirty laptop!

By Quinnbeast
Jul 26, 2012
  1. Afternoon folks!

    I've been taking a look at my wife's laptop recently for some long overdue care and maintenance. Malwarebytes has thrown up a few issues, and my spidey senses are telling me that a simple scan isn't showing all the nasties hiding in there. We've had the odd issue with rogue virus scanners ("PC Optimizer") - and some of the items that M'bytes has found have since shown up again a week or so later. Any input greatly appreciated.

    MB log, GMER log and Attach/DDS log as follows:

    ***( and before I forget, a ran an ESET scan before I landed here that showed the following) -

    C:\ProgramData\Codecv\uninstall.exeWin32/Adware.MultiPlug.A applicationcleaned by deleting - quarantined
    C:\Users\Lindsay\Desktop\Downloads\Codec-C (98).exeWin32/InstallMate.Gen applicationcleaned by deleting - quarantined
    C:\Windows\Temp\RegistryOptimizer.exea variant of Win32/SpeedingUpMyPC applicationcleaned by deleting - quarantined

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.26.08

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Tone :: LINDSAY-PC [administrator]

    26/07/2012 10:23:39
    mbam-log-2012-07-26 (10-23-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 197354
    Time elapsed: 9 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 7
    HKCR\CLSID\{65B633F7-3AA6-B7C7-D756-C02A718A69E3} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65B633F7-3AA6-B7C7-D756-C02A718A69E3} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{65B633F7-3AA6-B7C7-D756-C02A718A69E3} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{65B633F7-3AA6-B7C7-D756-C02A718A69E3} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKCR\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CodecUpdater (Trojan.Dropper.H) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\ProgramData\Codecv\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully.
    C:\ProgramData\CodecUpdate\ix_updater.exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.
    C:\Users\Tone\Local Settings\Temporary Internet Files\Content.IE5\5Z4B3KTT\updater[1].exe (Trojan.Dropper.H) -> Quarantined and deleted successfully.

    (end)


    ------------------------------------------------------------------------------------




    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-07-26 12:58:25
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00
    Running: ybqiv2p3.exe; Driver: C:\Users\Tone\AppData\Local\Temp\kwtiafob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----

    ------------------------------------------------------------------------------------



    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 04/10/2009 00:05:18
    System Uptime: 26/07/2012 13:05:46 (0 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | N/A | 2000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 223 GiB total, 115.986 GiB free.
    D: is Removable
    E: is Removable
    F: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    7-Zip 4.65
    AC3Filter 1.62b
    ActionReplay Xbox
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.2
    ArcSoft Magic-I Visual Effects 2
    ArcSoft WebCam Companion 2
    Choice Guard
    Click to Disc
    Click to Disc Editor
    Codecv
    DivX Setup
    ESET Online Scanner v3
    Google Chrome
    Google Update Helper
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 24
    Malwarebytes Anti-Malware version 1.62.0.1300
    Me&My VAIO
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Transfer
    OpenMG Secure Module 5.3.00
    Primo
    Realtek High Definition Audio Driver
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy Media Creator 10 LJ
    Roxio Easy Media Creator Home
    Runtime
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Setting Utility Series
    Skype™ 4.2
    Software Info for Me&My VAIO
    Sony Home Network Library
    Sony Picture Utility
    Sony Video Shared Library
    Spotify
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VAIO Content Folder Setting
    VAIO Content Folder Watcher
    VAIO Content Metadata Intelligent Analyzing Manager
    VAIO Content Metadata Manager Setting
    VAIO Content Metadata XML Interface Library
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data Basic
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Launcher
    VAIO Marketing Tools
    VAIO Media plus
    VAIO Media plus Opening Movie
    VAIO Movie Story
    VAIO Movie Story 1.5 Upgrade
    VAIO Movie Story Template Data
    VAIO MusicBox
    VAIO MusicBox Sample Music
    VAIO Original Function Setting
    VAIO Power Management
    VAIO Presentation Support
    VAIO Smart Network
    VAIO Update
    VAIO Wallpaper Contents
    VC80CRTRedist - 8.0.50727.6195
    Web Assistant 2.0.0.439
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    WinDVD for VAIO
    XBCD Uninstaller
    .
    ==== Event Viewer Messages From Past Week ========
    .
    26/07/2012 13:06:56, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    23/07/2012 13:06:31, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.423.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    20/07/2012 17:41:30, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 00242BF38A8F has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Run by Tone at 13:19:03 on 2012-07-26
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.1822 [GMT 1:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Sony\Network Utility\NSUService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\igfxext.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Sony\Network Utility\LANUtil.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Windows\System32\svchost.exe -k wdisvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = hxxp://mystart.incredibar.com/mb139?a=6OyICepM2y&I=26
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=EU01
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Web Assistant: {336d0c35-8a85-403a-b9d2-65c292c39087} - c:\program files\web assistant\Extension32.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Search the Web - c:\program files\sweetim\toolbars\internet explorer\resources\menuext.html
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{4413101C-9BCC-42C3-9561-FD43F244B389} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{B782F2DC-03A4-43F3-A193-911035262425} : DhcpNameServer = 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 171064]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2009-3-31 303104]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
    R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-I visual effects 2\uCamMonitor.exe [2009-3-31 104960]
    R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2009-3-4 415592]
    R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-3-5 5189992]
    R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-7-21 185856]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-3-31 17920]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-3-4 9344]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-26 135664]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-26 135664]
    S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
    S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
    S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2009-3-31 120104]
    S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\common files\sony shared\sohlib\SOHDBSvr.exe [2009-3-31 70952]
    S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2009-3-31 390440]
    S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2009-3-31 75048]
    S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\common files\sony shared\sohlib\SOHPlMgr.exe [2009-3-31 91432]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2009-3-31 394536]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2009-3-31 83240]
    S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-1-13 722288]
    S3 xbreader;ActionReplay XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [2010-1-15 19677]
    .
    =============== Created Last 30 ================
    .
    2012-07-26 11:59:466891424----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\{55c2f3f3-8418-42fa-a22f-c4650662cbbd}\mpengine.dll
    2012-07-26 10:21:17--------d-----w-c:\program files\ESET
    2012-07-24 18:41:436891424----a-w-c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-07-23 17:41:06471552----a-w-c:\windows\system32\secproc_isv.dll
    2012-07-23 17:41:06471552----a-w-c:\windows\system32\secproc.dll
    2012-07-23 17:41:04526336----a-w-c:\windows\system32\RMActivate_isv.exe
    2012-07-23 17:41:03518144----a-w-c:\windows\system32\RMActivate.exe
    2012-07-23 17:41:03347136----a-w-c:\windows\system32\RMActivate_ssp.exe
    2012-07-23 17:41:03346624----a-w-c:\windows\system32\RMActivate_ssp_isv.exe
    2012-07-23 17:41:02332288----a-w-c:\windows\system32\msdrm.dll
    2012-07-23 17:41:02152576----a-w-c:\windows\system32\secproc_ssp_isv.dll
    2012-07-23 17:41:02152064----a-w-c:\windows\system32\secproc_ssp.dll
    2012-07-21 13:27:47--------d-----w-c:\programdata\CodecUpdate
    2012-07-21 13:26:55--------d-----w-c:\program files\Web Assistant
    2012-07-21 13:26:23--------d-----w-c:\programdata\Codecv
    2012-07-12 18:34:392047488----a-w-c:\windows\system32\win32k.sys
    2012-07-11 17:45:55984064----a-w-c:\windows\system32\crypt32.dll
    2012-07-11 17:45:5598304----a-w-c:\windows\system32\cryptnet.dll
    2012-07-11 17:45:55133120----a-w-c:\windows\system32\cryptsvc.dll
    2012-07-11 17:45:48708608----a-w-c:\program files\common files\system\ado\msado15.dll
    2012-07-11 17:45:461401856----a-w-c:\windows\system32\msxml6.dll
    2012-07-11 17:45:461248768----a-w-c:\windows\system32\msxml3.dll
    2012-07-11 17:45:45440704----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 17:45:45278528----a-w-c:\windows\system32\schannel.dll
    2012-07-11 17:45:45204288----a-w-c:\windows\system32\ncrypt.dll
    2012-07-03 20:14:36713784------w-c:\programdata\microsoft\microsoft antimalware\definition updates\{80659e36-41a4-49c6-a329-1bcab4943d80}\gapaengine.dll
    .
    ==================== Find3M ====================
    .
    2012-07-03 12:46:4422344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:12:322422272----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:12:1388576----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 14:19:42171904----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 14:12:2033792----a-w-c:\windows\system32\wuapp.exe
    2012-06-02 08:33:251800192----a-w-c:\windows\system32\jscript9.dll
    2012-06-02 08:25:081129472----a-w-c:\windows\system32\wininet.dll
    2012-06-02 08:25:031427968----a-w-c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20:33142848----a-w-c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16:522382848----a-w-c:\windows\system32\mshtml.tlb
    2012-05-01 14:03:49180736----a-w-c:\windows\system32\drivers\rdpwd.sys
    .
    ============= FINISH: 13:19:58.59 ===============
     
  2. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hello hello!

