Jump to content

drwizzz

Members
  • Posts

    39
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here is the scan results.. C:\Documents and Settings\Butch\Desktop\updates\ccsetup404.exe Win32/Bundled.Toolbar.Google.D applicationC:\Documents and Settings\Butch\Desktop\updates\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask applicationC:\Documents and Settings\Butch\Desktop\updates\FreemakeVideoConverterSetup.exe Win32/OpenCandy applicationC:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP401\A0059090.old Win32/Olmarik.ZC trojanC:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP401\A0059106.old Win32/Olmarik.ZC trojanC:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP403\A0061155.old Win32/Olmarik.ZC trojanC:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP406\A0061369.old Win32/Olmarik.ZC trojan
  2. ok, here are the logs: Malwarebytes Anti-Malware 1.75.0.1300www.malwarebytes.org Database version: v2014.01.21.01 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Butch :: CCRSYR04MBC [administrator] 1/20/2014 9:41:05 PMmbam-log-2014-01-20 (21-41-05).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 240718Time elapsed: 14 minute(s), 34 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 1HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) Logfile of Trend Micro HijackThis v2.0.4Scan saved at 10:04:47 PM, on 1/20/2014Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Normal Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exeC:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exeC:\program files\real\realplayer\update\realsched.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exeC:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Drobo\Drobo Dashboard\DDAssist.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\SafeConnect\scClient.exeC:\Documents and Settings\Butch\Application Data\Dropbox\bin\Dropbox.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exec:\program files\safeconnect\Uninstall.exeC:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Sony\VAIO Event Service\VESMgr.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Documents and Settings\Butch\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeopleR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dllO2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dllO2 - BHO: SecureBrowsing Toolbar - {7632ABCA-B104-4fbc-9C70-419C4147061B} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dllO2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dllO3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO3 - Toolbar: M86 Security Secure Browsing - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dllO4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exeO4 - HKLM\..\Run: [VAIO Update 2] "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /StationaryO4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osbootO4 - HKLM\..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exeO4 - HKLM\..\Run: [sonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"O4 - HKLM\..\Run: [skyTel] SkyTel.EXEO4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exeO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exeO4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exeO4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exeO4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exeO4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exeO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exeO4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorunO4 - HKCU\..\Run: [DDAssist] C:\Program Files\Drobo\Drobo Dashboard\DDAssist.exeO4 - HKCU\..\Run: [CAHeadless] C:\Program Files\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exeO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - Startup: Dropbox.lnk = C:\Documents and Settings\Butch\Application Data\Dropbox\bin\Dropbox.exeO4 - Global Startup: Drobo Dashboard.lnk = C:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: SafeConnect.lnk = ?O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.htmlO8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre7\bin\jp2iexp.dllO9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dllO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeopleO16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CABO16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238972247256O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cabO16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cabO22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dllO22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dllO23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeO23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeO23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exeO23 - Service: Kaspersky Security Scan Service (KSS) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exeO23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exeO23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeO23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exeO23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exeO23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing)O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exeO23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeO23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exeO23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exeO23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exeO23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeO23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exeO23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeO23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeO23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe --End of file - 16903 bytes Ok, all of my Chrome Browser settings have been lost (the cleaner probably cleaned out all that)... After rebooting, it still took over 3 minutes to get to the welcome screen...5 minutes to my screen... The infected item that MBAM cleaned out always comes up when I run a MBAM scan....
  3. here is the combofix report: ComboFix 14-01-16.03 - Butch 01/20/2014 19:19:07.8.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1185 [GMT -5:00]Running from: c:\documents and settings\Butch\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Butch\Desktop\CFScript.txtAV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\setupapi.log..((((((((((((((((((((((((( Files Created from 2013-12-21 to 2014-01-21 )))))))))))))))))))))))))))))))..2014-01-20 07:48 . 2014-01-20 07:53 -------- d-----w- c:\windows\system32\MRT2014-01-19 22:43 . 2014-01-20 02:01 104664 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2014-01-19 22:42 . 2014-01-20 06:29 51416 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-01-19 17:44 . 2013-10-29 07:57 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll2014-01-19 17:43 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys2014-01-19 17:42 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys2014-01-19 17:42 . 2013-02-12 00:32 12928 -c----w- c:\windows\system32\dllcache\usb8023.sys2014-01-19 17:42 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys2014-01-19 17:42 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys2014-01-19 17:42 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys2014-01-19 17:40 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys2014-01-19 17:40 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys2014-01-19 17:40 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys2014-01-19 17:40 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys2014-01-18 21:10 . 2014-01-18 21:10 -------- d-----w- c:\windows\ERUNT2014-01-18 20:52 . 2014-01-18 20:57 -------- d-----w- C:\AdwCleaner2014-01-08 15:49 . 2014-01-08 15:49 -------- d-----w- c:\program files\Kaspersky Lab2014-01-08 15:49 . 2014-01-08 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-17 23:27 . 2012-04-02 17:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-01-17 23:27 . 2011-05-15 04:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-11-27 20:21 . 2006-08-10 07:32 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys2013-11-13 02:59 . 2006-08-10 07:32 150528 ----a-w- c:\windows\system32\imagehlp.dll2013-11-07 05:38 . 2006-08-10 07:32 591360 ----a-w- c:\windows\system32\rpcrt4.dll2013-11-06 01:03 . 2009-04-15 13:26 7168 ----a-w- c:\windows\system32\xpsp4res.dll2013-10-30 02:26 . 2006-08-10 07:32 1879040 ----a-w- c:\windows\system32\win32k.sys2013-10-29 07:57 . 2006-08-10 07:32 920064 ----a-w- c:\windows\system32\wininet.dll2013-10-29 07:57 . 2006-08-10 07:32 43520 ------w- c:\windows\system32\licmgr10.dll2013-10-29 07:57 . 2006-08-10 07:32 1469440 ------w- c:\windows\system32\inetcpl.cpl2013-10-29 07:57 . 2006-08-10 07:32 18944 ----a-w- c:\windows\system32\corpol.dll2013-10-29 00:45 . 2006-08-10 07:32 385024 ------w- c:\windows\system32\html.iec2013-10-23 23:45 . 2006-08-10 07:32 172032 ----a-w- c:\windows\system32\scrrun.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.22.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-12-07 202328]"DDAssist"="c:\program files\Drobo\Drobo Dashboard\DDAssist.exe" [2013-05-10 288080]"CAHeadless"="c:\program files\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 545872].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-20 296056]"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576].c:\documents and settings\Butch\Start Menu\Programs\Startup\Dropbox.lnk - c:\documents and settings\Butch\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328].c:\documents and settings\All Users\Start Menu\Programs\Startup\Drobo Dashboard.lnk - c:\program files\Drobo\Drobo Dashboard\DroboDashboard.exe -startup [2011-4-15 5492736]Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 297240].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]2006-06-20 23:11 73728 ------w- c:\windows\system32\VESWinlogon.dll.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnkbackup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NAC Assessment Agent.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NAC Assessment Agent.lnkbackup=c:\windows\pss\NAC Assessment Agent.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]2004-10-18 21:42 79448 ------w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]2006-10-23 12:50 71216 ------r- c:\program files\Common Files\AOL\ACS\AOLDial.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]2006-06-02 00:55 1077248 ------w- c:\program files\DISC\DISCover.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]2012-11-30 02:06 1263512 ------w- c:\program files\DivX\DivX Update\DivXUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1174708395\ee\aolsoftware.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]2006-05-08 13:17 81920 ------w- c:\progra~1\Sony\SONICS~1\SSAAD.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\DISC\\DISCover.exe"="c:\\Program Files\\DISC\\DiscStreamHub.exe"="c:\\Program Files\\DISC\\myFTP.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Common Files\\AOL\\1174708395\\ee\\aolsoftware.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="c:\\Program Files\\America Online 9.0\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"="c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="c:\\Program Files\\Microsoft Office\\Office\\SBT\\DMM\\directmail.exe"="c:\\Program Files\\AIM\\aim.exe"="c:\\McGraw-Hill\\MH_EZTest\\jre\\bin\\java.exe"="c:\\McGraw-Hill\\MH_EZTest\\mysql\\bin\\mysqld.exe"="c:\\Program Files\\Opera\\opera.exe"="c:\\Documents and Settings\\Butch\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Documents and Settings\\Butch\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"="c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"="c:\\Program Files\\Java\\jre7\\bin\\java.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\WINDOWS\\system32\\muzapp.exe"="c:\\Program Files\\Drobo\\Drobo Dashboard\\DDService.exe"="c:\\Program Files\\Drobo\\Drobo Dashboard\\Drobo Dashboard.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"2967:TCP"= 2967:TCP:Symantec.R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [9/17/2012 6:39 AM 171600]R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [12/7/2012 3:16 PM 202328]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/10/2012 1:00 PM 106656]R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/10/2006 2:33 AM 226304]S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 3:47 AM 98304]S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 2:40 AM 118784]S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [11/10/2013 1:24 PM 84248]S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 1:40 AM 115952]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [11/10/2013 1:24 PM 182680]S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/10/2006 2:32 AM 14336].Contents of the 'Scheduled Tasks' folder.2014-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 23:28].2014-01-20 c:\windows\Tasks\AdobeAAMUpdater-1.0-CCRSYR04MBC-Butch.job- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20 12:27].2014-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34].2014-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57].2014-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57].2014-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005Core.job- c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57].2014-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005UA.job- c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htmTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\documents and settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\FF - ExtSQL: !HIDDEN! 2009-09-16 12:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-01-20 19:35Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1376)c:\windows\system32\VESWinlogon.dll.Completion time: 2014-01-20 19:39:27ComboFix-quarantined-files.txt 2014-01-21 00:39ComboFix2.txt 2014-01-19 17:17.Pre-Run: 2,057,023,488 bytes freePost-Run: 2,232,184,832 bytes free.- - End Of File - - 3DC9880D28CAE35B667C43ABAB7637B28F558EB6672622401DA993E1E865C861 The laptop is running well but still takes over 4minutes to boot up.
  4. Also: When I shut down the laptop, Windows had 69 updates that it installed. That seemed strange but this morning the laptop started up with no problems. The "Drobo Dashboard" program is asking for a reinstall because a protion of the program is not running. I am also getting requests for updates for Java and Adobe...
  5. here are the reports... Malwarebytes Anti-Rootkit BETA 1.07.0.1008www.malwarebytes.org Database version: v2014.01.19.06 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702 :: CCRSYR04MBC [administrator] 1/19/2014 5:43:26 PMmbar-log-2014-01-19 (17-43-26).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 259315Time elapsed: 1 hour(s), 6 minute(s), 23 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 1HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Replace on reboot. Folders Detected: 0(No malicious items detected) Files Detected: 1C:\WINDOWS\compbatt.old (Rootkit.TDSS.TDL3.A) -> Delete on reboot. Physical Sectors Detected: 0(No malicious items detected) (end) Malwarebytes Anti-Rootkit BETA 1.07.0.1008www.malwarebytes.org Database version: v2014.01.19.07 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702 :: CCRSYR04MBC [administrator] 1/19/2014 7:05:33 PMmbar-log-2014-01-19 (19-05-33).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 259342Time elapsed: 1 hour(s), 19 minute(s), 13 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 1HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Replace on reboot. Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) Malwarebytes Anti-Rootkit BETA 1.07.0.1008www.malwarebytes.org Database version: v2014.01.19.07 Windows XP Service Pack 3 x86 NTFSInternet Explorer 8.0.6001.18702Butch :: CCRSYR04MBC [administrator] 1/19/2014 9:02:15 PMmbar-log-2014-01-19 (21-02-15).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 259282Time elapsed: 1 hour(s), 32 minute(s), 11 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) RogueKiller V8.8.2 [Jan 17 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Butch [Admin rights]Mode : Scan -- Date : 01/20/2014 02:10:34| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ SECU][PUM] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤[Address] SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0x8A725AA0)[Address] SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A76BC00) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) FUJITSU MHV2120BH PL +++++--- User ---[MBR] aafee9213f5502a41fa0d55d8279d41a[bSP] 629b29361fe6968c20e2a34ca976949f : Windows XP MBR CodePartition table:0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 7169 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14683410 | Size: 107301 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_01202014_021034.txt >> RogueKiller V8.8.2 [Jan 17 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Butch [Admin rights]Mode : Remove -- Date : 01/20/2014 02:12:06| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED[HJ SECU][PUM] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤[Address] SSDT[177] : NtQueryValueKey @ 0x806221FA -> HOOKED (Unknown @ 0x8A725AA0)[Address] SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A76BC00) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) FUJITSU MHV2120BH PL +++++--- User ---[MBR] aafee9213f5502a41fa0d55d8279d41a[bSP] 629b29361fe6968c20e2a34ca976949f : Windows XP MBR CodePartition table:0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 7169 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14683410 | Size: 107301 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_D_01202014_021206.txt >>RKreport[0]_S_01202014_021034.txt The laptop seems to run smoother and quicker. The boot up is still a bit long but has improved...