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
     
  3. Quinnbeast

    Quinnbeast TS Rookie Topic Starter Posts: 28

    Hey Dragon, thanks for getting back to me.

    Combofix report/log as follows:

    ComboFix 12-07-27.02 - Tone 26/07/2012 17:58:25.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.1621 [GMT 1:00]
    Running from: c:\users\Tone\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\Web Assistant\ExTEnsion32.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-26 12:19 . 2012-07-26 12:1929904----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55C2F3F3-8418-42FA-A22F-C4650662CBBD}\MpKsl9953dc42.sys
    2012-07-26 11:59 . 2012-06-29 08:446891424----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{55C2F3F3-8418-42FA-A22F-C4650662CBBD}\mpengine.dll
    2012-07-26 10:21 . 2012-07-26 10:21--------d-----w-c:\program files\ESET
    2012-07-24 18:41 . 2012-06-29 08:446891424----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-23 17:41 . 2010-01-25 12:00471552----a-w-c:\windows\system32\secproc_isv.dll
    2012-07-23 17:41 . 2010-01-25 12:00471552----a-w-c:\windows\system32\secproc.dll
    2012-07-23 17:41 . 2010-01-25 08:21526336----a-w-c:\windows\system32\RMActivate_isv.exe
    2012-07-23 17:41 . 2010-01-25 08:21346624----a-w-c:\windows\system32\RMActivate_ssp_isv.exe
    2012-07-23 17:41 . 2010-01-25 08:21518144----a-w-c:\windows\system32\RMActivate.exe
    2012-07-23 17:41 . 2010-01-25 08:21347136----a-w-c:\windows\system32\RMActivate_ssp.exe
    2012-07-23 17:41 . 2010-01-25 12:00152576----a-w-c:\windows\system32\secproc_ssp_isv.dll
    2012-07-23 17:41 . 2010-01-25 12:00152064----a-w-c:\windows\system32\secproc_ssp.dll
    2012-07-23 17:41 . 2010-01-25 11:58332288----a-w-c:\windows\system32\msdrm.dll
    2012-07-21 13:27 . 2012-07-26 09:34--------d-----w-c:\programdata\CodecUpdate
    2012-07-21 13:27 . 2012-07-21 13:27454----a-w-C:\user.js
    2012-07-21 13:26 . 2012-07-26 17:02--------d-----w-c:\program files\Web Assistant
    2012-07-21 13:26 . 2012-07-26 10:43--------d-----w-c:\programdata\Codecv
    2012-07-12 18:34 . 2012-06-13 13:402047488----a-w-c:\windows\system32\win32k.sys
    2012-07-11 17:45 . 2012-04-23 16:00984064----a-w-c:\windows\system32\crypt32.dll
    2012-07-11 17:45 . 2012-04-23 16:0098304----a-w-c:\windows\system32\cryptnet.dll
    2012-07-11 17:45 . 2012-04-23 16:00133120----a-w-c:\windows\system32\cryptsvc.dll
    2012-07-11 17:45 . 2012-06-05 16:47708608----a-w-c:\program files\Common Files\System\ado\msado15.dll
    2012-07-11 17:45 . 2012-06-05 16:471401856----a-w-c:\windows\system32\msxml6.dll
    2012-07-11 17:45 . 2012-06-05 16:471248768----a-w-c:\windows\system32\msxml3.dll
    2012-07-11 17:45 . 2012-06-04 15:26440704----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 17:45 . 2012-06-02 00:04278528----a-w-c:\windows\system32\schannel.dll
    2012-07-11 17:45 . 2012-06-02 00:03204288----a-w-c:\windows\system32\ncrypt.dll
    2012-07-03 20:14 . 2012-02-11 19:03713784------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80659E36-41A4-49C6-A329-1BCAB4943D80}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-03 12:46 . 2011-03-10 10:1822344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:19 . 2012-06-23 13:4345080----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-23 13:4353784----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-23 13:4335864----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-23 13:43577048----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-23 13:431933848----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-23 13:432422272----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-23 13:4388576----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 14:19 . 2012-06-23 13:43171904----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 14:12 . 2012-06-23 13:4333792----a-w-c:\windows\system32\wuapp.exe
    2012-05-01 14:03 . 2012-06-14 18:52180736----a-w-c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-22 274432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-29 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-29 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-29 145944]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2009-01-19 19:4998304----a-w-c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 18:17952768----a-w-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:4236272----a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:081259376----a-w-c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25125952----a-w-c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
    2009-03-31 20:3026112----a-w-c:\program files\Sony\Marketing Tools\MarketingTools.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2008-12-03 05:413882312----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2009-01-06 02:046703648----a-w-c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2009-01-06 02:051833504----a-w-c:\program files\Realtek\Audio\HDA\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 14:49249064----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25202240----a-w-c:\program files\Windows Media Player\wmpnscfg.exe
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSL9953DC42
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 23:18]
    .
    2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 23:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mystart.incredibar.com/mb139?a=6OyICepM2y&I=26
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: Search the Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    TCP: DhcpNameServer = 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
    MSConfigStartUp-CrossRiderPlugin - c:\program files\CrossriderWebApps\Crossrider.exe
    MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
    MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    MSConfigStartUp-lvhpvmkq - c:\users\Lindsay\AppData\Local\gjfdmucix\jbudbcftssd.exe
    MSConfigStartUp-NortonOnlineBackupReminder - c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe
    MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-26 18:03
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b4
    .
    Completion time: 2012-07-26 18:04:31
    ComboFix-quarantined-files.txt 2012-07-26 17:04
    .
    Pre-Run: 121,785,671,680 bytes free
    Post-Run: 153,380,171,776 bytes free
    .
    - - End Of File - - 4F28FED21C278E8B95278EDA86FF4C13
     
  4. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
     
  5. Quinnbeast

    Quinnbeast TS Rookie Topic Starter Posts: 28

    Okies - done & done.