  6. here is the combofix log: ComboFix 14-01-16.03 - Butch 01/19/2014 11:42:10.7.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1060 [GMT -5:00]Running from: c:\documents and settings\Butch\Desktop\ComboFix.exeAV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Butch\g2mdlhlpx.exec:\windows\wininit.iniJ:\install.exe..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_DDSERVICE-------\Service_DDService..((((((((((((((((((((((((( Files Created from 2013-12-19 to 2014-01-19 )))))))))))))))))))))))))))))))..2014-01-18 21:10 . 2014-01-18 21:10 -------- d-----w- c:\windows\ERUNT2014-01-18 20:52 . 2014-01-18 20:57 -------- d-----w- C:\AdwCleaner2014-01-08 15:49 . 2014-01-08 15:49 -------- d-----w- c:\program files\Kaspersky Lab2014-01-08 15:49 . 2014-01-08 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-17 23:27 . 2012-04-02 17:59 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe2014-01-17 23:27 . 2011-05-15 04:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.22.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"KSS"="c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" [2012-12-07 202328]"DDAssist"="c:\program files\Drobo\Drobo Dashboard\DDAssist.exe" [2013-05-10 288080]"CAHeadless"="c:\program files\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe" [2012-09-17 545872].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-06-20 296056]"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088]"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208]"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784]"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824]"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576].c:\documents and settings\Butch\Start Menu\Programs\Startup\Dropbox.lnk - c:\documents and settings\Butch\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328].c:\documents and settings\All Users\Start Menu\Programs\Startup\Drobo Dashboard.lnk - c:\program files\Drobo\Drobo Dashboard\DroboDashboard.exe -startup [2011-4-15 5492736]Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 297240].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]2006-06-20 23:11 73728 ------w- c:\windows\system32\VESWinlogon.dll.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnkbackup=c:\windows\pss\Cisco Systems VPN Client.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NAC Assessment Agent.lnk]path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NAC Assessment Agent.lnkbackup=c:\windows\pss\NAC Assessment Agent.lnkCommon Startup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]2004-10-18 21:42 79448 ------w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]2006-10-23 12:50 71216 ------r- c:\program files\Common Files\AOL\ACS\AOLDial.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]2006-06-02 00:55 1077248 ------w- c:\program files\DISC\DISCover.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]2012-11-30 02:06 1263512 ------w- c:\program files\DivX\DivX Update\DivXUpdate.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\AOL\1174708395\ee\aolsoftware.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]2006-05-08 13:17 81920 ------w- c:\progra~1\Sony\SONICS~1\SSAAD.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\DISC\\DISCover.exe"="c:\\Program Files\\DISC\\DiscStreamHub.exe"="c:\\Program Files\\DISC\\myFTP.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Common Files\\AOL\\1174708395\\ee\\aolsoftware.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="c:\\Program Files\\America Online 9.0\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"="c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="c:\\Program Files\\Microsoft Office\\Office\\SBT\\DMM\\directmail.exe"="c:\\Program Files\\AIM\\aim.exe"="c:\\McGraw-Hill\\MH_EZTest\\jre\\bin\\java.exe"="c:\\McGraw-Hill\\MH_EZTest\\mysql\\bin\\mysqld.exe"="c:\\Program Files\\Opera\\opera.exe"="c:\\Documents and Settings\\Butch\\Application Data\\Dropbox\\bin\\Dropbox.exe"="c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"="c:\\Program Files\\Bonjour\\mDNSResponder.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Documents and Settings\\Butch\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"="c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"="c:\\Program Files\\Java\\jre7\\bin\\java.exe"="c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="c:\\WINDOWS\\system32\\muzapp.exe"="c:\\Program Files\\Drobo\\Drobo Dashboard\\DDService.exe"="c:\\Program Files\\Drobo\\Drobo Dashboard\\Drobo Dashboard.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"2967:TCP"= 2967:TCP:Symantec.R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 3:47 AM 98304]R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [9/17/2012 6:39 AM 171600]R2 KSS;Kaspersky Security Scan Service;c:\program files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [12/7/2012 3:16 PM 202328]R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 2:40 AM 118784]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/10/2012 1:00 PM 106656]R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/10/2006 2:33 AM 226304]S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [11/10/2013 1:24 PM 84248]S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 1:40 AM 115952]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [11/10/2013 1:24 PM 182680]S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/10/2006 2:32 AM 14336].Contents of the 'Scheduled Tasks' folder.2014-01-19 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 23:28].2014-01-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-CCRSYR04MBC-Butch.job- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-09-20 12:27].2014-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34].2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57].2014-01-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57].2014-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005Core.job- c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57].2014-01-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005UA.job- c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57]..------- Supplementary Scan -------.uInternet Settings,ProxyOverride = *.localIE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.htmlIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htmTCP: DhcpNameServer = 192.168.1.1FF - ProfilePath - c:\documents and settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\FF - ExtSQL: !HIDDEN! 2009-09-16 12:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension.- - - - ORPHANS REMOVED - - - -.AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exeAddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exeAddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exeAddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exeAddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exeAddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exeAddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exeAddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exeAddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exeAddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exeAddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2014-01-19 12:07Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]@="?????????????????? v1".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]@="?????????????????? v2".[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}".[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(1380)c:\windows\system32\VESWinlogon.dll.- - - - - - - > 'explorer.exe'(5788)c:\windows\system32\WININET.dllc:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.22.dllc:\windows\system32\msi.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Common Files\aolshare\aolshcpy.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\program files\Intel\Wireless\Bin\EvtEng.exec:\program files\Intel\Wireless\Bin\S24EvMon.exec:\program files\Common Files\Symantec Shared\ccSetMgr.exec:\program files\Common Files\Symantec Shared\ccEvtMgr.exec:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exec:\program files\Common Files\AOL\ACS\AOLAcsd.exec:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exec:\program files\Bonjour\mDNSResponder.exec:\program files\Cisco Systems\VPN Client\cvpnd.exec:\program files\Symantec AntiVirus\DefWatch.exec:\windows\eHome\ehRecvr.exec:\windows\eHome\ehSched.exec:\program files\Java\jre7\bin\jqs.exec:\program files\Intel\Wireless\Bin\RegSrvc.exec:\program files\Apoint\Apntex.exec:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exec:\program files\safeconnect\Uninstall.exec:\documents and settings\Butch\Application Data\Dropbox\bin\Dropbox.exec:\program files\Sony\VAIO Event Service\VESMgr.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exec:\program files\Windows Media Player\WMPNetwk.exec:\windows\ehome\mcrdsvc.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exec:\windows\system32\igfxext.exec:\windows\system32\igfxsrvc.exec:\windows\system32\wscntfy.exec:\program files\iPod\bin\iPodService.exec:\windows\eHome\ehmsas.exec:\program files\Common Files\Java\Java Update\jucheck.exe.**************************************************************************.Completion time: 2014-01-19 12:17:27 - machine was rebootedComboFix-quarantined-files.txt 2014-01-19 17:16.Pre-Run: 4,120,764,416 bytes freePost-Run: 5,362,917,376 bytes free.- - End Of File - - CE11688DA78A8043EB5EB922C6C39CFA8F558EB6672622401DA993E1E865C861 The laptop still takes a little while to boot up. It may be because of the Drobo but once booted up everything seems great...
  7. Ok, I could NOT run the DMA program so I went in manually. In the device manager there were 2 Primary IDE Channels and NO Secondary IDE Channel. Both of the primary channels were set to Ultra DMA Mode 5 and Mode 2 respectively...
  8. Gringo, Thank you for responding to my post and thanks for your help. The laptop is running a bit better. The boot sequence is still a bit long but once booted up programs seem to open up quickly. Here are the two logs you requested. # AdwCleaner v3.017 - Report created 18/01/2014 at 15:56:48# Updated 12/01/2014 by Xplode# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)# Username : Butch - CCRSYR04MBC# Running from : C:\Documents and Settings\Butch\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbarsFolder Deleted : C:\Documents and Settings\All Users\Application Data\NCH SoftwareFolder Deleted : C:\Documents and Settings\All Users\Application Data\Search ProtectionFolder Deleted : C:\Documents and Settings\All Users\Application Data\TrymediaFolder Deleted : C:\Documents and Settings\All Users\Application Data\ViewpointFolder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\myfree codecFolder Deleted : C:\Program Files\myfree codecFolder Deleted : C:\Program Files\NCH SoftwareFolder Deleted : C:\Program Files\Toolbar CleanerFolder Deleted : C:\Program Files\Common Files\Software Update UtilityFolder Deleted : C:\DOCUME~1\Butch\LOCALS~1\Temp\boost_interprocessFolder Deleted : C:\Documents and Settings\Butch\Application Data\adawaretbFolder Deleted : C:\Documents and Settings\Butch\Application Data\NCH SoftwareFolder Deleted : C:\Documents and Settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\adawaretbFile Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dllFile Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xptFile Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dllFile Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xptFile Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\adawaretb.xmlFile Deleted : C:\Documents and Settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\user.js ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXEKey Deleted : HKLM\SOFTWARE\Classes\dnUpdateKey Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowserKey Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdControllerKey Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_104D1700Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]Key Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Myfree CodecKey Deleted : HKCU\Software\NCH SoftwareKey Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\YahooPartnerToolbarKey Deleted : HKLM\Software\adawaretbKey Deleted : HKLM\Software\Myfree CodecKey Deleted : HKLM\Software\NCH SoftwareKey Deleted : HKLM\Software\Toolbar CleanerKey Deleted : HKLM\Software\Trymedia SystemsKey Deleted : HKLM\Software\ViewpointKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodecKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtilityKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar CleanerKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint ManagerKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodecKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtilityKey Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v22.0 (en-US) [ File : C:\Documents and Settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\prefs.js ] Line Deleted : user_pref("extensions.m86sb.ta.sites", "{\"version\":\"4.111\",\"sites\":{\"Adsense\":{\"smallMode\":true,\"smallBubble\":true,\"noMessages\":true,\"mapping\":{\"host\":\"^.*\\\\.googlesyndication\\\\[...] -\\ Google Chrome v [ File : C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [6391 octets] - [18/01/2014 15:53:11]AdwCleaner[s0].txt - [6478 octets] - [18/01/2014 15:56:48] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6538 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.0 (01.07.2014:1)OS: Microsoft Windows XP x86Ran by Butch on Sat 01/18/2014 at 16:19:09.90~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted: [File] C:\Documents and Settings\Butch\Application Data\mozilla\firefox\profiles\gi2b1a6z.default\extensions\qqahlcxoco@qqahlcxoco.org.xpi [Tracur]Successfully deleted the following from C:\Documents and Settings\Butch\Application Data\mozilla\firefox\profiles\gi2b1a6z.default\prefs.js user_pref("browser.search.selectedEngine", "SecureSearch");user_pref("extensions.m86sb.ta.categories", "{\r\n \"version\": \"3.721\",\r\n \"Images\": {\r\n\"Large\":{\r\n \"Adult Content\": [\r\n \"data:Emptied folder: C:\Documents and Settings\Butch\Application Data\mozilla\firefox\profiles\gi2b1a6z.default\minidumps [1 files] ~~~ Chrome Dumping contents of C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\Default\DefaultC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagcdcgedjdjdedagbdjdgdededcgddbC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagcdcgedjdjdedagbdjdgdededcgddb\background.htmlC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\aagcdcgedjdjdedagbdjdgdededcgddb\manifest.json Successfully deleted: [Folder] C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\Default\Default [Default Extension 1.0] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sat 01/18/2014 at 16:24:59.75Computer was rebootedEnd of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. Please help! Laptop takes awhile to boot up. Kaspersky scan says I have maleware, Malewarebytes says otherwise. also having trouble with internet connect...it has become intermittent. not sure if that's related. Attach .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 3/24/2007 4:17:53 PMSystem Uptime: 1/8/2014 3:45:25 PM (15 hours ago).Motherboard: Sony Corporation | | VAIOProcessor: Intel® Core2 CPU T5500 @ 1.66GHz | N/A | 1662/167mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 105 GiB total, 6.503 GiB free.D: is RemovableE: is FIXED (NTFS) - 298 GiB total, 188.632 GiB free.F: is CDROM ()H: is FIXED (NTFS) - 2048 GiB total, 1483.083 GiB free.I: is FIXED (NTFS) - 1863 GiB total, 795.715 GiB free.J: is FIXED (NTFS) - 2048 GiB total, 2047.729 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Cisco Systems VPN AdapterDevice ID: ROOT\NET\0000Manufacturer: Cisco SystemsName: Cisco Systems VPN AdapterPNP Device ID: ROOT\NET\0000Service: CVirtA.==== System Restore Points ===================.RP335: 10/12/2013 10:19:19 AM - System CheckpointRP336: 10/13/2013 3:36:58 PM - AA11RP337: 10/13/2013 4:05:41 PM - Removed VZAccess Manager for RIM.RP338: 10/14/2013 9:32:12 PM - System CheckpointRP339: 10/15/2013 10:19:41 PM - System CheckpointRP340: 10/17/2013 12:34:57 AM - System CheckpointRP341: 10/22/2013 1:38:37 PM - System CheckpointRP342: 10/24/2013 12:51:27 PM - System CheckpointRP343: 10/27/2013 5:35:49 PM - System CheckpointRP344: 10/29/2013 8:00:26 AM - System CheckpointRP345: 10/30/2013 10:29:26 AM - System CheckpointRP346: 10/31/2013 12:36:36 PM - System CheckpointRP347: 11/3/2013 6:57:40 PM - System CheckpointRP348: 11/4/2013 5:11:05 PM - AA11RP349: 11/5/2013 10:11:35 PM - System CheckpointRP350: 11/7/2013 10:46:42 AM - System CheckpointRP351: 11/9/2013 1:22:54 PM - Installed Java 7 Update 45RP352: 11/10/2013 1:28:04 PM - Installed Windows XP winusb0100.RP353: 11/10/2013 1:29:08 PM - Installed Windows XP winusb0100.RP354: 11/10/2013 1:29:19 PM - Installed Samsung Kies3RP355: 11/10/2013 1:41:35 PM - Removed Samsung KiesRP356: 11/11/2013 9:11:37 PM - System CheckpointRP357: 11/13/2013 10:28:48 AM - System CheckpointRP358: 11/14/2013 10:45:53 AM - System CheckpointRP359: 11/17/2013 12:56:03 PM - System CheckpointRP360: 11/19/2013 10:18:26 AM - System CheckpointRP361: 11/20/2013 11:07:43 AM - System CheckpointRP362: 11/21/2013 6:59:14 PM - System CheckpointRP363: 11/22/2013 10:29:04 PM - System CheckpointRP364: 11/24/2013 9:38:22 AM - System CheckpointRP365: 11/25/2013 7:23:31 PM - System CheckpointRP366: 11/26/2013 11:27:54 PM - System CheckpointRP367: 11/28/2013 5:11:59 AM - System CheckpointRP368: 11/28/2013 8:36:17 AM - Removed VirtualDJ Home FREERP369: 11/29/2013 4:28:19 PM - System CheckpointRP370: 11/30/2013 8:05:57 PM - System CheckpointRP371: 12/1/2013 9:48:45 PM - System CheckpointRP372: 12/3/2013 1:59:17 AM - System CheckpointRP373: 12/4/2013 10:34:48 AM - System CheckpointRP374: 12/5/2013 6:11:31 PM - System CheckpointRP375: 12/6/2013 10:09:55 PM - System CheckpointRP376: 12/8/2013 8:39:02 AM - System CheckpointRP377: 12/9/2013 10:09:34 AM - System CheckpointRP378: 12/9/2013 8:39:08 PM - Installed Drobo Dashboard.RP379: 12/10/2013 11:35:24 PM - Removed Drobo Dashboard.RP380: 12/10/2013 11:45:29 PM - Installed Drobo Dashboard.RP381: 12/11/2013 12:03:12 AM - Installed Drobo Dashboard.RP382: 12/12/2013 12:07:14 AM - System CheckpointRP383: 12/13/2013 1:25:17 AM - System CheckpointRP384: 12/14/2013 5:02:01 PM - System CheckpointRP385: 12/15/2013 9:41:59 PM - System CheckpointRP386: 12/16/2013 10:39:33 PM - System CheckpointRP387: 12/18/2013 7:14:01 PM - System CheckpointRP388: 12/19/2013 11:16:47 PM - System CheckpointRP389: 12/22/2013 4:54:39 PM - System CheckpointRP390: 12/23/2013 10:32:47 PM - System CheckpointRP391: 12/24/2013 9:57:45 AM - Removed TweetDeckRP392: 12/25/2013 2:20:12 PM - System CheckpointRP393: 12/26/2013 4:34:43 PM - System CheckpointRP394: 12/28/2013 4:54:51 AM - System CheckpointRP395: 12/29/2013 12:52:40 PM - System CheckpointRP396: 12/30/2013 1:35:05 PM - System CheckpointRP397: 12/31/2013 6:40:29 PM - System CheckpointRP398: 1/1/2014 9:44:57 PM - System CheckpointRP399: 1/3/2014 12:11:20 AM - System CheckpointRP400: 1/5/2014 7:41:16 PM - System CheckpointRP401: 1/6/2014 9:15:46 PM - System CheckpointRP402: 1/8/2014 9:00:23 AM - System CheckpointRP403: 1/8/2014 10:49:07 AM - Installed Kaspersky Security Scan..==== Installed Programs ======================.Acrobat.comAdobe AIRAdobe Common File InstallerAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Media PlayerAdobe Photoshop Elements 3.0Adobe Premiere Elements 11Adobe Premiere Elements 4.0Adobe Premiere Elements 4.0 TemplatesAdobe Premiere Elements Updater 3.0.2Adobe Reader XI (11.0.05)Adobe Shockwave Player 11.5Adobe SVG Viewer 3.0AIM 7AOL Coach Version 2.0(Build:20041026.5 en)AOL Spyware ProtectionAOL Uninstaller (Choose which Products to Remove)AOL You've Got Pictures ScreensaverApple Application SupportApple Mobile Device SupportApple Software UpdateAudacity 1.3.14 (Unicode)Bewitched (remove only)BlackBerry Desktop Software 6.0.2BonjourClick to DVD 2.0.03 Menu DataClick to DVD 2.5.30Click to DVD TutorialCompatibility Pack for the 2007 Office systemCritical Update for Windows Media Player 11 (KB959772)CutePDF Writer 2.7DISCoverDivX SetupDownload Updater (AOL LLC)Drobo DashboardDropboxDVgate PlusElements 11 OrganizerEnterasys NAC Assessment AgentFastStone Image Viewer 4.6Freemake Video Converter version 3.2.1FreeScreenSharingGoogle ChromeGoogle Earth Plug-inGoogle Update HelperGoToMeeting 6.0.0.1259High Definition Audio Driver Package - KB835221HijackThis 2.0.2Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 10 (KB903157)Hotfix for Windows Media Player 10 (KB910393)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB942288-v3)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Image Converter 2 PlusImageStationIntel® Graphics Media Accelerator DriverIntel® PROSet/Wireless SoftwareInterVideo WinDVD for VAIOISScriptiTunesJ2SE Runtime Environment 5.0 Update 11J2SE Runtime Environment 5.0 Update 6Japanese Fonts Support For Adobe Reader 9Java 7 Update 45Java Auto UpdaterJava 6 Update 20Java SE Runtime Environment 6 Update 1JEOPARDY! (remove only)Kaspersky Security ScanLAME v3.99.3 (for Windows)LAN Setting UtilityLiveUpdate 3.0 (Symantec Corporation)M86Security Secure BrowsingMacromedia Flash Player 8Macromedia Flash Player 8 PluginMalwarebytes Anti-Malware version 1.75.0.1300McGraw-Hill EZ Test DesktopmCoremDriverMemory Stick FormatterMicrosoft .NET Framework 1.0 Hotfix (KB2572066)Microsoft .NET Framework 1.0 Hotfix (KB2604042)Microsoft .NET Framework 1.0 Hotfix (KB2656378)Microsoft .NET Framework 1.0 Hotfix (KB953295)Microsoft .NET Framework 1.0 Hotfix (KB979904)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Data Access Components KB870669Microsoft Digital Image Library 9 - BlockerMicrosoft Digital Image Starter Edition 2006Microsoft Digital Image Starter Edition 2006 EditorMicrosoft Digital Image Starter Edition 2006 LibraryMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft National Language Support Downlevel APIsMicrosoft Office 2000 Disc 2Microsoft Office 2000 PremiumMicrosoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft VC9 runtime librariesMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WinUsb 1.0Microsoft WorksmMHouseMoyea FLV Downloader version 1.15.0.15Moyea FLV Importer for Adobe Premiere Pro version 1.0.0.8Moyea FLV Player version 1.5.2.7Moyea FLV to Video Converter Pro version 1.29.1.6Mozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird 24.2.0 (x86 en-US)mPfMgrmProSafeMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6.0 Parser (KB933579)mWlsSafemXMLMyFreeCodecNapsterNapster Burn EngineNTREGOPT 1.1jOctoshape add-in for Adobe Flash PlayerOffice 2003 Trial AssistantOpenMG AAC Add-on Module 1.0.00OpenMG Limited Patch 4.5-06-05-12-01OpenMG Metadata Extractor for Windows Media PlayerOpenMG Secure Module 4.5.01Opera 10.63OSS MP3-WAV Converter version 5.0.0.0PDF reDirect (remove only)PRE11 STI InstallerQuicken 2006QuickTimeRCSProducts V12RealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealtek High Definition Audio DriverRealUpgrade 1.1Roxio DigitalMedia AudioRoxio DigitalMedia CopyRoxio DigitalMedia DataSafeConnectSamsung Kies3Samsung Story Album ViewerSAMSUNG USB Driver for Mobile PhonesSearch Enhancement by AOL SearchSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB2183461)Security Update for Windows Internet Explorer 7 (KB2360131)Security Update for Windows Internet Explorer 7 (KB2416400)Security Update for Windows Internet Explorer 7 (KB2482017)Security Update for Windows Internet Explorer 7 (KB2497640)Security Update for Windows Internet Explorer 7 (KB2530548)Security Update for Windows Internet Explorer 7 (KB2544521)Security Update for Windows Internet Explorer 7 (KB2559049)Security Update for Windows Internet Explorer 7 (KB2586448)Security Update for Windows Internet Explorer 7 (KB2618444)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB939653)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 7 (KB972260)Security Update for Windows Internet Explorer 7 (KB974455)Security Update for Windows Internet Explorer 7 (KB976325)Security Update for Windows Internet Explorer 7 (KB978207)Security Update for Windows Internet Explorer 7 (KB982381)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Encoder (KB2447961)Security Update for Windows Media Encoder (KB954156)Security Update for Windows Media Encoder (KB979332)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Setting Utility SeriesSoft Data Fax Modem with SmartCPSonic EncodersSonicStage 4.0Sony Certificate PCHSony MP4 Shared LibrarySony Utilities DLLSony Video Shared LibrarySymantec AntiVirusSymantec KB-DocID:2003093015493306The Da Vinci Code (remove only)TweetDeckUltr@VNC Release 1.0.0 RC 18 - Win32Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 7 (KB976749)Update for Windows Internet Explorer 7 (KB980182)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows Media Player 10 (KB913800)Update for Windows Media Player 10 (KB926251)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2718704)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Update Rollup 2 for Windows XP Media Center Edition 2005VAIO Backup UtilityVAIO Breeze WallpaperVAIO CentralVAIO Entertainment PlatformVAIO Event ServiceVAIO Hardware DiagnosticsVAIO Light Flo WallpaperVAIO Media 5.0VAIO Media AC3 Decoder 1.0VAIO Media Integrated Server 5.0VAIO Media Redistribution 5.0VAIO Media Registration Tool 5.0VAIO Media TutorialVAIO Original Screen SaverVAIO Original Screen Saver VAIO Cozy Screen SD Wide ContentsVAIO Power ManagementVAIO RegistrationVAIO Security CenterVAIO Support CentralVAIO Update 2VAIO Wireless LAN Setup UtilityVAIOSurveySAVC80CRTRedist - 8.0.50727.6195VirtualDJ Home FREEVisual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01VLC media player 2.1.2VPN ClientWebFldrs XPWheel of Fortune (remove only)Windows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation ToolWindows Internet Explorer 7Windows Internet Explorer 8Windows Media Encoder 9 SeriesWindows Media Format 11 runtimeWindows Media Player 10 Hotfix [see KB886612 for more information]Windows Media Player 11Windows XP Media Center Edition 2005 KB2502898Windows XP Media Center Edition 2005 KB2619340Windows XP Media Center Edition 2005 KB2628259Windows XP Media Center Edition 2005 KB925766Windows XP Media Center Edition 2005 KB973768Windows XP Service Pack 3Wireless Switch Setting Utility.==== Event Viewer Messages From Past Week ========.1/8/2014 6:05:46 PM, error: yukonwxp [101] - Driver has encountered an internal error1/8/2014 3:52:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.1/8/2014 3:52:33 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/8/2014 3:52:31 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}1/7/2014 6:37:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd1/7/2014 6:37:51 AM, error: Service Control Manager [7003] - The @%SystemRoot%\system32\iphlpsvc.dll,-200 service depends on the following nonexistent service: nsi1/7/2014 6:37:51 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: %%12901/7/2014 6:37:51 AM, error: Service Control Manager [7000] - The @%SystemRoot%\system32\tcpipcfg.dll,-50004 service failed to start due to the following error: The system cannot find the file specified.1/7/2014 6:37:16 AM, error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.1/5/2014 9:00:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.1/5/2014 9:00:45 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/3/2014 9:15:32 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.1/3/2014 7:08:28 PM, error: DCOM [10005] - DCOM got error "%1290" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}.==== End Of File =========================== DDS DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2Run by Butch at 6:51:57 on 2014-01-09Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.664 [GMT -5:00].AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}.============== Running Processes ================.C:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exeC:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\program files\real\realplayer\update\realsched.exeC:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exeC:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Common Files\AOL\1174708395\ee\AOLSoftware.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Drobo\Drobo Dashboard\DDAssist.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\PROGRA~1\Sony\SONICS~1\SsAAD.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.exeC:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exec:\program files\safeconnect\Uninstall.exeC:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Sony\VAIO Event Service\VESMgr.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\Program Files\SafeConnect\scClient.exeC:\Program Files\Windows Media Player\WMPNetwk.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\WINDOWS\system32\igfxext.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\System32\alg.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Butch\Application Data\Dropbox\bin\Dropbox.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvc.============== Pseudo HJT Report ===============.uURLSearchHooks: AOLSearchHook Class: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - c:\program files\aol\aol search enhancement\AOLSearch.dlluURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: AOLSearchHook Class: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - c:\program files\aol\aol search enhancement\AOLSearch.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: SecureBrowsing bho: {7632ABCA-B104-4fbc-9C70-419C4147061B} - c:\program files\m86security secure browsing\SecureBrowsing.dllBHO: AOL Toolbar Launcher: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 3.0\aoltb.dllBHO: Catcher Class: {ADECBED6-0366-4377-A739-E69DFBA04663} - c:\program files\moyea\flv downloader\MoyeaCth.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllTB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.0\aoltb.dllTB: M86 Security Secure Browsing: {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - c:\program files\m86security secure browsing\SecureBrowsing.dllTB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.0\aoltb.dllTB: M86 Security Secure Browsing: {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - c:\program files\m86security secure browsing\SecureBrowsing.dlluRun: [Google Update] "c:\documents and settings\butch\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [DDAssist] c:\program files\drobo\drobo dashboard\DDAssist.exeuRun: [CAHeadless] c:\program files\adobe\elements 11 organizer\caheadless\ElementsAutoAnalyzer.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorunuRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exeuRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exeuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgroundmRun: [vptray] c:\progra~1\symant~1\VPTray.exemRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /StationarymRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"mRun: [skyTel] SkyTel.EXEmRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exemRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -kmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exemRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [HostManager] c:\program files\common files\aol\1174708395\ee\AOLSoftware.exemRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exemRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [Apoint] c:\program files\apoint\Apoint.exemRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWmRun: [DISCover] c:\program files\disc\DISCover.exemRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exemRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"StartupFolder: c:\docume~1\butch\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\butch\application data\dropbox\bin\Dropbox.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\drobod~1.lnk - c:\program files\drobo\drobo dashboard\DroboDashboard.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nacass~1.lnk - c:\program files\enterasys networks\nac agent\NacAgent.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:323uPolicies-Explorer: NoDriveAutoRun = dword:67108863uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:149mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoDrives = dword:0mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDriveAutoRun = dword:67108863IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-us\local\search.