    ComboFix 12-07-27.02 - Tone 27/07/2012 19:08:10.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.1880 [GMT 1:00]
    Running from: c:\users\Tone\Desktop\ComboFix.exe
    Command switches used :: c:\users\Tone\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-27 18:13 . 2012-07-27 18:13--------d-----w-c:\users\Tone\AppData\Local\temp
    2012-07-27 18:13 . 2012-07-27 18:13--------d-----w-c:\users\Lindsay\AppData\Local\temp
    2012-07-27 18:13 . 2012-07-27 18:13--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-26 17:05 . 2012-06-29 08:446891424----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE3D9165-F090-4EBE-BFCF-824DFBBA3228}\mpengine.dll
    2012-07-26 10:21 . 2012-07-26 10:21--------d-----w-c:\program files\ESET
    2012-07-24 18:41 . 2012-06-29 08:446891424----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-23 17:41 . 2010-01-25 12:00471552----a-w-c:\windows\system32\secproc_isv.dll
    2012-07-23 17:41 . 2010-01-25 12:00471552----a-w-c:\windows\system32\secproc.dll
    2012-07-23 17:41 . 2010-01-25 08:21526336----a-w-c:\windows\system32\RMActivate_isv.exe
    2012-07-23 17:41 . 2010-01-25 08:21346624----a-w-c:\windows\system32\RMActivate_ssp_isv.exe
    2012-07-23 17:41 . 2010-01-25 08:21518144----a-w-c:\windows\system32\RMActivate.exe
    2012-07-23 17:41 . 2010-01-25 08:21347136----a-w-c:\windows\system32\RMActivate_ssp.exe
    2012-07-23 17:41 . 2010-01-25 12:00152576----a-w-c:\windows\system32\secproc_ssp_isv.dll
    2012-07-23 17:41 . 2010-01-25 12:00152064----a-w-c:\windows\system32\secproc_ssp.dll
    2012-07-23 17:41 . 2010-01-25 11:58332288----a-w-c:\windows\system32\msdrm.dll
    2012-07-21 13:27 . 2012-07-26 09:34--------d-----w-c:\programdata\CodecUpdate
    2012-07-21 13:27 . 2012-07-21 13:27454----a-w-C:\user.js
    2012-07-21 13:26 . 2012-07-26 17:02--------d-----w-c:\program files\Web Assistant
    2012-07-21 13:26 . 2012-07-26 10:43--------d-----w-c:\programdata\Codecv
    2012-07-12 18:34 . 2012-06-13 13:402047488----a-w-c:\windows\system32\win32k.sys
    2012-07-11 17:45 . 2012-04-23 16:00984064----a-w-c:\windows\system32\crypt32.dll
    2012-07-11 17:45 . 2012-04-23 16:0098304----a-w-c:\windows\system32\cryptnet.dll
    2012-07-11 17:45 . 2012-04-23 16:00133120----a-w-c:\windows\system32\cryptsvc.dll
    2012-07-11 17:45 . 2012-06-05 16:47708608----a-w-c:\program files\Common Files\System\ado\msado15.dll
    2012-07-11 17:45 . 2012-06-05 16:471401856----a-w-c:\windows\system32\msxml6.dll
    2012-07-11 17:45 . 2012-06-05 16:471248768----a-w-c:\windows\system32\msxml3.dll
    2012-07-11 17:45 . 2012-06-04 15:26440704----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 17:45 . 2012-06-02 00:04278528----a-w-c:\windows\system32\schannel.dll
    2012-07-11 17:45 . 2012-06-02 00:03204288----a-w-c:\windows\system32\ncrypt.dll
    2012-07-03 20:14 . 2012-02-11 19:03713784------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80659E36-41A4-49C6-A329-1BCAB4943D80}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-03 12:46 . 2011-03-10 10:1822344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:19 . 2012-06-23 13:4345080----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-23 13:4353784----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-23 13:4335864----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-23 13:43577048----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-23 13:431933848----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-23 13:432422272----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-23 13:4388576----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 14:19 . 2012-06-23 13:43171904----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 14:12 . 2012-06-23 13:4333792----a-w-c:\windows\system32\wuapp.exe
    2012-05-01 14:03 . 2012-06-14 18:52180736----a-w-c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-22 274432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-29 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-29 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-29 145944]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2009-01-19 19:4998304----a-w-c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 18:17952768----a-w-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:4236272----a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:081259376----a-w-c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25125952----a-w-c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
    2009-03-31 20:3026112----a-w-c:\program files\Sony\Marketing Tools\MarketingTools.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2008-12-03 05:413882312----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2009-01-06 02:046703648----a-w-c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2009-01-06 02:051833504----a-w-c:\program files\Realtek\Audio\HDA\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 14:49249064----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25202240----a-w-c:\program files\Windows Media Player\wmpnscfg.exe
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 23:18]
    .
    2012-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 23:18]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://mystart.incredibar.com/mb139?a=6OyICepM2y&I=26
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-27 19:13
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b4
    .
    Completion time: 2012-07-27 19:14:33
    ComboFix-quarantined-files.txt 2012-07-27 18:14
    ComboFix2.txt 2012-07-26 17:04
    .
    Pre-Run: 153,744,363,520 bytes free
    Post-Run: 153,810,075,648 bytes free
    .
    - - End Of File - - B5D8628E40AB36C45AF4C22CFA277263
     
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
     
  7. Quinnbeast

    Quinnbeast TS Rookie Topic Starter Posts: 28

    CFScript log as follows :

    (I'll post the ESET scan results later)


    ComboFix 12-07-27.02 - Tone 29/07/2012 18:09:37.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.1880 [GMT 1:00]
    Running from: c:\users\Tone\Desktop\ComboFix.exe
    Command switches used :: c:\users\Tone\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-29 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-29 17:15 . 2012-07-29 17:15--------d-----w-c:\users\Tone\AppData\Local\temp
    2012-07-29 17:15 . 2012-07-29 17:15--------d-----w-c:\users\Lindsay\AppData\Local\temp
    2012-07-29 17:15 . 2012-07-29 17:15--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-28 23:32 . 2012-06-29 08:446891424----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0508675D-5D9A-4BB2-8644-009E1DF97A00}\mpengine.dll
    2012-07-27 18:29 . 2012-06-29 08:446891424----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-26 10:21 . 2012-07-26 10:21--------d-----w-c:\program files\ESET
    2012-07-23 17:41 . 2010-01-25 12:00471552----a-w-c:\windows\system32\secproc_isv.dll
    2012-07-23 17:41 . 2010-01-25 12:00471552----a-w-c:\windows\system32\secproc.dll
    2012-07-23 17:41 . 2010-01-25 08:21526336----a-w-c:\windows\system32\RMActivate_isv.exe
    2012-07-23 17:41 . 2010-01-25 08:21346624----a-w-c:\windows\system32\RMActivate_ssp_isv.exe
    2012-07-23 17:41 . 2010-01-25 08:21518144----a-w-c:\windows\system32\RMActivate.exe
    2012-07-23 17:41 . 2010-01-25 08:21347136----a-w-c:\windows\system32\RMActivate_ssp.exe
    2012-07-23 17:41 . 2010-01-25 12:00152576----a-w-c:\windows\system32\secproc_ssp_isv.dll
    2012-07-23 17:41 . 2010-01-25 12:00152064----a-w-c:\windows\system32\secproc_ssp.dll
    2012-07-23 17:41 . 2010-01-25 11:58332288----a-w-c:\windows\system32\msdrm.dll
    2012-07-21 13:27 . 2012-07-26 09:34--------d-----w-c:\programdata\CodecUpdate
    2012-07-21 13:27 . 2012-07-21 13:27454----a-w-C:\user.js
    2012-07-21 13:26 . 2012-07-26 17:02--------d-----w-c:\program files\Web Assistant
    2012-07-21 13:26 . 2012-07-26 10:43--------d-----w-c:\programdata\Codecv
    2012-07-12 18:34 . 2012-06-13 13:402047488----a-w-c:\windows\system32\win32k.sys
    2012-07-11 17:45 . 2012-04-23 16:00984064----a-w-c:\windows\system32\crypt32.dll
    2012-07-11 17:45 . 2012-04-23 16:0098304----a-w-c:\windows\system32\cryptnet.dll
    2012-07-11 17:45 . 2012-04-23 16:00133120----a-w-c:\windows\system32\cryptsvc.dll
    2012-07-11 17:45 . 2012-06-05 16:47708608----a-w-c:\program files\Common Files\System\ado\msado15.dll
    2012-07-11 17:45 . 2012-06-05 16:471401856----a-w-c:\windows\system32\msxml6.dll
    2012-07-11 17:45 . 2012-06-05 16:471248768----a-w-c:\windows\system32\msxml3.dll
    2012-07-11 17:45 . 2012-06-04 15:26440704----a-w-c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 17:45 . 2012-06-02 00:04278528----a-w-c:\windows\system32\schannel.dll
    2012-07-11 17:45 . 2012-06-02 00:03204288----a-w-c:\windows\system32\ncrypt.dll
    2012-07-03 20:14 . 2012-02-11 19:03713784------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{80659E36-41A4-49C6-A329-1BCAB4943D80}\gapaengine.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-03 12:46 . 2011-03-10 10:1822344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:19 . 2012-06-23 13:4345080----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-23 13:4353784----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-23 13:4335864----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-23 13:43577048----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-23 13:431933848----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-23 13:432422272----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-23 13:4388576----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 14:19 . 2012-06-23 13:43171904----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 14:12 . 2012-06-23 13:4333792----a-w-c:\windows\system32\wuapp.exe
    2012-05-01 14:03 . 2012-06-14 18:52180736----a-w-c:\windows\system32\drivers\rdpwd.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-22 274432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-29 150040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-29 170520]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-29 145944]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2009-01-19 19:4998304----a-w-c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-03-24 18:17952768----a-w-c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-04-04 05:4236272----a-w-c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:081259376----a-w-c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25125952----a-w-c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
    2009-03-31 20:3026112----a-w-c:\program files\Sony\Marketing Tools\MarketingTools.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2008-12-03 05:413882312----a-w-c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2009-01-06 02:046703648----a-w-c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
    2009-01-06 02:051833504----a-w-c:\program files\Realtek\Audio\HDA\SkyTel.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-10-29 14:49249064----a-w-c:\program files\Common Files\Java\Java Update\jusched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25202240----a-w-c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonationREG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 23:18]
    .
    2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-25 23:18]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.1.254
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-29 18:15
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b4
    .
    Completion time: 2012-07-29 18:16:44
    ComboFix-quarantined-files.txt 2012-07-29 17:16
    ComboFix2.txt 2012-07-27 18:14
    ComboFix3.txt 2012-07-26 17:04
    .
    Pre-Run: 160,342,560,768 bytes free
    Post-Run: 160,315,666,432 bytes free
    .
    - - End Of File - - CBE57F2E8FBA09C94799F68E0E53548A
     
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    OKay. Just waiting on ESET scan results. Thanks!
     
  9. Quinnbeast

    Quinnbeast TS Rookie Topic Starter Posts: 28

    As mentioned in the first post, I had run an Eset scan prior to posting here. The three files listed there are still listed in the new log... I'm assuming that's due to them being quarantined rather than deleted. I didn't get an ActiveX prompt either ... I ran the exe via Chrome rather than in-browser as per IE. Not sure if that makes any difference.

    Eset scan log -Chrome rather

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=d1da563eff5b5d44bd3aa12e032f772c
    # end=stopped
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-26 11:52:03
    # local_time=2012-07-26 12:52:03 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=5892 16776574 100 100 43598920 180830954 0 0
    # compatibility_mode=8192 67108863 100 0 149 149 0 0
    # scanned=88770
    # found=3
    # cleaned=3
    # scan_time=5297
    C:\ProgramData\Codecv\uninstall.exeWin32/Adware.MultiPlug.A application (cleaned by deleting - quarantined)00000000000000000000000000000000C
    C:\Users\Lindsay\Desktop\Downloads\Codec-C (98).exeWin32/InstallMate.Gen application (cleaned by deleting - quarantined)00000000000000000000000000000000C
    C:\Windows\Temp\RegistryOptimizer.exea variant of Win32/SpeedingUpMyPC application (cleaned by deleting - quarantined)00000000000000000000000000000000C
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=d1da563eff5b5d44bd3aa12e032f772c
    # end=finished
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-29 07:43:43
    # local_time=2012-07-29 08:43:43 (+0000, GMT Daylight Time)
    # country="United Kingdom"
    # lang=1033
    # osver=6.0.6002 NT Service Pack 2
    # compatibility_mode=5892 16776574 100 100 43888519 181120553 0 0
    # compatibility_mode=8192 67108863 100 0 289748 289748 0 0
    # scanned=120651
    # found=0
    # cleaned=0
    # scan_time=3197
     
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  11. Quinnbeast

    Quinnbeast TS Rookie Topic Starter Posts: 28

    No obvious issues that we can think of apart from those I listed at the start (and certainly not in the last few days). I logged onto the admin account a few days ago and there was a "PC Optimzer" program running that neither of us had knowingly installed. There was a small popup via the taskbar that claimed to have found multiple issues. This came with a legit-looking entry within Programs & Features, which has now been uninstalled. I'm unsure if this was a "extra" that installed alongside another program, or if it was rogue/fake scanner. No issues with it since I started this thread.

    A few of the files - although I forget exactly which, recurred under Malwarebytes even though they were cleaned out a few days previously (both scans were prior to this thread).

    Besides these two issues, there's nothing else that would have made us suspicious.
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Thanks for the info.

    Download OTL.exe by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan and let the program run uninterrupted.
    • It will produce a log for you: OTL.txt. Please post that.
    • You may need to use two posts to get it all.
     
  13. Quinnbeast

    Quinnbeast TS Rookie Topic Starter Posts: 28

    OTL logfile created on: 30/07/2012 19:03:55 - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Tone\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.87 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 62.82% Memory free
    5.97 Gb Paging File | 4.86 Gb Available in Paging File | 81.39% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.11 Gb Total Space | 147.50 Gb Free Space | 66.11% Space Free | Partition Type: NTFS

    Computer Name: LINDSAY-PC | User Name: Tone | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/30 19:03:13 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Tone\Desktop\OTL.exe
    PRC - [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2012/05/08 15:13:28 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2010/04/09 14:37:34 | 001,459,568 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    PRC - [2010/04/09 14:37:34 | 000,722,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
    PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2009/03/05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    PRC - [2009/03/05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    PRC - [2009/01/19 20:49:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2009/01/19 20:49:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2008/12/22 07:30:32 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
    PRC - [2008/12/22 05:55:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
    PRC - [2008/12/19 23:02:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    PRC - [2008/12/19 23:02:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    PRC - [2008/12/18 18:53:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    PRC - [2008/09/18 18:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
    PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/26 10:53:02 | 004,051,456 | ---- | M] () -- C:\Users\Tone\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll
    MOD - [2012/07/26 10:53:02 | 000,100,864 | ---- | M] () -- C:\Users\Tone\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll
    MOD - [2012/07/10 05:09:00 | 000,438,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
    MOD - [2012/07/10 05:08:59 | 003,972,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
    MOD - [2012/07/10 05:07:22 | 000,140,328 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
    MOD - [2012/07/10 05:07:21 | 000,262,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
    MOD - [2012/07/10 05:07:19 | 002,386,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
    MOD - [2012/07/10 03:17:27 | 009,255,112 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    MOD - [2012/06/15 21:34:49 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
    MOD - [2012/06/15 21:34:34 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
    MOD - [2012/05/13 20:56:18 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll
    MOD - [2012/05/13 20:56:17 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
    MOD - [2012/05/13 20:56:15 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/13 20:56:12 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
    MOD - [2012/05/13 20:56:11 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
    MOD - [2012/05/13 20:54:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
    MOD - [2012/05/13 20:53:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
    MOD - [2012/05/13 20:52:11 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
    MOD - [2012/05/13 20:52:03 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
    MOD - [2011/12/27 03:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    MOD - [2010/04/09 14:37:32 | 000,065,536 | ---- | M] () -- C:\Program Files\Sony\VAIO Update 5\VUAgentPS.dll
    MOD - [2009/03/04 22:35:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
    MOD - [2009/03/04 22:35:56 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/05/08 15:13:28 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/04/09 14:37:34 | 000,722,288 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/03/05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2009/03/05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2009/03/05 19:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2009/03/05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2009/01/20 19:56:06 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
    SRV - [2009/01/20 19:52:18 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
    SRV - [2009/01/20 19:51:48 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
    SRV - [2009/01/20 19:51:18 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
    SRV - [2009/01/20 19:50:48 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
    SRV - [2009/01/20 00:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV - [2009/01/19 20:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2009/01/17 05:59:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
    SRV - [2009/01/08 08:10:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
    SRV - [2008/12/22 05:55:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
    SRV - [2008/12/19 23:02:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV - [2008/09/18 18:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tone\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2009/01/06 21:14:38 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/11/25 08:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
    DRV - [2008/11/19 01:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2008/10/23 01:02:29 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/10/23 01:02:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
    DRV - [2008/10/23 01:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2008/06/07 01:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2008/04/24 22:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV - [2008/01/25 03:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
    DRV - [2001/01/02 23:53:30 | 000,019,677 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xbreader.sys -- (xbreader)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{5DC6821D-6FDA-41E5-841E-DB507AC4035A}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SNYT

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 6C 48 57 BA 6D CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKCU\..\SearchScopes\{5DC6821D-6FDA-41E5-841E-DB507AC4035A}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6OyICepM2y&I=26
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/12/03 19:03:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/26 23:34:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/07/21 14:26:57 | 000,000,000 | ---D | M]