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htmIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dllIE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.0\aoltb.dllIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeTCP: NameServer = 192.168.1.1TCP: Interfaces\{8698E6B8-1507-443B-A72A-1A9AA8F90825} : DHCPNameServer = 192.168.1.1Notify: igfxcui - igfxdev.dllNotify: NavLogon - c:\windows\system32\NavLogon.dllNotify: VESWinlogon - VESWinlogon.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\butch\application data\mozilla\firefox\profiles\gi2b1a6z.default\FF - prefs.js: browser.search.selectedEngine - SecureSearchFF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dllFF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dllFF - plugin: c:\documents and settings\butch\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dllFF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dllFF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dllFF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dllFF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dllFF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dllFF - ExtSQL: !HIDDEN! 2009-09-16 12:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension.---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.============= SERVICES / DRIVERS ===============.R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\adobe\elements 11 organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]R2 DDService;Drobo Dashboard Service;c:\program files\drobo\drobo dashboard\support\DDService.exe [2011-4-15 749568]R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-12-7 202328]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-10 106656]R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130705.002\naveng.sys [2013-7-5 93272]R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130705.002\navex15.sys [2013-7-5 1611992]R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-8-10 226304]S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\drivers\tdx.sys --> c:\windows\system32\drivers\tdx.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\system32\svchost.exe -k NetSvcs [2006-8-10 14336]S2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scmanager.sys servicestart --> c:\program files\safeconnect\scManager.sys servicestart [?]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-11-10 84248]S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-11-10 182680]S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-3-23 1120960]S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-3-26 280344]S3 WinDefend;Windows Defender;c:\windows\system32\svchost.exe -k secsvcs [2006-8-10 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== File Associations ===============.ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1".=============== Created Last 30 ================.2014-01-08 15:49:08 -------- d-----w- c:\program files\Kaspersky Lab2014-01-08 15:49:08 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab2013-12-11 12:52:57 -------- d-----w- c:\documents and settings\butch\local settings\application data\Drobo Dashboard2013-12-11 04:45:49 -------- d-----w- c:\documents and settings\all users\application data\Drobo Dashboard2013-12-11 04:45:30 -------- d-----w- c:\program files\Drobo2013-12-11 04:45:30 -------- d-----w- c:\documents and settings\butch\application data\Drobo.==================== Find3M ====================.2013-12-11 16:24:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-12-11 16:24:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe.============= FINISH: 6:53:59.82 ===============
  10. Please help! Laptop takes awhile to boot up. Kaspersky scan says I have maleware, Malewarebytes says otherwise. also having trouble with internet connect...it has become intermittent. not sure if that's related. Attach .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume2Install Date: 3/24/2007 4:17:53 PMSystem Uptime: 1/8/2014 3:45:25 PM (15 hours ago).Motherboard: Sony Corporation | | VAIOProcessor: Intel® Core2 CPU T5500 @ 1.66GHz | N/A | 1662/167mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 105 GiB total, 6.503 GiB free.D: is RemovableE: is FIXED (NTFS) - 298 GiB total, 188.632 GiB free.F: is CDROM ()H: is FIXED (NTFS) - 2048 GiB total, 1483.083 GiB free.I: is FIXED (NTFS) - 1863 GiB total, 795.715 GiB free.J: is FIXED (NTFS) - 2048 GiB total, 2047.729 GiB free..==== Disabled Device Manager Items =============.Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}Description: Cisco Systems VPN AdapterDevice ID: ROOT\NET\0000Manufacturer: Cisco SystemsName: Cisco Systems VPN AdapterPNP Device ID: ROOT\NET\0000Service: CVirtA.==== System Restore Points ===================.RP335: 10/12/2013 10:19:19 AM - System CheckpointRP336: 10/13/2013 3:36:58 PM - AA11RP337: 10/13/2013 4:05:41 PM - Removed VZAccess Manager for RIM.RP338: 10/14/2013 9:32:12 PM - System CheckpointRP339: 10/15/2013 10:19:41 PM - System CheckpointRP340: 10/17/2013 12:34:57 AM - System CheckpointRP341: 10/22/2013 1:38:37 PM - System CheckpointRP342: 10/24/2013 12:51:27 PM - System CheckpointRP343: 10/27/2013 5:35:49 PM - System CheckpointRP344: 10/29/2013 8:00:26 AM - System CheckpointRP345: 10/30/2013 10:29:26 AM - System CheckpointRP346: 10/31/2013 12:36:36 PM - System CheckpointRP347: 11/3/2013 6:57:40 PM - System CheckpointRP348: 11/4/2013 5:11:05 PM - AA11RP349: 11/5/2013 10:11:35 PM - System CheckpointRP350: 11/7/2013 10:46:42 AM - System CheckpointRP351: 11/9/2013 1:22:54 PM - Installed Java 7 Update 45RP352: 11/10/2013 1:28:04 PM - Installed Windows XP winusb0100.RP353: 11/10/2013 1:29:08 PM - Installed Windows XP winusb0100.RP354: 11/10/2013 1:29:19 PM - Installed Samsung Kies3RP355: 11/10/2013 1:41:35 PM - Removed Samsung KiesRP356: 11/11/2013 9:11:37 PM - System CheckpointRP357: 11/13/2013 10:28:48 AM - System CheckpointRP358: 11/14/2013 10:45:53 AM - System CheckpointRP359: 11/17/2013 12:56:03 PM - System CheckpointRP360: 11/19/2013 10:18:26 AM - System CheckpointRP361: 11/20/2013 11:07:43 AM - System CheckpointRP362: 11/21/2013 6:59:14 PM - System CheckpointRP363: 11/22/2013 10:29:04 PM - System CheckpointRP364: 11/24/2013 9:38:22 AM - System CheckpointRP365: 11/25/2013 7:23:31 PM - System CheckpointRP366: 11/26/2013 11:27:54 PM - System CheckpointRP367: 11/28/2013 5:11:59 AM - System CheckpointRP368: 11/28/2013 8:36:17 AM - Removed VirtualDJ Home FREERP369: 11/29/2013 4:28:19 PM - System CheckpointRP370: 11/30/2013 8:05:57 PM - System CheckpointRP371: 12/1/2013 9:48:45 PM - System CheckpointRP372: 12/3/2013 1:59:17 AM - System CheckpointRP373: 12/4/2013 10:34:48 AM - System CheckpointRP374: 12/5/2013 6:11:31 PM - System CheckpointRP375: 12/6/2013 10:09:55 PM - System CheckpointRP376: 12/8/2013 8:39:02 AM - System CheckpointRP377: 12/9/2013 10:09:34 AM - System CheckpointRP378: 12/9/2013 8:39:08 PM - Installed Drobo Dashboard.RP379: 12/10/2013 11:35:24 PM - Removed Drobo Dashboard.RP380: 12/10/2013 11:45:29 PM - Installed Drobo Dashboard.RP381: 12/11/2013 12:03:12 AM - Installed Drobo Dashboard.RP382: 12/12/2013 12:07:14 AM - System CheckpointRP383: 12/13/2013 1:25:17 AM - System CheckpointRP384: 12/14/2013 5:02:01 PM - System CheckpointRP385: 12/15/2013 9:41:59 PM - System CheckpointRP386: 12/16/2013 10:39:33 PM - System CheckpointRP387: 12/18/2013 7:14:01 PM - System CheckpointRP388: 12/19/2013 11:16:47 PM - System CheckpointRP389: 12/22/2013 4:54:39 PM - System CheckpointRP390: 12/23/2013 10:32:47 PM - System CheckpointRP391: 12/24/2013 9:57:45 AM - Removed TweetDeckRP392: 12/25/2013 2:20:12 PM - System CheckpointRP393: 12/26/2013 4:34:43 PM - System CheckpointRP394: 12/28/2013 4:54:51 AM - System CheckpointRP395: 12/29/2013 12:52:40 PM - System CheckpointRP396: 12/30/2013 1:35:05 PM - System CheckpointRP397: 12/31/2013 6:40:29 PM - System CheckpointRP398: 1/1/2014 9:44:57 PM - System CheckpointRP399: 1/3/2014 12:11:20 AM - System CheckpointRP400: 1/5/2014 7:41:16 PM - System CheckpointRP401: 1/6/2014 9:15:46 PM - System CheckpointRP402: 1/8/2014 9:00:23 AM - System CheckpointRP403: 1/8/2014 10:49:07 AM - Installed Kaspersky Security Scan..==== Installed Programs ======================.Acrobat.comAdobe AIRAdobe Common File InstallerAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Media PlayerAdobe Photoshop Elements 3.0Adobe Premiere Elements 11Adobe Premiere Elements 4.0Adobe Premiere Elements 4.0 TemplatesAdobe Premiere Elements Updater 3.0.2Adobe Reader XI (11.0.05)Adobe Shockwave Player 11.5Adobe SVG Viewer 3.0AIM 7AOL Coach Version 2.0(Build:20041026.5 en)AOL Spyware ProtectionAOL Uninstaller (Choose which Products to Remove)AOL You've Got Pictures ScreensaverApple Application SupportApple Mobile Device SupportApple Software UpdateAudacity 1.3.14 (Unicode)Bewitched (remove only)BlackBerry Desktop Software 6.0.2BonjourClick to DVD 2.0.03 Menu DataClick to DVD 2.5.30Click to DVD TutorialCompatibility Pack for the 2007 Office systemCritical Update for Windows Media Player 11 (KB959772)CutePDF Writer 2.7DISCoverDivX SetupDownload Updater (AOL LLC)Drobo DashboardDropboxDVgate PlusElements 11 OrganizerEnterasys NAC Assessment AgentFastStone Image Viewer 4.6Freemake Video Converter version 3.2.1FreeScreenSharingGoogle ChromeGoogle Earth Plug-inGoogle Update HelperGoToMeeting 6.0.0.1259High Definition Audio Driver Package - KB835221HijackThis 2.0.2Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 10 (KB903157)Hotfix for Windows Media Player 10 (KB910393)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2158563)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB2570791)Hotfix for Windows XP (KB2633952)Hotfix for Windows XP (KB942288-v3)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB970653-v3)Hotfix for Windows XP (KB976098-v2)Hotfix for Windows XP (KB979306)Hotfix for Windows XP (KB981793)Image Converter 2 PlusImageStationIntel® Graphics Media Accelerator DriverIntel® PROSet/Wireless SoftwareInterVideo WinDVD for VAIOISScriptiTunesJ2SE Runtime Environment 5.0 Update 11J2SE Runtime Environment 5.0 Update 6Japanese Fonts Support For Adobe Reader 9Java 7 Update 45Java Auto UpdaterJava 6 Update 20Java SE Runtime Environment 6 Update 1JEOPARDY! (remove only)Kaspersky Security ScanLAME v3.99.3 (for Windows)LAN Setting UtilityLiveUpdate 3.0 (Symantec Corporation)M86Security Secure BrowsingMacromedia Flash Player 8Macromedia Flash Player 8 PluginMalwarebytes Anti-Malware version 1.75.0.1300McGraw-Hill EZ Test DesktopmCoremDriverMemory Stick FormatterMicrosoft .NET Framework 1.0 Hotfix (KB2572066)Microsoft .NET Framework 1.0 Hotfix (KB2604042)Microsoft .NET Framework 1.0 Hotfix (KB2656378)Microsoft .NET Framework 1.0 Hotfix (KB953295)Microsoft .NET Framework 1.0 Hotfix (KB979904)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2656353)Microsoft .NET Framework 1.1 Security Update (KB2656370)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft .NET Framework 4 Client ProfileMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Data Access Components KB870669Microsoft Digital Image Library 9 - BlockerMicrosoft Digital Image Starter Edition 2006Microsoft Digital Image Starter Edition 2006 EditorMicrosoft Digital Image Starter Edition 2006 LibraryMicrosoft Internationalized Domain Names Mitigation APIsMicrosoft Kernel-Mode Driver Framework Feature Pack 1.9Microsoft National Language Support Downlevel APIsMicrosoft Office 2000 Disc 2Microsoft Office 2000 PremiumMicrosoft SilverlightMicrosoft User-Mode Driver Framework Feature Pack 1.0Microsoft VC9 runtime librariesMicrosoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WinUsb 1.0Microsoft WorksmMHouseMoyea FLV Downloader version 1.15.0.15Moyea FLV Importer for Adobe Premiere Pro version 1.0.0.8Moyea FLV Player version 1.5.2.7Moyea FLV to Video Converter Pro version 1.29.1.6Mozilla Firefox 22.0 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird 24.2.0 (x86 en-US)mPfMgrmProSafeMSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 6.0 Parser (KB933579)mWlsSafemXMLMyFreeCodecNapsterNapster Burn EngineNTREGOPT 1.1jOctoshape add-in for Adobe Flash PlayerOffice 2003 Trial AssistantOpenMG AAC Add-on Module 1.0.00OpenMG Limited Patch 4.5-06-05-12-01OpenMG Metadata Extractor for Windows Media PlayerOpenMG Secure Module 4.5.01Opera 10.63OSS MP3-WAV Converter version 5.0.0.0PDF reDirect (remove only)PRE11 STI InstallerQuicken 2006QuickTimeRCSProducts V12RealNetworks - Microsoft Visual C++ 2008 RuntimeRealPlayerRealtek High Definition Audio DriverRealUpgrade 1.1Roxio DigitalMedia AudioRoxio DigitalMedia CopyRoxio DigitalMedia DataSafeConnectSamsung Kies3Samsung Story Album ViewerSAMSUNG USB Driver for Mobile PhonesSearch Enhancement by AOL SearchSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)Security Update for Microsoft Windows (KB2564958)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB2183461)Security Update for Windows Internet Explorer 7 (KB2360131)Security Update for Windows Internet Explorer 7 (KB2416400)Security Update for Windows Internet Explorer 7 (KB2482017)Security Update for Windows Internet Explorer 7 (KB2497640)Security Update for Windows Internet Explorer 7 (KB2530548)Security Update for Windows Internet Explorer 7 (KB2544521)Security Update for Windows Internet Explorer 7 (KB2559049)Security Update for Windows Internet Explorer 7 (KB2586448)Security Update for Windows Internet Explorer 7 (KB2618444)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB939653)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 7 (KB953838)Security Update for Windows Internet Explorer 7 (KB956390)Security Update for Windows Internet Explorer 7 (KB958215)Security Update for Windows Internet Explorer 7 (KB960714)Security Update for Windows Internet Explorer 7 (KB961260)Security Update for Windows Internet Explorer 7 (KB963027)Security Update for Windows Internet Explorer 7 (KB969897)Security Update for Windows Internet Explorer 7 (KB972260)Security Update for Windows Internet Explorer 7 (KB974455)Security Update for Windows Internet Explorer 7 (KB976325)Security Update for Windows Internet Explorer 7 (KB978207)Security Update for Windows Internet Explorer 7 (KB982381)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB2618444)Security Update for Windows Internet Explorer 8 (KB2647516)Security Update for Windows Internet Explorer 8 (KB2675157)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Encoder (KB2447961)Security Update for Windows Media Encoder (KB954156)Security Update for Windows Media Encoder (KB979332)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB968816)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 10 (KB936782)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows Media Player 6.4 (KB925398)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2160329)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2279986)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2507938)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2510581)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276-v2)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893-v2)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB2555917)Security Update for Windows XP (KB2562937)Security Update for Windows XP (KB2566454)Security Update for Windows XP (KB2567053)Security Update for Windows XP (KB2567680)Security Update for Windows XP (KB2570222)Security Update for Windows XP (KB2570947)Security Update for Windows XP (KB2584146)Security Update for Windows XP (KB2585542)Security Update for Windows XP (KB2592799)Security Update for Windows XP (KB2598479)Security Update for Windows XP (KB2603381)Security Update for Windows XP (KB2618451)Security Update for Windows XP (KB2620712)Security Update for Windows XP (KB2621440)Security Update for Windows XP (KB2624667)Security Update for Windows XP (KB2631813)Security Update for Windows XP (KB2633171)Security Update for Windows XP (KB2639417)Security Update for Windows XP (KB2641653)Security Update for Windows XP (KB2646524)Security Update for Windows XP (KB2647518)Security Update for Windows XP (KB2653956)Security Update for Windows XP (KB2659262)Security Update for Windows XP (KB2660465)Security Update for Windows XP (KB2661637)Security Update for Windows XP (KB2676562)Security Update for Windows XP (KB2686509)Security Update for Windows XP (KB2695962)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB923689)Security Update for Windows XP (KB938464-v2)Security Update for Windows XP (KB938464)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951376)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB953839)Security Update for Windows XP (KB954211)Security