    [2011/12/22 17:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/28 20:26:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2011/03/10 11:17:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Codecv = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\anafmgnapjcehdioglmbbfhpmekejgki\1.0_0\
    CHR - Extension: WOT = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.0_0\
    CHR - Extension: YouTube = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Codec-V = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.19.57_0\crossrider
    CHR - Extension: Codec-V = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.19.57_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/26 18:03:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4413101C-9BCC-42C3-9561-FD43F244B389}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B782F2DC-03A4-43F3-A193-911035262425}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/30 19:03:15 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Tone\Desktop\OTL.exe
    [2012/07/29 18:32:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/29 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Tone\AppData\Local\temp
    [2012/07/29 18:16:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/29 18:08:00 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/07/26 17:57:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/26 17:57:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/26 17:57:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/26 17:57:20 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/26 17:57:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/26 17:51:51 | 004,719,912 | R--- | C] (Swearware) -- C:\Users\Tone\Desktop\ComboFix.exe
    [2012/07/26 13:17:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tone\Desktop\dds.scr
    [2012/07/26 11:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/07/21 14:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\CodecUpdate
    [2012/07/21 14:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
    [2012/07/21 14:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
    [2012/07/21 14:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv

    ========== Files - Modified Within 30 Days ==========

    [2012/07/30 19:03:13 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Tone\Desktop\OTL.exe
    [2012/07/30 18:58:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/30 18:33:59 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 18:33:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 18:33:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/30 18:33:52 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/30 00:25:59 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/26 18:03:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/07/26 17:51:46 | 004,719,912 | R--- | M] (Swearware) -- C:\Users\Tone\Desktop\ComboFix.exe
    [2012/07/26 13:17:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tone\Desktop\dds.scr
    [2012/07/26 11:02:28 | 000,302,592 | ---- | M] () -- C:\Users\Tone\Desktop\8fbntyme.exe
    [2012/07/23 19:42:23 | 000,602,478 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/07/23 19:42:23 | 000,106,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/07/23 18:37:22 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/21 14:27:13 | 000,000,454 | ---- | M] () -- C:\user.js
    [2012/07/12 20:24:09 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/07/12 19:54:09 | 000,349,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/07/26 17:57:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/26 17:57:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/26 17:57:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/26 17:57:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/26 17:57:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/26 11:02:34 | 000,302,592 | ---- | C] () -- C:\Users\Tone\Desktop\8fbntyme.exe
    [2012/07/21 14:27:13 | 000,000,454 | ---- | C] () -- C:\user.js
    [2010/06/29 21:00:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/10/05 18:49:51 | 000,018,432 | ---- | C] () -- C:\Users\Tone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== LOP Check ==========

    [2012/07/30 00:29:03 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    < End of report >
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Please run OTL

    Please run OTL again...
    • Under the Custom Scan box paste this in:

      msconfig
      safebootminimal
      activex
      drivers32
      netsvcs
      CreateRestorePoint
      %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
      %AppData%\Local\
      %systemroot%\system32\sysprep
      *.xpi /md5
      %systemroot%\Downloaded Program Files\
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      hklm\software\clients\startmenuinternet|command /rs
      hklm\software\clients\startmenuinternet|command /64 /rs
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\system32\drivers\*.sys /90
      %systemroot%\System32\config\*.sav
      %SYSTEMDRIVE%\*.exe /md5
      "%WinDir%\$NtUninstallKB*$." /30
      %systemdrive%\Program Files\Common Files\ComObjects\*.* /s
      %systemroot%\*. /mp /s
      %systemroot%\*. /rp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\Installer\ /s
      %systemroot%\system32\Cache\ /s
      %systemroot%\system32\config\systemprofile\Application Data /s
      %PROGRAMFILES%\*.
      %appdata%\*.*
      /md5start
      volsnap.sys
      services.exe
      userinit.exe
      afd.sys
      tcpip.sys
      netbt.sys
      ipsec.sys
      dnsrslvr.dll
      ipnathlp.dll
      netman.dll
      WMIsvc.dll
      srsvc.dll
      sr.sys
      wscsvc.dll
      wuauserv.dll
      qmgr.dll
      es.dll
      cryptsvc.dll
      svchost.exe
      rpcss.dll
      tdx.sys
      wininit.exe
      winlogon.exe
      atapi.sys
      explorer.exe
      /md5stop
    • Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time
     
  15. Quinnbeast

    Quinnbeast TS Rookie Topic Starter Posts: 28

    Log from Moved Files as follows :

    All processes killed
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    C:\Users\Tone\Desktop\8fbntyme.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Lindsay
    ->Temp folder emptied: 32373 bytes
    ->Temporary Internet Files folder emptied: 4805409 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 108170310 bytes
    ->Google Chrome cache emptied: 413169234 bytes
    ->Flash cache emptied: 35223 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: Tone
    ->Temp folder emptied: 32609 bytes
    ->Temporary Internet Files folder emptied: 5212480 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 91070575 bytes
    ->Flash cache emptied: 12617 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 14498 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 594.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 07302012_233226

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
     
  16. Quinnbeast

    Quinnbeast TS Rookie Topic Starter Posts: 28

    Hmm, that second scan only produced an OLT log file, no Extras file (be it as a pop-up at the end or saved next to OLT.)

    OTL logfile created on: 30/07/2012 23:39:43 - Run 2
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Tone\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.87 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 62.23% Memory free
    5.94 Gb Paging File | 4.84 Gb Available in Paging File | 81.52% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 223.11 Gb Total Space | 146.46 Gb Free Space | 65.64% Space Free | Partition Type: NTFS

    Computer Name: LINDSAY-PC | User Name: Tone | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/30 19:03:13 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Tone\Desktop\OTL.exe
    PRC - [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
    PRC - [2012/05/08 15:13:28 | 000,185,856 | ---- | M] () -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2010/04/09 14:37:34 | 001,459,568 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2009/03/05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    PRC - [2009/03/05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    PRC - [2009/01/19 20:49:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2009/01/19 20:49:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2008/12/22 07:30:32 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
    PRC - [2008/12/22 05:55:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
    PRC - [2008/12/19 23:02:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    PRC - [2008/12/19 23:02:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    PRC - [2008/12/18 18:53:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    PRC - [2008/09/18 18:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe
    PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/07/26 10:53:02 | 004,051,456 | ---- | M] () -- C:\Users\Tone\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libGLESv2.dll
    MOD - [2012/07/26 10:53:02 | 000,100,864 | ---- | M] () -- C:\Users\Tone\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.0.3\libEGL.dll
    MOD - [2012/07/10 05:09:00 | 000,438,296 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
    MOD - [2012/07/10 05:08:59 | 003,972,120 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
    MOD - [2012/07/10 05:07:22 | 000,140,328 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
    MOD - [2012/07/10 05:07:21 | 000,262,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
    MOD - [2012/07/10 05:07:19 | 002,386,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
    MOD - [2012/07/10 03:17:27 | 009,255,112 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    MOD - [2012/06/15 21:34:49 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
    MOD - [2012/06/15 21:34:34 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
    MOD - [2012/05/13 20:56:18 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll
    MOD - [2012/05/13 20:56:17 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
    MOD - [2012/05/13 20:56:15 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
    MOD - [2012/05/13 20:56:12 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
    MOD - [2012/05/13 20:56:11 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
    MOD - [2012/05/13 20:54:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
    MOD - [2012/05/13 20:53:37 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
    MOD - [2012/05/13 20:52:11 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
    MOD - [2012/05/13 20:52:03 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
    MOD - [2011/12/27 03:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    MOD - [2009/03/04 22:35:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
    MOD - [2009/03/04 22:35:56 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/05/08 15:13:28 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2010/04/09 14:37:34 | 000,722,288 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/03/05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2009/03/05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2009/03/05 19:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2009/03/05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2009/01/20 19:56:06 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
    SRV - [2009/01/20 19:52:18 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
    SRV - [2009/01/20 19:51:48 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
    SRV - [2009/01/20 19:51:18 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
    SRV - [2009/01/20 19:50:48 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
    SRV - [2009/01/20 00:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV - [2009/01/19 20:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2009/01/17 05:59:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
    SRV - [2009/01/08 08:10:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
    SRV - [2008/12/22 05:55:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
    SRV - [2008/12/19 23:02:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV - [2008/09/18 18:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-I Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
    SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Tone\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2009/01/06 21:14:38 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2008/11/25 08:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
    DRV - [2008/11/19 01:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2008/10/23 01:02:29 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/10/23 01:02:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
    DRV - [2008/10/23 01:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2008/06/07 01:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2008/04/24 22:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
    DRV - [2008/01/25 03:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
    DRV - [2001/01/02 23:53:30 | 000,019,677 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xbreader.sys -- (xbreader)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNYT&bmod=SNYT
    IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKLM\..\SearchScopes\{5DC6821D-6FDA-41E5-841E-DB507AC4035A}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SNYT

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 6C 48 57 BA 6D CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
    IE - HKCU\..\SearchScopes\{5DC6821D-6FDA-41E5-841E-DB507AC4035A}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7SNYT
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/12/03 19:03:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/26 23:34:25 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/07/21 14:26:57 | 000,000,000 | ---D | M]

    [2011/12/22 17:55:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/09/28 20:26:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2011/03/10 11:17:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - homepage: http://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - Extension: Codecv = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\anafmgnapjcehdioglmbbfhpmekejgki\1.0_0\
    CHR - Extension: WOT = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.3.0_0\
    CHR - Extension: YouTube = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Codec-V = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.19.57_0\crossrider
    CHR - Extension: Codec-V = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.19.57_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\Tone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/26 18:03:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4413101C-9BCC-42C3-9561-FD43F244B389}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B782F2DC-03A4-43F3-A193-911035262425}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
    MsConfig - StartUpReg: MarketingTools - hkey= - key= - C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
    MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
    MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
    MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
    MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
    MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
    MsConfig - State: "startup" - 2

    SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - Service
    SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
    SafeBootMin: NTDS - File not found
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: sacsvr - Service
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
    SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
    SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /I:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/30 23:32:26 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/07/30 19:03:15 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Tone\Desktop\OTL.exe
    [2012/07/29 18:32:47 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/29 18:16:46 | 000,000,000 | ---D | C] -- C:\Users\Tone\AppData\Local\temp
    [2012/07/29 18:16:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/29 18:08:00 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/07/26 17:57:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/26 17:57:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/26 17:57:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/26 17:57:20 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/26 17:57:08 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/26 17:51:51 | 004,719,912 | R--- | C] (Swearware) -- C:\Users\Tone\Desktop\ComboFix.exe
    [2012/07/26 13:17:54 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tone\Desktop\dds.scr
    [2012/07/26 11:21:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/07/23 18:41:06 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
    [2012/07/23 18:41:06 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
    [2012/07/23 18:41:04 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
    [2012/07/23 18:41:03 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
    [2012/07/23 18:41:03 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
    [2012/07/23 18:41:03 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
    [2012/07/23 18:41:02 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
    [2012/07/23 18:41:02 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
    [2012/07/23 18:41:02 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
    [2012/07/21 14:27:47 | 000,000,000 | ---D | C] -- C:\ProgramData\CodecUpdate
    [2012/07/21 14:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
    [2012/07/21 14:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Codecv
    [2012/07/21 14:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Codecv
    [2012/07/12 19:34:39 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2012/07/12 19:32:43 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2012/07/12 19:32:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2012/07/12 19:32:41 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2012/07/12 19:32:40 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2012/07/12 19:32:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2012/07/12 19:32:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2012/07/12 19:32:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2012/07/11 18:45:45 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

    ========== Files - Modified Within 30 Days ==========

    [2012/07/30 23:34:32 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/30 23:34:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 23:34:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 23:34:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/30 23:34:14 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/30 23:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/30 19:03:13 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Tone\Desktop\OTL.exe
    [2012/07/26 18:03:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/07/26 17:51:46 | 004,719,912 | R--- | M] (Swearware) -- C:\Users\Tone\Desktop\ComboFix.exe
    [2012/07/26 13:17:56 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tone\Desktop\dds.scr
    [2012/07/23 19:42:23 | 000,602,478 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/07/23 19:42:23 | 000,106,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/07/23 18:37:22 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/21 14:27:13 | 000,000,454 | ---- | M] () -- C:\user.js
    [2012/07/12 20:24:09 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/07/12 19:54:09 | 000,349,720 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2012/07/26 17:57:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/26 17:57:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/26 17:57:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/26 17:57:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/26 17:57:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/21 14:27:13 | 000,000,454 | ---- | C] () -- C:\user.js
    [2010/06/29 21:00:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/10/05 18:49:51 | 000,018,432 | ---- | C] () -- C:\Users\Tone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
     
  17. Quinnbeast

    Quinnbeast TS Rookie Topic Starter Posts: 28

    OLT.txt part 2...
    ========== Custom Scans ==========

    < %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

    < %AppData%\Local\ >

    < %systemroot%\system32\sysprep >

    < *.xpi /md5 >

    < %systemroot%\Downloaded Program Files\ >

    < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

    < hklm\software\clients\startmenuinternet|command /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/04 17:43:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/04 17:43:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/04 17:43:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

    < hklm\software\clients\startmenuinternet|command /64 /rs >
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/07/10 05:09:02 | 001,250,328 | ---- | M] (Google Inc.)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/05/04 17:43:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/05/04 17:43:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/05/04 17:43:04 | 000,074,240 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)
    HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2012/06/02 10:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation)

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /90 >
    [2012/06/04 16:26:04 | 000,440,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\ksecdd.sys
    [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

    < %systemroot%\System32\config\*.sav >
    [2008/01/21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %SYSTEMDRIVE%\*.exe /md5 >

    < "%WinDir%\$NtUninstallKB*$." /30 >

    < %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

    < %systemroot%\*. /mp /s >

    < %systemroot%\*. /rp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\Installer\ /s >

    < %systemroot%\system32\Cache\ /s >

    < %systemroot%\system32\config\systemprofile\Application Data /s >

    < %PROGRAMFILES%\*. >
    [2010/03/01 15:07:27 | 000,000,000 | ---D | M] -- C:\Program Files\7-Zip
    [2011/12/14 15:58:01 | 000,000,000 | ---D | M] -- C:\Program Files\AC3Filter
    [2010/04/10 18:57:50 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
    [2009/03/31 21:40:11 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
    [2009/03/04 18:46:57 | 000,000,000 | ---D | M] -- C:\Program Files\ATI
    [2012/07/29 18:13:11 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
    [2009/03/04 18:58:20 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
    [2010/01/15 13:33:51 | 000,000,000 | ---D | M] -- C:\Program Files\Datel
    [2012/05/26 23:34:25 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
    [2012/07/26 11:21:17 | 000,000,000 | ---D | M] -- C:\Program Files\ESET
    [2011/12/22 17:44:29 | 000,000,000 | ---D | M] -- C:\Program Files\Google
    [2011/01/04 23:05:36 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
    [2009/03/04 18:43:08 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
    [2012/07/12 19:50:57 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
    [2009/03/31 21:43:41 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
    [2011/03/10 11:16:58 | 000,000,000 | ---D | M] -- C:\Program Files\Java
    [2012/07/23 18:43:50 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/03/31 21:45:47 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
    [2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
    [2011/12/22 17:59:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
    [2012/05/02 21:35:05 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Security Client
    [2010/12/16 18:51:04 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
    [2010/08/13 22:35:07 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
    [2012/07/21 14:27:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
    [2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
    [2009/10/03 21:52:53 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
    [2012/07/26 10:46:50 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
    [2009/03/04 18:54:10 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
    [2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
    [2009/03/31 21:31:06 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
    [2010/06/29 20:55:20 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
    [2010/01/13 21:47:08 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
    [2011/12/28 22:40:46 | 000,000,000 | ---D | M] -- C:\Program Files\Spotify
    [2011/12/22 19:46:17 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot
    [2012/07/23 18:41:00 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
    [2009/03/04 18:59:26 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
    [2009/03/04 18:55:04 | 000,000,000 | -H-D | M] -- C:\Program Files\Temp
    [2006/11/02 14:01:55 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
    [2012/07/26 18:02:40 | 000,000,000 | ---D | M] -- C:\Program Files\Web Assistant
    [2009/10/21 12:50:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
    [2009/10/21 12:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
    [2009/10/21 12:50:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
    [2012/05/13 20:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Journal
    [2009/03/31 21:45:43 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
    [2009/03/31 21:45:32 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
    [2010/12/16 19:06:42 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
    [2010/10/15 17:52:35 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
    [2006/11/02 13:37:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
    [2009/10/21 12:50:16 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
    [2012/02/14 15:50:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Portable Devices
    [2009/10/21 12:50:18 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
    [2010/01/15 13:34:07 | 000,000,000 | ---D | M] -- C:\Program Files\XBCD