Update for Windows XP (KB954459)Security Update for Windows XP (KB954600)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956391)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB957095)Security Update for Windows XP (KB957097)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958687)Security Update for Windows XP (KB958690)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960715)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961371)Security Update for Windows XP (KB961373)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB968537)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB969898)Security Update for Windows XP (KB969947)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971486)Security Update for Windows XP (KB971557)Security Update for Windows XP (KB971633)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB971961)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973346)Security Update for Windows XP (KB973354)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973525)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975025)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977165)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978251)Security Update for Windows XP (KB978262)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981349)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981957)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Security Update for Windows XP (KB982802)Setting Utility SeriesSoft Data Fax Modem with SmartCPSonic EncodersSonicStage 4.0Sony Certificate PCHSony MP4 Shared LibrarySony Utilities DLLSony Video Shared LibrarySymantec AntiVirusSymantec KB-DocID:2003093015493306The Da Vinci Code (remove only)TweetDeckUltr@VNC Release 1.0.0 RC 18 - Win32Update for Microsoft .NET Framework 3.5 SP1 (KB963707)Update for Windows Internet Explorer 7 (KB976749)Update for Windows Internet Explorer 7 (KB980182)Update for Windows Internet Explorer 8 (KB2598845)Update for Windows Media Player 10 (KB913800)Update for Windows Media Player 10 (KB926251)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB2541763)Update for Windows XP (KB2607712)Update for Windows XP (KB2616676)Update for Windows XP (KB2641690)Update for Windows XP (KB2718704)Update for Windows XP (KB951072-v2)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB955839)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Update Rollup 2 for Windows XP Media Center Edition 2005VAIO Backup UtilityVAIO Breeze WallpaperVAIO CentralVAIO Entertainment PlatformVAIO Event ServiceVAIO Hardware DiagnosticsVAIO Light Flo WallpaperVAIO Media 5.0VAIO Media AC3 Decoder 1.0VAIO Media Integrated Server 5.0VAIO Media Redistribution 5.0VAIO Media Registration Tool 5.0VAIO Media TutorialVAIO Original Screen SaverVAIO Original Screen Saver VAIO Cozy Screen SD Wide ContentsVAIO Power ManagementVAIO RegistrationVAIO Security CenterVAIO Support CentralVAIO Update 2VAIO Wireless LAN Setup UtilityVAIOSurveySAVC80CRTRedist - 8.0.50727.6195VirtualDJ Home FREEVisual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01VLC media player 2.1.2VPN ClientWebFldrs XPWheel of Fortune (remove only)Windows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage Validation ToolWindows Internet Explorer 7Windows Internet Explorer 8Windows Media Encoder 9 SeriesWindows Media Format 11 runtimeWindows Media Player 10 Hotfix [see KB886612 for more information]Windows Media Player 11Windows XP Media Center Edition 2005 KB2502898Windows XP Media Center Edition 2005 KB2619340Windows XP Media Center Edition 2005 KB2628259Windows XP Media Center Edition 2005 KB925766Windows XP Media Center Edition 2005 KB973768Windows XP Service Pack 3Wireless Switch Setting Utility.==== Event Viewer Messages From Past Week ========.1/8/2014 6:05:46 PM, error: yukonwxp [101] - Driver has encountered an internal error1/8/2014 3:52:33 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.1/8/2014 3:52:33 PM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/8/2014 3:52:31 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}1/7/2014 6:37:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd1/7/2014 6:37:51 AM, error: Service Control Manager [7003] - The @%SystemRoot%\system32\iphlpsvc.dll,-200 service depends on the following nonexistent service: nsi1/7/2014 6:37:51 AM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: %%12901/7/2014 6:37:51 AM, error: Service Control Manager [7000] - The @%SystemRoot%\system32\tcpipcfg.dll,-50004 service failed to start due to the following error: The system cannot find the file specified.1/7/2014 6:37:16 AM, error: NetBT [4319] - A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.1/5/2014 9:00:45 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.1/5/2014 9:00:45 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/3/2014 9:15:32 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.1/3/2014 7:08:28 PM, error: DCOM [10005] - DCOM got error "%1290" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}.==== End Of File =========================== DDS DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2Run by Butch at 6:51:57 on 2014-01-09Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.664 [GMT -5:00].AV: Symantec AntiVirus Corporate Edition *Disabled/Outdated* {FB06448E-52B8-493A-90F3-E43226D3305C}.============== Running Processes ================.C:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exeC:\PROGRA~1\SYMANT~1\VPTray.exeC:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exeC:\Program Files\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\program files\real\realplayer\update\realsched.exeC:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Sony\VAIO Power Management\SPMgr.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exeC:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exeC:\Program Files\QuickTime\QTTask.exeC:\Program Files\Sony\ISB Utility\ISBMgr.exeC:\WINDOWS\system32\igfxpers.exeC:\WINDOWS\system32\hkcmd.exeC:\Program Files\Common Files\AOL\1174708395\ee\AOLSoftware.exeC:\WINDOWS\ehome\ehtray.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Apoint\Apoint.exeC:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exeC:\Program Files\Apoint\Apntex.exeC:\Program Files\DivX\DivX Update\DivXUpdate.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Drobo\Drobo Dashboard\DDAssist.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exeC:\Program Files\Windows Media Player\WMPNSCFG.exeC:\PROGRA~1\Sony\SONICS~1\SsAAD.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\Program Files\Drobo\Drobo Dashboard\DroboDashboard.exeC:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exeC:\Program Files\Symantec AntiVirus\DefWatch.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Java\jre7\bin\jqs.exeC:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exeC:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exeC:\Program Files\Intel\Wireless\Bin\RegSrvc.exec:\program files\safeconnect\Uninstall.exeC:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Program Files\Sony\VAIO Event Service\VESMgr.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\Program Files\SafeConnect\scClient.exeC:\Program Files\Windows Media Player\WMPNetwk.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\WINDOWS\system32\igfxext.exeC:\WINDOWS\system32\igfxsrvc.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\eHome\ehmsas.exeC:\WINDOWS\System32\alg.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Butch\Application Data\Dropbox\bin\Dropbox.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\System32\svchost.exe -k HTTPFilterC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvc.============== Pseudo HJT Report ===============.uURLSearchHooks: AOLSearchHook Class: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - c:\program files\aol\aol search enhancement\AOLSearch.dlluURLSearchHooks: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - <orphaned>BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dllBHO: AOLSearchHook Class: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - c:\program files\aol\aol search enhancement\AOLSearch.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: SecureBrowsing bho: {7632ABCA-B104-4fbc-9C70-419C4147061B} - c:\program files\m86security secure browsing\SecureBrowsing.dllBHO: AOL Toolbar Launcher: {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - c:\program files\aol\aol toolbar 3.0\aoltb.dllBHO: Catcher Class: {ADECBED6-0366-4377-A739-E69DFBA04663} - c:\program files\moyea\flv downloader\MoyeaCth.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllTB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.0\aoltb.dllTB: M86 Security Secure Browsing: {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - c:\program files\m86security secure browsing\SecureBrowsing.dllTB: AOL Toolbar: {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.0\aoltb.dllTB: M86 Security Secure Browsing: {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - c:\program files\m86security secure browsing\SecureBrowsing.dlluRun: [Google Update] "c:\documents and settings\butch\local settings\application data\google\update\GoogleUpdate.exe" /cuRun: [DDAssist] c:\program files\drobo\drobo dashboard\DDAssist.exeuRun: [CAHeadless] c:\program files\adobe\elements 11 organizer\caheadless\ElementsAutoAnalyzer.exeuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorunuRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exeuRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exeuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgroundmRun: [vptray] c:\progra~1\symant~1\VPTray.exemRun: [VAIO Update 2] "c:\program files\sony\vaio update 2\VAIOUpdt.exe" /StationarymRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osbootmRun: [switcher.exe] c:\program files\sony\wireless switch setting utility\Switcher.exemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [sonyPowerCfg] "c:\program files\sony\vaio power management\SPMgr.exe"mRun: [skyTel] SkyTel.EXEmRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exemRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -kmRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [iSBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exemRun: [igfxtray] c:\windows\system32\igfxtray.exemRun: [igfxpers] c:\windows\system32\igfxpers.exemRun: [igfxhkcmd] c:\windows\system32\hkcmd.exemRun: [HostManager] c:\program files\common files\aol\1174708395\ee\AOLSoftware.exemRun: [ehTray] c:\windows\ehome\ehtray.exemRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exemRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"mRun: [Apoint] c:\program files\apoint\Apoint.exemRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOWmRun: [DISCover] c:\program files\disc\DISCover.exemRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exemRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe"StartupFolder: c:\docume~1\butch\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\butch\application data\dropbox\bin\Dropbox.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\drobod~1.lnk - c:\program files\drobo\drobo dashboard\DroboDashboard.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXEStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nacass~1.lnk - c:\program files\enterasys networks\nac agent\NacAgent.exeStartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:323uPolicies-Explorer: NoDriveAutoRun = dword:67108863uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDriveTypeAutoRun = dword:149mPolicies-Explorer: NoDriveAutoRun = dword:67108863mPolicies-Explorer: NoDrives = dword:0mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1mPolicies-Explorer: NoDriveTypeAutoRun = dword:323mPolicies-Explorer: NoDriveAutoRun = dword:67108863IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-us\local\search.htmlIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: Transfer by Image Converter 2 Plus - c:\program files\sony\image converter 2\menu.htmIE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dllIE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.0\aoltb.dllIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeTCP: NameServer = 192.168.1.1TCP: Interfaces\{8698E6B8-1507-443B-A72A-1A9AA8F90825} : DHCPNameServer = 192.168.1.1Notify: igfxcui - igfxdev.dllNotify: NavLogon - c:\windows\system32\NavLogon.dllNotify: VESWinlogon - VESWinlogon.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\butch\application data\mozilla\firefox\profiles\gi2b1a6z.default\FF - prefs.js: browser.search.selectedEngine - SecureSearchFF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dllFF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dllFF - plugin: c:\documents and settings\butch\local settings\application data\google\update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dllFF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dllFF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dllFF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dllFF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dllFF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dllFF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dllFF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dllFF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_170.dllFF - ExtSQL: !HIDDEN! 2009-09-16 12:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension.---- FIREFOX POLICIES ----FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false.============= SERVICES / DRIVERS ===============.R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files\adobe\elements 11 organizer\PhotoshopElementsFileAgent.exe [2012-9-17 171600]R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-24 192160]R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-24 169632]R2 DDService;Drobo Dashboard Service;c:\program files\drobo\drobo dashboard\support\DDService.exe [2011-4-15 749568]R2 KSS;Kaspersky Security Scan Service;c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe [2012-12-7 202328]R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-6-15 1805552]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-10 106656]R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20130705.002\naveng.sys [2013-7-5 93272]R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20130705.002\navex15.sys [2013-7-5 1611992]R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2006-8-10 226304]S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\drivers\tdx.sys --> c:\windows\system32\drivers\tdx.sys [?]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\system32\svchost.exe -k NetSvcs [2006-8-10 14336]S2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scmanager.sys servicestart --> c:\program files\safeconnect\scManager.sys servicestart [?]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-11-10 84248]S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-6-15 115952]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-11-10 182680]S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-3-23 1120960]S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-3-26 280344]S3 WinDefend;Windows Defender;c:\windows\system32\svchost.exe -k secsvcs [2006-8-10 14336]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504].=============== File Associations ===============.ShellExec: pi11.exe: Open="c:\program files\microsoft digital image 2006\pi.exe" "%1".=============== Created Last 30 ================.2014-01-08 15:49:08 -------- d-----w- c:\program files\Kaspersky Lab2014-01-08 15:49:08 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab2013-12-11 12:52:57 -------- d-----w- c:\documents and settings\butch\local settings\application data\Drobo Dashboard2013-12-11 04:45:49 -------- d-----w- c:\documents and settings\all users\application data\Drobo Dashboard2013-12-11 04:45:30 -------- d-----w- c:\program files\Drobo2013-12-11 04:45:30 -------- d-----w- c:\documents and settings\butch\application data\Drobo.==================== Find3M ====================.2013-12-11 16:24:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2013-12-11 16:24:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe.============= FINISH: 6:53:59.82 ===============
  11. The re-direct in IE has stopped. I have done searches in Crome and Firefox and they seem to working fine now. The "rundll.exe" hangup when the computer shuts down has stopped. Things look good... THANK YOU, THANK YOU, THANK YOU!
  12. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=cb44a455f1c8264f86e449556842a0aa # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-12 06:14:40 # local_time=2012-06-12 02:14:40 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 61982499 61982499 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=364620 # found=4 # cleaned=4 # scan_time=11107 C:\Documents and Settings\Butch\Desktop\cnet2_ComboFix_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{2FF74256-477D-4B01-939A-D41C1BBFE2C6}\RP1\A0000562.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\_OTL\MovedFiles\06112012_175440\C_Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll a variant of Win32/Kryptik.AGJV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C I:\465_G\maxtor\021907_viao_D\updates\sspsetup1_.exe probably a variant of Win32/Agent.EZSDFRQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  13. ComboFix 12-06-11.04 - Butch 06/12/2012 9:23.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1111 [GMT -4:00] Running from: c:\documents and settings\Butch\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Butch\Desktop\CFScript.txt AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . . ((((((((((((((((((((((((( Files Created from 2012-05-12 to 2012-06-12 ))))))))))))))))))))))))))))))) . . 2012-06-11 21:54 . 2012-06-11 21:54 -------- d-----w- C:\_OTL 2012-05-27 12:51 . 2012-05-27 12:51 -------- d-----w- c:\program files\Dropbox 2012-05-20 04:33 . 2012-05-20 04:33 -------- d-----w- c:\documents and settings\Butch\Application Data\RealNetworks . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-11 01:02 . 2012-04-02 17:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-11 01:02 . 2011-05-15 04:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-31 13:22 . 2006-08-10 07:32 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:14 . 2004-08-03 23:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12 . 2006-08-10 07:32 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-04 19:56 . 2010-03-15 03:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-20 22:18 . 2006-08-10 07:32 26112 ----a-w- c:\windows\system32\userinit.exe 2012-04-25 12:25 . 2012-02-05 02:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-06-11_22.53.09 ))))))))))))))))))))))))))))))))))))))))) . + 2012-06-12 12:16 . 2012-06-12 12:16 16384 c:\windows\Temp\Perflib_Perfdata_884.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824] "HostManager"="c:\program files\Common Files\AOL\1174708395\ee\AOLSoftware.exe" [2006-09-26 50736] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-02 1077248] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-03-04 296056] . c:\documents and settings\Butch\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Butch\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-3-26 1524776] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 297240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] 2006-05-08 13:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1174708395\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Microsoft Office\\Office\\SBT\\DMM\\directmail.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\McGraw-Hill\\MH_EZTest\\jre\\bin\\java.exe"= "c:\\McGraw-Hill\\MH_EZTest\\mysql\\bin\\mysqld.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Documents and Settings\\Butch\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2967:TCP"= 2967:TCP:Symantec . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/16/2010 11:49 AM 64512] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/31/2012 1:58 PM 106656] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/10/2006 3:33 AM 226304] S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?] S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2011 7:44 PM 136176] S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [8/10/2006 3:32 AM 14336] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2152152] S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784] S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2011 7:44 PM 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:26 AM 129976] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 2:40 AM 115952] S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [8/10/2006 3:32 AM 14336] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - IPHLPSVC . Contents of the 'Scheduled Tasks' folder . 2012-06-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 14:08] . 2012-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005Core.job - c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57] . 2012-06-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005UA.job - c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57] . 2012-06-12 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45] . 2012-06-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sony.com/vaiopeople uInternet Settings,ProxyOverride = *.local IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\documents and settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\ FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-12 09:35 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1344) c:\windows\system32\VESWinlogon.dll . - - - - - - - > 'explorer.exe'(5112) c:\windows\system32\WININET.dll c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-06-12 09:42:21 ComboFix-quarantined-files.txt 2012-06-12 13:42 ComboFix2.txt 2012-06-11 22:59 ComboFix3.txt 2012-03-21 13:00 . Pre-Run: 8,766,124,032 bytes free Post-Run: 8,769,560,576 bytes free . - - End Of File - - A32F9F4C43963A31536A8AF0839ABF2E
  14. Viewpoint Media Player has been uninstalled. OTL Fix Log: All processes killed ========== OTL ========== Registry value HKEY_USERS\S-1-5-21-2399893216-1284573121-3459454606-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ApplicationHistory deleted successfully. C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll moved successfully. Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ApplicationHistory not found. File C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll not found. Registry value HKEY_USERS\S-1-5-21-2399893216-1284573121-3459454606-1005\Software\Microsoft\Windows\CurrentVersion\Run\\ApplicationHistory deleted successfully. File C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll not found. ========== FILES ========== C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory folder moved successfully. C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 456 bytes User: All Users User: Butch ->Temp folder emptied: 51844397 bytes ->Temporary Internet Files folder emptied: 10299387 bytes ->Java cache emptied: 163926967 bytes ->FireFox cache emptied: 468519870 bytes ->Google Chrome cache emptied: 45263310 bytes ->Opera cache emptied: 225657 bytes ->Flash cache emptied: 58341 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 9076870 bytes ->Java cache emptied: 9930 bytes ->Flash cache emptied: 56359 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 19569 bytes %systemroot%\System32 .tmp files removed: 5675025 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2333014 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 14890728 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes RecycleBin emptied: 58798342 bytes Total Files Cleaned = 793.00 mb Unable to stop System Restore Service. Error code 1722. Restore points not cleared. Error creating restore point. OTL by OldTimer - Version 3.2.48.0 log created on 06112012_175440 Files\Folders moved on Reboot... Registry entries deleted on Reboot... ComboFix Log: ComboFix 12-06-11.04 - Butch 06/11/2012 18:41:29.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1152 [GMT -4:00] Running from: c:\documents and settings\Butch\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\setupapi.log c:\windows\system32\regobj.dll I:\Autorun.inf I:\Setup.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 ))))))))))))))))))))))))))))))) . . 2012-06-11 21:54 . 2012-06-11 21:54 -------- d-----w- C:\_OTL 2012-05-27 12:51 . 2012-05-27 12:51 -------- d-----w- c:\program files\Dropbox 2012-05-20 04:33 . 2012-05-20 04:33 -------- d-----w- c:\documents and settings\Butch\Application Data\RealNetworks . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-11 01:02 . 2012-04-02 17:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-11 01:02 . 2011-05-15 04:20 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-31 13:22 . 2006-08-10 07:32 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-04-11 13:14 . 2004-08-03 23:18 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-04-11 13:12 . 2006-08-10 07:32 1862272 ----a-w- c:\windows\system32\win32k.sys 2012-04-11 12:35 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-04-04 19:56 . 2010-03-15 03:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-20 22:18 . 2006-08-10 07:32 26112 ----a-w- c:\windows\system32\userinit.exe 2012-04-25 12:25 . 2012-02-05 02:13 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Butch\Application Data\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656] "VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552] "Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128] "SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-08-27 217088] "SkyTel"="SkyTel.EXE" [2006-05-17 2879488] "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-04-05 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-04-05 118784] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-04-05 77824] "HostManager"="c:\program files\Common Files\AOL\1174708395\ee\AOLSoftware.exe" [2006-09-26 50736] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512] "DISCover"="c:\program files\DISC\DISCover.exe" [2006-06-02 1077248] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408] "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248] "Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784] "AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216] "AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 79448] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-03-04 296056] . c:\documents and settings\Butch\Start Menu\Programs\Startup\ Dropbox.lnk - c:\documents and settings\Butch\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-3-26 1524776] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] SafeConnect.lnk - c:\program files\SafeConnect\scClient.exe [2009-3-31 297240] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2006-06-20 23:11 73728 ----a-w- c:\windows\system32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe] 2006-05-08 13:17 81920 ----a-w- c:\progra~1\Sony\SONICS~1\SSAAD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-19 00:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DISC\\DISCover.exe"= "c:\\Program Files\\DISC\\DiscStreamHub.exe"= "c:\\Program Files\\DISC\\myFTP.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1174708395\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Microsoft Office\\Office\\SBT\\DMM\\directmail.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\McGraw-Hill\\MH_EZTest\\jre\\bin\\java.exe"= "c:\\McGraw-Hill\\MH_EZTest\\mysql\\bin\\mysqld.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Documents and Settings\\Butch\\Application Data\\Dropbox\\bin\\Dropbox.exe"= "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2967:TCP"= 2967:TCP:Symantec . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/16/2010 11:49 AM 64512] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/31/2012 1:58 PM 106656] R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [8/10/2006 3:33 AM 226304] S2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 4:47 AM 98304] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2011 7:44 PM 136176] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/18/2011 3:25 PM 2152152] S2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 3:40 AM 118784] S2 SCManager;SafeConnect Manager;c:\program files\SafeConnect\scManager.sys servicestart --> c:\program files\SafeConnect\scManager.sys servicestart [?] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2011 7:44 PM 136176] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 8:26 AM 129976] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [6/15/2006 2:40 AM 115952] . Contents of the 'Scheduled Tasks' folder . 2012-06-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 14:08] . 2012-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:34] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-02-08 13:57] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005Core.job - c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57] . 2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005UA.job - c:\documents and settings\Butch\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-27 13:57] . 2012-06-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45] . 2012-06-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.sony.com/vaiopeople uInternet Settings,ProxyOverride = *.local IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.0\resources\en-US\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Transfer by Image Converter 2 Plus - c:\program files\Sony\Image Converter 2\menu.htm Trusted Zone: trymedia.com TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 FF - ProfilePath - c:\documents and settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\ FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-11 18:52 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1344) c:\windows\system32\VESWinlogon.dll . Completion time: 2012-06-11 18:59:46 ComboFix-quarantined-files.txt 2012-06-11 22:59 ComboFix2.txt 2012-03-21 13:00 . Pre-Run: 9,000,591,360 bytes free Post-Run: 8,948,617,216 bytes free . - - End Of File - - FA162DD6E3ADAC0BC16BC5D5F464DD56
  15. Here is OTL: OTL logfile created on: 6/11/2012 10:44:33 AM - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Butch\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 31.04% Memory free 3.84 Gb Paging File | 3.12 Gb Available in Paging File | 81.14% Paging File free Paging file location(s): C:\pagefile.sys 2048 3048I:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 104.79 Gb Total Space | 7.77 Gb Free Space | 7.42% Space Free | Partition Type: NTFS Drive D: | 1.88 Gb Total Space | 1.78 Gb Free Space | 94.79% Space Free | Partition Type: FAT Drive E: | 298.09 Gb Total Space | 209.61 Gb Free Space | 70.32% Space Free | Partition Type: NTFS Drive G: | 465.76 Gb Total Space | 229.72 Gb Free Space | 49.32% Space Free | Partition Type: NTFS Drive I: | 1863.01 Gb Total Space | 1081.72 Gb Free Space | 58.06% Space Free | Partition Type: NTFS Computer Name: CCRSYR04MBC | User Name: Butch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/11 10:41:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Butch\Desktop\OTL.exe PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Butch\Application Data\Dropbox\bin\Dropbox.exe PRC - [2012/04/25 08:25:56 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2012/03/04 15:01:43 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe PRC - [2011/02/28 20:17:39 | 000,297,240 | ---- | M] (Impulse Point, LLC) -- C:\Program Files\SafeConnect\SCClient.exe PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe PRC - [2009/06/17 10:51:24 | 000,292,632 | ---- | M] (Impulse Point, LLC) -- c:\Program Files\SafeConnect\Uninstall.exe PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe PRC - [2006/09/25 20:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1174708395\ee\aolsoftware.exe PRC - [2006/08/27 17:46:54 | 000,217,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe PRC - [2006/06/20 19:11:00 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe PRC - [2006/06/15 02:40:34 | 000,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe PRC - [2006/06/15 02:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe PRC - [2006/06/15 02:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe PRC - [2006/06/01 20:55:30 | 001,077,248 | ---- | M] (Digital Interactive Systems Corporation) -- C:\Program Files\DISC\DISCover.exe PRC - [2006/06/01 20:54:30 | 000,057,344 | ---- | M] (Digital Interactive Systems Corporation, Inc.) -- C:\Program Files\DISC\DiscStreamHub.exe PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe PRC - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2006/03/24 18:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe PRC - [2006/03/24 18:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe PRC - [2006/03/24 18:14:48 | 000,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe PRC - [2006/02/14 16:11:46 | 000,176,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe PRC - [2005/11/28 16:39:32 | 000,118,784 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe PRC - [2005/11/28 16:39:30 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2005/10/12 00:36:38 | 000,151,552 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe PRC - [2005/03/11 21:55:40 | 000,135,168 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe PRC - [2004/11/17 23:47:16 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe PRC - [2004/10/18 17:42:18 | 000,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe PRC - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe PRC - [2004/10/15 16:54:12 | 000,046,768 | ---- | M] (America Online