    < %appdata%\*.* >

    < MD5 for: AFD.SYS >
    [2011/04/21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\System32\drivers\afd.sys
    [2011/04/21 14:58:27 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=3911B972B55FEA0478476B2E777B29FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18457_none_d99fb42e5bb59d9b\afd.sys
    [2011/04/21 14:16:42 | 000,273,408 | ---- | M] (Microsoft Corporation) MD5=48EB99503533C27AC6135648E5474457 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18639_none_d7d0e0cc5e7d461c\afd.sys
    [2011/04/21 14:28:53 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=70EE0FC7A0F384DBD929A01384AEEB4B -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.22629_none_da4bc33774b91967\afd.sys
    [2008/01/21 03:24:17 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=763E172A55177E478CB419F88FD0BA03 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.18000_none_d7e842925e6d1f50\afd.sys
    [2009/04/11 05:47:03 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=A201207363AA900ABF1A388468688570 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6002.18005_none_d9d3bb9e5b8eea9c\afd.sys
    [2011/04/21 14:12:21 | 000,273,920 | ---- | M] (Microsoft Corporation) MD5=C8AF25017CECB75906A571AC70D2D306 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.0.6001.22905_none_d876efff77862705\afd.sys

    < MD5 for: ATAPI.SYS >
    [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
    [2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
    [2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\erdnt\cache\atapi.sys
    [2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
    [2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
    [2008/01/21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
    [2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

    < MD5 for: CRYPTSVC.DLL >
    [2008/01/21 03:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
    [2012/04/23 17:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\erdnt\cache\cryptsvc.dll
    [2012/04/23 17:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\System32\cryptsvc.dll
    [2012/04/23 17:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) MD5=75C6A297E364014840B48ECCD7525E30 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18618_none_77e34ec697f67015\cryptsvc.dll
    [2012/04/23 15:48:06 | 000,135,168 | ---- | M] (Microsoft Corporation) MD5=C979AEA8C4D8F875CD25507D08980006 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.22840_none_78447b63b1339621\cryptsvc.dll
    [2009/04/11 07:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

    < MD5 for: DNSRSLVR.DLL >
    [2011/03/02 15:25:54 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=1FF4F12AF03AA5DAFE05F6937E497193 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.22866_none_e23149269ba22ef6\dnsrslvr.dll
    [2009/04/11 07:28:18 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=30A08728740E71947AE1E073B5CE69B4 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18005_none_e3cdf5e97f7b2eb7\dnsrslvr.dll
    [2011/03/02 15:49:43 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=4805D9A6D281C7A7DEFD9094DEC6AF7D -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18611_none_e1d8b89f8260879d\dnsrslvr.dll
    [2011/03/02 16:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=57D762F6F5974AF0DA2BE88A3349BAAA -- C:\Windows\System32\dnsrslvr.dll
    [2011/03/02 16:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=57D762F6F5974AF0DA2BE88A3349BAAA -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.18416_none_e3c42ddf7f82589b\dnsrslvr.dll
    [2011/03/02 19:19:46 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=9BC2EB15BB0E08579536AC47D7C6F92A -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6002.22600_none_e4529ac0989d4191\dnsrslvr.dll
    [2008/01/21 03:24:26 | 000,086,528 | ---- | M] (Microsoft Corporation) MD5=F5A0F1DA1ED8B429597E71D27D976E31 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27cdd8259636b\dnsrslvr.dll

    < MD5 for: ES.DLL >
    [2008/04/19 09:27:37 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=131B7E46A7ACD49CB56BB03917A76DE3 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.20818_none_0b8e318c6db592d2\es.dll
    [2008/04/18 06:48:39 | 000,269,312 | ---- | M] (Microsoft Corporation) MD5=3CB3343D720168B575133A0A20DC2465 -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\es.dll
    [2009/04/11 07:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Users\Tone\AppData\Local\temp\es.dll
    [2009/04/11 07:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\erdnt\cache\es.dll
    [2009/04/11 07:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\System32\es.dll
    [2009/04/11 07:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=67058C46504BC12D821F38CF99B7B28F -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6002.18005_none_0ed918294edf6b75\es.dll
    [2008/04/18 06:30:29 | 000,269,312 | ---- | M] (Microsoft Corporation) MD5=776D75AF432C598068CC933C7421171B -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.22162_none_0d385cf46b0a1a47\es.dll
    [2008/04/19 09:13:07 | 000,268,800 | ---- | M] (Microsoft Corporation) MD5=7B4971C3D43525175A4EA0D143E0412E -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6000.16677_none_0ac2b30954c98430\es.dll
    [2012/06/28 11:27:57 | 000,008,216 | ---- | M] () MD5=8C4CBA187C451FAE0C9C1674B9C3AC39 -- C:\Program Files\Google\Chrome\Application\20.0.1132.47\Locales\es.dll
    [2012/07/10 05:07:57 | 000,008,216 | ---- | M] () MD5=D088A143E3692E65FCEECBEAF6B66E08 -- C:\Program Files\Google\Chrome\Application\20.0.1132.57\Locales\es.dll
    [2008/01/21 03:24:11 | 000,262,144 | ---- | M] (Microsoft Corporation) MD5=F4BF4FA769DB51B106D2B4B35256988B -- C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\es.dll

    < MD5 for: EXPLORER.EXE >
    [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
    [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: IPNATHLP.DLL >
    [2008/01/21 03:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows\System32\ipnathlp.dll
    [2008/01/21 03:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) MD5=E1499BD0FF76B1B2FBBF1AF339D91165 -- C:\Windows\winsxs\x86_microsoft-windows-sharedaccess_31bf3856ad364e35_6.0.6001.18000_none_04cd5ea6494c4867\ipnathlp.dll

    < MD5 for: NETBT.SYS >
    [2008/01/21 03:24:59 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
    [2009/04/11 05:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
    [2009/04/11 05:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

    < MD5 for: NETMAN.DLL >
    [2008/01/21 03:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\erdnt\cache\netman.dll
    [2008/01/21 03:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\System32\netman.dll
    [2008/01/21 03:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) MD5=C8052711DAECC48B982434C5116CA401 -- C:\Windows\winsxs\x86_microsoft-windows-netman_31bf3856ad364e35_6.0.6001.18000_none_0fbd1b9651cfd333\netman.dll

    < MD5 for: QMGR.DLL >
    [2008/01/21 03:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
    [2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\erdnt\cache\qmgr.dll
    [2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
    [2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

    < MD5 for: RPCSS.DLL >
    [2009/03/03 05:39:32 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=301AE00E12408650BADDC04DBC832830 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41ac3deac876\rpcss.dll
    [2008/01/21 03:24:06 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=33FB1F0193EE2051067441492D56113C -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbfc3ddffe3c\rpcss.dll
    [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\erdnt\cache\rpcss.dll
    [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\System32\rpcss.dll
    [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=3B5B4D53FEC14F7476CA29A20CC31AC9 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6002.18005_none_6bb655083b01c988\rpcss.dll
    [2009/03/03 05:32:23 | 000,551,424 | ---- | M] (Microsoft Corporation) MD5=4DFCBDEF3CCAA98F99038DED78945253 -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.22389_none_6a06ffcd57365beb\rpcss.dll
    [2009/03/03 05:19:41 | 000,549,888 | ---- | M] (Microsoft Corporation) MD5=7B981222A257D076885BFFB66F19B7CE -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.16830_none_67c4315e40d1bb6c\rpcss.dll
    [2009/03/03 05:17:45 | 000,550,400 | ---- | M] (Microsoft Corporation) MD5=B1BB45E24717A7F790B4411C4446EF5E -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6000.21023_none_685b771559e4be8c\rpcss.dll

    < MD5 for: SERVICES.EXE >
    [2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
    [2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\erdnt\cache\services.exe
    [2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
    [2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

    < MD5 for: SVCHOST.EXE >
    [2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
    [2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
    [2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

    < MD5 for: TCPIP.SYS >
    [2008/04/26 09:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
    [2009/04/11 07:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
    [2011/09/20 22:02:55 | 000,913,280 | ---- | M] (Microsoft Corporation) MD5=16731B631F28F63CD9F4CB60940E7DDD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_b58c64c97caa1c43\tcpip.sys
    [2009/12/08 21:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
    [2009/08/15 22:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
    [2009/08/14 18:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
    [2011/06/17 21:13:55 | 000,905,104 | ---- | M] (Microsoft Corporation) MD5=2756186E287139310997090797E0182B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_b4b2134c63c9c70f\tcpip.sys
    [2012/03/30 13:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
    [2010/02/18 12:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
    [2010/02/18 15:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
    [2009/08/14 15:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
    [2009/12/08 21:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
    [2010/02/18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
    [2010/02/18 13:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
    [2009/12/08 21:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
    [2010/06/16 16:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
    [2009/08/14 17:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
    [2011/06/17 21:13:55 | 000,913,296 | ---- | M] (Microsoft Corporation) MD5=6647FCE6FC4970DAAFE5C64C794513D3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_b54f51417cd8f970\tcpip.sys
    [2010/06/16 17:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
    [2010/06/16 16:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
    [2011/09/20 22:02:55 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=814A1C66FBD4E1B310A517221F1456BF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_b502c618638c7f52\tcpip.sys
    [2008/04/26 09:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
    [2009/12/08 18:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
    [2009/08/14 18:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
    [2010/02/18 18:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
    [2010/06/16 17:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
    [2010/04/05 18:03:01 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=A6A02EF5B5E40FBD31A1ADC577DA54BB -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_b36bda857faff8dc\tcpip.sys
    [2009/12/08 18:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
    [2010/04/05 21:00:48 | 000,910,208 | ---- | M] (Microsoft Corporation) MD5=CC9993701AC57F995554C696DDA49C12 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_b5497d157cdc9c9f\tcpip.sys
    [2010/02/18 15:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
    [2009/12/08 21:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
    [2012/03/30 13:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\erdnt\cache\tcpip.sys
    [2012/03/30 13:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\System32\drivers\tcpip.sys
    [2012/03/30 13:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
    [2008/01/21 03:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
    [2009/08/14 17:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

    < MD5 for: TDX.SYS >
    [2009/04/11 05:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\erdnt\cache\tdx.sys
    [2009/04/11 05:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\System32\drivers\tdx.sys
    [2009/04/11 05:45:56 | 000,072,192 | ---- | M] (Microsoft Corporation) MD5=76B06EB8A01FC8624D699E7045303E54 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6002.18005_none_ec294157d9377403\tdx.sys
    [2008/01/21 03:24:53 | 000,071,680 | ---- | M] (Microsoft Corporation) MD5=D09276B1FAB033CE1D40DCBDF303D10F -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.0.6001.18000_none_ea3dc84bdc15a8b7\tdx.sys

    < MD5 for: USERINIT.EXE >
    [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
    [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

    < MD5 for: VOLSNAP.SYS >
    [2006/11/02 10:51:18 | 000,208,488 | ---- | M] (Microsoft Corporation) MD5=11EF6C1CAEF76B685233450A126125D6 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_9320b452\volsnap.sys
    [2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\drivers\volsnap.sys
    [2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_1e6030e4\volsnap.sys
    [2009/04/11 07:32:55 | 000,226,280 | ---- | M] (Microsoft Corporation) MD5=147281C01FCB1DF9252DE2A10D5E7093 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6002.18005_none_17a2308cf936c619\volsnap.sys
    [2008/01/21 03:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_f53a1785\volsnap.sys
    [2008/01/21 03:23:21 | 000,227,896 | ---- | M] (Microsoft Corporation) MD5=D8B4A53DD2769F226B3EB374374987C9 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.0.6001.18000_none_15b6b780fc14facd\volsnap.sys

    < MD5 for: WININIT.EXE >
    [2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\erdnt\cache\wininit.exe
    [2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
    [2008/01/21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
    [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < MD5 for: WMISVC.DLL >
    [2008/01/21 03:24:59 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=00B79A7C984678F24CF052E5BEB3A2F5 -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6001.18000_none_a0b2bbcff6f11e8e\WMIsvc.dll
    [2009/04/11 07:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=6B2A1D0E80110E3D04E6863C6E62FD8A -- C:\Windows\System32\wbem\WMIsvc.dll
    [2009/04/11 07:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) MD5=6B2A1D0E80110E3D04E6863C6E62FD8A -- C:\Windows\winsxs\x86_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.0.6002.18005_none_a29e34dbf412e9da\WMIsvc.dll

    < MD5 for: WSCSVC.DLL >
    [2009/04/11 07:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=1CA6C40261DDC0425987980D0CD2AAAB -- C:\Windows\System32\wscsvc.dll
    [2009/04/11 07:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=1CA6C40261DDC0425987980D0CD2AAAB -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6002.18005_none_1c2bd6beaf3aa18d\wscsvc.dll
    [2008/01/21 03:23:39 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=683DD16B590372F2C9661D277F35E49C -- C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.0.6001.18000_none_1a405db2b218d641\wscsvc.dll

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\System32\config\systemprofile\AppData\Local\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\History] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History -> Junction
    [C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files] -> C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
    [C:\Windows\System32\config\systemprofile\Application Data] -> C:\Windows\system32\config\systemprofile\AppData\Roaming -> Junction
    [C:\Windows\System32\config\systemprofile\Local Settings] -> C:\Windows\system32\config\systemprofile\AppData\Local -> Junction
    < End of report >
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Log is clean. Any other issues/errors popping up?
     
  19. Quinnbeast

    Quinnbeast TS Rookie Topic Starter Posts: 28

    Not a jot. I wouldn't have known there was anything wrong.
     
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Hi! If there are no more issues, then we shall clean up!

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete

    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    Tell me in your next reply, if you have completed these tasks:
    • Cleaned System Restore
    • Ran OTC
    • Ran TFC
    • Ran Security Check
    Also, let me know how your computer is running, and don't forget to post the contents of the Security Check log.
     
  21. Quinnbeast

    Quinnbeast TS Rookie Topic Starter Posts: 28

    Awrightythen.

    I've done the System Restore, & run OTC, CC Cleaner and Security Check (log below). I didn't see a link for TFC so I haven't run that.

    Results of screen317's Security Check version 0.99.43
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Microsoft Security Essentials
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Spybot - Search & Destroy
    Malwarebytes Anti-Malware version 1.62.0.1300
    CCleaner
    Java(TM) 6 Update 24
    Java version out of Date!
    Adobe Flash Player 10 Flash Player out of Date!
    Adobe Flash Player10.3.183.7 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of Date!
    Google Chrome 20.0.1132.47
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    Microsoft Security Essentials MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1 %
    ````````````````````End of Log``````````````````````
     
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.

    Java Update!

    Please download the newest version of Java from Java.com.

    Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

    Once old versions are gone, please install the newest version.

    Read more about Java exploit problems

    Adobe Flash Player Update!

    Please download the newest version of Adobe Flash Player from Adobe.com

    Before installing: it is important to remove older versions of Flash Player since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Flash Player. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Any other questions before I mark this topic solved?
     
  23. Quinnbeast

    Quinnbeast TS Rookie Topic Starter Posts: 28

    Hey Jay, thanks for all the help with this one - you guys provide a first rate service!

    Quick question for you - I've been using the PSI program to keep an eye on updates for my desktop machine - is it a recommended program for simple home/laptop use?

    Many thanks, Q.
     
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Yes it is! Totally recommended. Keep it going, and it'll save you from a lot of exploit traps.
     
  25. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,282   +49

    Topic marked solved. √
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...