Inc) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe PRC - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe PRC - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe PRC - [2004/08/19 12:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe PRC - [2004/02/20 17:12:34 | 000,032,768 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe ========== Modules (No Company Name) ========== MOD - [2012/06/10 21:02:31 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll MOD - [2012/04/25 08:25:56 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2012/04/12 03:42:39 | 000,843,776 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_b77fa627\system.drawing.dll MOD - [2012/04/12 03:42:33 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_08a5292b\system.windows.forms.dll MOD - [2012/04/12 03:41:59 | 000,471,040 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll MOD - [2012/01/11 03:02:21 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e3ecdad3\mscorlib.dll MOD - [2012/01/11 03:02:11 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_3703fa30\system.xml.dll MOD - [2012/01/11 03:01:54 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7f621009\system.dll MOD - [2012/01/11 03:01:37 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll MOD - [2012/01/11 03:01:36 | 001,269,760 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll MOD - [2012/01/11 03:01:33 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll MOD - [2011/02/04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll MOD - [2010/06/06 10:20:02 | 000,065,344 | ---- | M] () -- C:\WINDOWS\system32\PDFreDirectMonNT.dll MOD - [2009/09/04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll MOD - [2008/03/25 00:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2007/07/12 23:33:58 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll MOD - [2006/08/10 05:15:30 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll MOD - [2006/08/10 05:15:27 | 000,573,440 | ---- | M] () -- c:\windows\assembly\gac\system.web.services\1.0.5000.0__b03f5f7f11d50a3a\system.web.services.dll MOD - [2006/08/10 05:15:27 | 000,299,008 | ---- | M] () -- c:\windows\assembly\gac\microsoft.visualbasic\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualbasic.dll MOD - [2006/07/03 00:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll MOD - [2006/07/03 00:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll MOD - [2006/06/20 19:11:00 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll MOD - [2004/10/18 17:42:18 | 000,079,448 | ---- | M] () -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe MOD - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe MOD - [2004/10/04 04:46:50 | 000,147,456 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\platform.dll MOD - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012/04/25 08:25:57 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011/10/27 10:08:17 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011/02/28 20:17:39 | 000,174,432 | ---- | M] (Impulse Point, LLC) [Auto | Stopped] -- C:\Program Files\SafeConnect\scManager.sys -- (SCManager) SRV - [2008/01/06 19:52:26 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007/03/23 23:52:32 | 001,120,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC) SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS) SRV - [2006/06/20 19:11:00 | 000,176,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2006/06/15 02:40:28 | 000,115,952 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam) SRV - [2006/06/15 02:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2006/06/15 02:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch) SRV - [2006/06/13 12:03:42 | 002,084,864 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer) SRV - [2006/06/07 13:51:50 | 000,155,648 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway) SRV - [2006/05/18 14:22:26 | 000,770,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) SRV - [2006/05/18 14:22:26 | 000,057,344 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) SRV - [2006/05/08 08:24:54 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV) SRV - [2006/04/27 20:35:16 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV) SRV - [2006/04/27 20:27:06 | 000,049,241 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR) SRV - [2006/04/27 20:16:28 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc) SRV - [2006/04/04 17:55:18 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2006/03/24 18:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr) SRV - [2006/03/24 18:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr) SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate) SRV - [2005/11/28 16:39:32 | 000,118,784 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw) SRV - [2005/11/28 16:39:30 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2005/11/25 16:08:54 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2005/11/04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2005/07/14 23:10:16 | 000,032,768 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Image Converter 2\IcVzMon.exe -- (Image Converter video recording monitor for VAIO Entertainment) SRV - [2005/03/11 21:55:40 | 000,135,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe -- (SonicStageMonitoring) SRV - [2004/10/15 16:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Auto | Running] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor) SRV - [2004/10/04 04:47:04 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor) SRV - [2004/10/04 03:40:50 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe -- (PhotoshopElementsDeviceConnect) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Butch\LOCALS~1\Temp\aswMBR.sys -- (aswMBR) DRV - [2012/05/16 00:15:56 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2012/05/16 00:15:51 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/04/25 05:44:51 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120609.016\NAVEX15.SYS -- (NAVEX15) DRV - [2012/04/25 05:44:47 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120609.016\NAVENG.SYS -- (NAVENG) DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd) DRV - [2007/03/23 23:52:32 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd) DRV - [2006/07/24 20:38:20 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006/07/24 20:38:20 | 000,727,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006/07/24 20:38:20 | 000,208,256 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2006/07/03 02:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006/06/14 14:04:00 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006/05/23 11:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2006/05/05 17:19:50 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent) DRV - [2006/04/13 23:00:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd) DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2006/03/16 13:45:00 | 000,037,632 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp) DRV - [2006/03/15 13:52:00 | 000,052,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfsnd.sys -- (TosRfSnd) Bluetooth Audio Device (WDM) DRV - [2006/02/24 04:37:00 | 000,040,192 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2006/02/21 22:32:32 | 000,226,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ti21sony.sys -- (ti21sony) DRV - [2006/02/10 14:17:00 | 000,047,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte) DRV - [2006/02/08 20:33:00 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid) DRV - [2005/12/19 21:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL) DRV - [2005/12/19 21:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT) DRV - [2005/11/04 10:20:40 | 000,303,735 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2005/08/01 19:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2005/07/11 21:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\toshidpt.sys -- (toshidpt) DRV - [2005/06/29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE) DRV - [2005/05/17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA) DRV - [2005/01/26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2005/01/06 16:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds) DRV - [2004/11/22 16:31:10 | 000,108,767 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2002/11/26 15:54:58 | 000,016,936 | ---- | M] (Smith Micro Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys -- (SMNDIS5) DRV - [2000/12/05 19:18:02 | 000,003,952 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall) DRV - [2000/11/09 23:15:08 | 000,048,896 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyNC.sys -- (SNC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.) IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.) IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\SearchScopes,DefaultScope = {CBBD6A3C-FD5A-4520-9DFA-39F288A8A9CF} IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\SearchScopes\{CBBD6A3C-FD5A-4520-9DFA-39F288A8A9CF}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/25 08:25:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/13 08:34:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/10/07 10:42:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/06/29 08:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Butch\Application Data\Mozilla\Extensions [2010/06/29 08:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Butch\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/06/01 15:11:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\extensions [2010/05/01 10:47:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/03/30 09:43:23 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012/03/24 07:45:43 | 000,000,000 | ---D | M] (M86Security Secure Browsing) -- C:\Documents and Settings\Butch\Application Data\Mozilla\Firefox\Profiles\gi2b1a6z.default\extensions\securebrowsing@m86security.com [2012/02/04 22:13:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/04/25 08:25:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/06/02 18:01:56 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll [2012/01/29 09:36:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012/01/29 09:36:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\Application\19.0.1084.52\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - Extension: YouTube = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Gmail = C:\Documents and Settings\Butch\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/03/21 08:42:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL\AOL Search Enhancement\AOLSearch.dll (America Online, Inc.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (SecureBrowsing bho) - {7632ABCA-B104-4fbc-9C70-419C4147061B} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll (M86Security LTD) O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.) O2 - BHO: (Catcher Class) - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll (Moyea Software Co., Ltd.) O3 - HKLM\..\Toolbar: (M86 Security Secure Browsing) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll (M86Security LTD) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.) O3 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\Toolbar\WebBrowser: (M86 Security Secure Browsing) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - C:\Program Files\M86Security Secure Browsing\SecureBrowsing.dll (M86Security LTD) O3 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.) O4 - HKLM..\Run: [AOL Spyware Protection] C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe () O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC) O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe (Digital Interactive Systems Corporation) O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1174708395\ee\aolsoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKLM..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VAIO Update 2] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe (Sony Corporation) O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation) O4 - HKU\.DEFAULT..\Run: [ApplicationHistory] C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll (MainConcept AG) O4 - HKU\S-1-5-18..\Run: [ApplicationHistory] C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll (MainConcept AG) O4 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005..\Run: [ApplicationHistory] C:\Documents and Settings\Butch\Local Settings\Application Data\Deployment\ApplicationHistory\ckkzci.dll (MainConcept AG) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SafeConnect.lnk = C:\Program Files\SafeConnect\SCClient.exe (Impulse Point, LLC) O4 - Startup: C:\Documents and Settings\Butch\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Butch\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 3.0\resources\en-us\local\search.html () O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Transfer by Image Converter 2 Plus - C:\Program Files\Sony\Image Converter 2\menu.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.) O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.0\aoltb.dll (America Online, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: trymedia.com ([]http in Trusted sites) O15 - HKLM\..Trusted Domains: trymedia.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-2399893216-1284573121-3459454606-1005\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control) O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass) O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238972247256 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (Facebook Photo Uploader 4) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75E2B172-673C-4CED-B115-BFB722EAE233}: DhcpNameServer = 209.18.47.61 209.18.47.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8698E6B8-1507-443B-A72A-1A9AA8F90825}: DhcpNameServer = 209.18.47.61 209.18.47.62 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: C:\WINDOWS\ideas.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\ideas.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/08/10 03:51:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010/01/10 21:54:52 | 000,000,170 | ---- | M] () - I:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012/06/11 10:41:48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Butch\Desktop\OTL.exe [2012/06/11 10:36:00 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Butch\Desktop\aswMBR.exe [2012/06/04 22:11:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Butch\Desktop\salt-city-communications-llc-ckljienfnpc2 [2012/06/04 14:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Butch\Desktop\the-salt-city-communications-story-zsezkin-s68s [2012/05/27 08:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox [2012/05/23 17:55:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Butch\Desktop\oswego_presentation [2012/05/20 00:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Butch\Application Data\RealNetworks [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/11 10:41:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Butch\Desktop\OTL.exe [2012/06/11 10:39:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\MBR.dat [2012/06/11 10:37:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005UA.job [2012/06/11 10:36:06 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Butch\Desktop\aswMBR.exe [2012/06/11 10:25:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012/06/11 10:09:41 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2012/06/11 08:24:23 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012/06/11 08:24:20 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job [2012/06/11 08:24:14 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2399893216-1284573121-3459454606-1005.job [2012/06/11 08:23:22 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012/06/11 08:22:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012/06/11 08:22:25 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys [2012/06/10 21:43:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Butch\Desktop\dds.scr [2012/06/10 20:07:03 | 000,030,711 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\MediaHandler.jpg [2012/06/10 10:05:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat [2012/06/10 10:05:24 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat [2012/06/10 08:49:04 | 000,001,668 | ---- | M] () -- C:\Documents and Settings\Butch\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012/06/09 12:37:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2399893216-1284573121-3459454606-1005Core.job [2012/06/04 22:39:25 | 000,084,768 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\VCAP_June5Agenda.pdf [2012/06/04 22:10:44 | 030,026,567 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\salt-city-communications-llc-ckljienfnpc2.zip [2012/06/04 14:39:39 | 061,106,100 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\the-salt-city-communications-story-zsezkin-s68s.zip [2012/06/04 13:44:51 | 000,055,801 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\Amtrak - Reservations - Confirmation.pdf [2012/06/03 12:02:00 | 000,126,810 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\branding 5 copy.jpg [2012/05/30 14:15:31 | 012,646,435 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\no_church_in_the_wild-Jayz_Kayne.flv [2012/05/29 22:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012/05/29 19:17:13 | 000,080,114 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\pbsuniworldblast1_01.jpg [2012/05/27 08:51:58 | 000,001,024 | ---- | M] () -- C:\Documents and Settings\Butch\Start Menu\Programs\Startup\Dropbox.lnk [2012/05/27 08:51:00 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\Dropbox.lnk [2012/05/23 20:40:58 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Butch\Desktop\Google Chrome.lnk [2012/05/23 20:40:58 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Butch\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk [2012/05/12 12:42:13 | 000,278,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012/05/12 12:09:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012/05/12 12:02:10 | 000,445,044 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012/05/12 12:02:10 | 000,072,754 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/11 10:39:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\MBR.dat [2012/06/10 20:07:25 | 000,030,711 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\MediaHandler.jpg [2012/06/10 08:49:04 | 000,001,668 | ---- | C] () -- C:\Documents and Settings\Butch\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk [2012/06/09 02:33:09 | 000,157,424 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\SU_awards_ceremony.jpg [2012/06/09 02:29:31 | 000,079,388 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\Regional_award.jpg [2012/06/04 22:39:24 | 000,084,768 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\VCAP_June5Agenda.pdf [2012/06/04 22:10:31 | 030,026,567 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\salt-city-communications-llc-ckljienfnpc2.zip [2012/06/04 14:38:50 | 061,106,100 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\the-salt-city-communications-story-zsezkin-s68s.zip [2012/06/04 13:44:49 | 000,055,801 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\Amtrak - Reservations - Confirmation.pdf [2012/06/03 12:02:00 | 000,126,810 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\branding 5 copy.jpg [2012/05/30 14:15:29 | 012,646,435 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\no_church_in_the_wild-Jayz_Kayne.flv [2012/05/29 19:25:13 | 000,080,114 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\pbsuniworldblast1_01.jpg [2012/05/29 08:52:42 | 000,103,712 | ---- | C] () -- C:\Documents and Settings\Butch\Desktop\watson copy.GIF [2012/02/15 11:32:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/05/21 10:52:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011/05/21 10:52:12 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2010/06/16 10:30:22 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010/06/14 13:09:53 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys ========== LOP Check ========== [2008/11/28 15:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore [2010/09/08 10:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM [2011/12/13 01:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Digital Interactive Systems Corporation [2010/06/14 13:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro [2006/08/22 15:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2009/10/11 11:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound [2011/04/23 16:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF reDirect [2011/04/30 00:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion [2009/04/05 18:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT [2009/08/08 07:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2010/04/24 22:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/09/10 12:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/07/08 18:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2007/03/26 15:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\acccore [2012/06/08 09:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Audacity [2011/04/30 02:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Blackberry Desktop [2009/10/12 11:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/06/11 08:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Dropbox [2012/03/24 07:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Finjan [2007/03/26 14:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\InterVideo [2007/03/26 18:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Leadertech [2008/04/16 06:25:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Moyea [2009/12/08 10:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\NCH Swift Sound [2009/08/04 21:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\OfficeUpdate12 [2010/10/13 14:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Opera [2011/04/23 16:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\PDF reDirect [2011/04/30 02:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Research In Motion [2007/06/13 11:02:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Smith Micro [2012/01/16 12:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\TeamViewer [2007/08/02 15:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Template [2010/06/29 08:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Thunderbird [2011/06/27 15:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 [2007/03/28 09:55:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Butch\Application Data\Viewpoint [2012/06/11 10:09:41 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== < End of report > OTL Extras logfile created on: 6/11/2012 10:44:33 AM - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Butch\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 0.62 Gb Available Physical Memory | 31.04% Memory free 3.84 Gb Paging File | 3.12 Gb Available in Paging File | 81.14% Paging File free Paging file location(s): C:\pagefile.sys 2048 3048I:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 104.79 Gb Total Space | 7.77 Gb Free Space | 7.42% Space Free | Partition Type: NTFS Drive D: | 1.88 Gb Total Space | 1.78 Gb Free Space | 94.79% Space Free | Partition Type: FAT Drive E: | 298.09 Gb Total Space | 209.61 Gb Free Space | 70.32% Space Free | Partition Type: NTFS Drive G: | 465.76 Gb Total Space | 229.72 Gb Free Space | 49.32% Space Free | Partition Type: NTFS Drive I: | 1863.01 Gb Total Space | 1081.72 Gb Free Space | 58.06% Space Free | Partition Type: NTFS Computer Name: CCRSYR04MBC | User Name: Butch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-2399893216-1284573121-3459454606-1005\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "2967:TCP" = 2967:TCP:*:Enabled:Symantec "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "2967:TCP" = 2967:TCP:*:Enabled:Symantec "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\DISC\DISCover.exe" = C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System -- (Digital Interactive Systems Corporation) "C:\Program Files\DISC\DiscStreamHub.exe" = C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub -- (Digital Interactive Systems Corporation, Inc.) "C:\Program Files\DISC\myFTP.exe" = C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP -- (Digital Interactive Systems Corporation, Inc.) "C:\RCS\extender.exe" = C:\RCS\extender.exe:LocalSubNet:Enabled:RCS Extender -- () "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\Common Files\AOL\1174708395\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1174708395\ee\aolsoftware.exe:*:Enabled:AOL Services -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.) "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- (America Online, Inc) "C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- (America Online Inc) "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (America Online Inc.) "C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- () "C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- (AOL Spyware Protection) "C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- (Gteko Ltd.) "C:\Program Files\Sony\Click to DVD 2\CtoDvd.exe" = C:\Program Files\Sony\Click to DVD 2\CtoDvd.exe:*:Enabled:Click to DVD -- (Sony Corporation) "C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- () "C:\Program Files\Microsoft Office\Office\SBT\DMM\directmail.exe" = C:\Program Files\Microsoft Office\Office\SBT\DMM\directmail.exe:*:Enabled:Microsoft Direct Mail Manager -- (Microsoft - Envelope Manager) "C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.) "C:\McGraw-Hill\MH_EZTest\jre\bin\java.exe" = C:\McGraw-Hill\MH_EZTest\jre\bin\java.exe:*:Enabled:java -- () "C:\McGraw-Hill\MH_EZTest\mysql\bin\mysqld.exe" = C:\McGraw-Hill\MH_EZTest\mysql\bin\mysqld.exe:*:Enabled:mysqld -- () "C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Documents and Settings\Butch\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Butch\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library "{04605217-DD32-4090-9D9A-E5345222B9E1}" = "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data "{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306 "{0DF00135-D5A7-476A-BFB3-EDFF2840076A}" = VAIO Wireless LAN Setup Utility "{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00 "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java 6 Update 20 "{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter "{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility "{2E190C8E-682A-409D-9329-539E24C9D1C1}" = Opera 10.63 "{2EA7CF7E-0C76-44A5-B0CF-A1D171476E42}" = VAIO Breeze Wallpaper "{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01 "{37ADBECF-1420-4557-B8CC-BED57053C3FF}" = Click to DVD Tutorial "{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware "{3BEF9769-BA52-18F7-1D02-2362F6A27E38}" = Adobe Media Player "{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0 "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR "{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2 "{48AFBB60-8CF5-4605-BB04-704DD8702B80}" = VZAccess Manager for RIM "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E993095-28F2-4060-9101-99C1FD1195C0}" = VAIO Central "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0 "{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0 "{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series "{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility "{5B82682E-C555-45DA-8E2C-CE6525427AC9}" = Click to DVD 2.5.30 "{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor "{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE "{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}" = Macromedia Flash Player 8 "{634D08B4-CFAC-CCB9-5891-FAB02B3FD9C1}" = TweetDeck "{639BB4D3-AA30-4A7B-8CB5-6DE681AD6659}" = VAIO Light Flo Wallpaper "{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus "{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus "{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.5.2.7 "{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library "{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78D891EF-9E2D-4FC8-A71F-E6F897BA1B21}" = Symantec AntiVirus "{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISScript "{82081533-F045-469E-BD53-F16839E445C3}" = VAIO Support Central "{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0 "{86914AE6-BD70-4051-B65E-B4127F5776DA}" = RCSProducts V12 "{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{908994F4-EBD2-40E0-B8F3-7004FA54E909}" = VAIO Media Tutorial "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO "{966C4B44-A1A0-4254-A7F8-D325FB147133}_is1" = Dr. Neubrander's New Patient Forms as of December 20, 2011 "{966C4B44-A1A0-4254-A7F8-D325FB147134}_is1" = Dr. Neubrander's Forms as of January 31, 2012 "{966C4B44-A1A0-4254-A7F8-D325FB147135}_is1" = Dr. Neubrander's Forms as of January 24, 2012 "{966C4B44-A1A0-4254-A7F8-D325FB147136}_is1" = Dr. Neubrander's Forms as of January 24, 2012 "{966C4B44-A1A0-4254-A7F8-D325FB147137}_is1" = Dr. Neubrander's Forms as of January 24, 2012 "{966C4B44-A1A0-4254-A7F8-D325FB147138}_is1" = Dr. Neubrander's Forms as of January 24, 2012 "{966C4B44-A1A0-4254-A7F8-D325FB147139}_is1" = Dr. Neubrander's Forms as of January 24, 2012 "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders "{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management "{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0 "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A777CB31-A5EC-4E32-A462-2E24F45D4D4F}_is1" = Moyea FLV to Video Converter Pro version 1.29.1.6 "{A87EBA79-93DB-4A87-B9BA-62F8FB12D993}" = ImageStation "{A8AD990E-355A-4413-8647-A9B168978423}_is1" = Ultr@VNC Release 1.0.0 RC 18 - Win32 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1 "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9 "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support "{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support "{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries "{C8D25596-7DD3-40EA-987A-4DA8BE5D65E5}" = Adobe Premiere Elements Updater 3.0.2 "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour "{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH "{D9952D4E-766C-4CD3-BF2E-A2C3D8B15EF3}" = VAIO Backup Utility "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3D278BD-FC97-4F87-BB1F-689AE0CB9122}" = Macromedia Flash Player 8 Plugin "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea FLV Downloader version 1.15.0.15 "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates "{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FE3BF611-9B8B-44DC-A424-F8C4BA122A1D}" = VAIO Security Center "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "AIM_7" = AIM 7 "AOL Search Enhancement" = Search Enhancement by AOL Search "AOL Spyware Protection" = AOL Spyware Protection "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "AOL YGP Screensaver" = AOL You've Got Pictures Screensaver "AolCoach2_en" = AOL Coach Version 2.0(Build:20041026.5 en) "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode) "Bewitched" = Bewitched (remove only) "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2 "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06&SUBSYS_104D1700" = Soft Data Fax Modem with SmartCP "com.adobe.amp.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Media Player "CutePDF Writer Installation" = CutePDF Writer 2.7 "DISCover" = DISCover "EZ Test Desktop" = McGraw-Hill EZ Test Desktop "FastStone Image Viewer" = FastStone Image Viewer 4.6 "Finjan Secure Browsing" = M86Security Secure Browsing "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00 "InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration "InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01 "InstallShield_{86914AE6-BD70-4051-B65E-B4127F5776DA}" = RCSProducts V12 "InstallShield_{BA46CCF2-2C59-4DEB-93DC-7000B7C53B4E}" = VAIOSurveySA "JEOPARDY!" = JEOPARDY! (remove only) "LAME_is1" = LAME v3.99.3 (for Windows) "LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Moyea FLV Importer for Adobe Premiere Pro_is1" = Moyea FLV Importer for Adobe Premiere Pro version 1.0.0.8 "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US) "Mozilla Thunderbird 12.0.1 (x86 en-US)" = Mozilla Thunderbird 12.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NTREGOPT_is1" = NTREGOPT 1.1j "OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01 "OSS MP3-WAV Converter_is1" = OSS MP3-WAV Converter version 5.0.0.0 "PDF reDirect" = PDF reDirect (remove only) "PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006 "PremElem40" = Adobe Premiere Elements 4.0 "PremElem40Templates" = Adobe Premiere Elements 4.0 Templates "ProInst" = Intel® PROSet/Wireless Software "RealPlayer 15.0" = RealPlayer "SafeConnect" = SafeConnect "SoftwareUpdUtility" = Download Updater (AOL LLC) "Switch" = Switch Sound File Converter "The Da Vinci Code" = The Da Vinci Code (remove only) "TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VLC media player 2.0.1 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WGA" = Windows Genuine Advantage Validation Tool "Wheel of Fortune" = Wheel of Fortune (remove only) "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2399893216-1284573121-3459454606-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox "FreeScreenSharing" = FreeScreenSharing "Google Chrome" = Google Chrome "GoToMeeting" = GoToMeeting 4.8.0.723 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/11/2012 10:51:53 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711685 Description = Risk Found!Risk: Backdoor.Tidserv.I!inf in File: c:\WINDOWS\compbatt.old by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged. Error - 6/11/2012 10:51:56 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: Risk was partially removed. Error - 6/11/2012 10:52:38 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711726 Description = Security Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged. Error - 6/11/2012 10:52:38 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711685 Description = Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged. Error - 6/11/2012 10:52:38 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711685 Description = Risk Found!Risk: Backdoor.Tidserv.I!inf in File: c:\WINDOWS\compbatt.old by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged. Error - 6/11/2012 10:52:41 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: Risk was partially removed. Error - 6/11/2012 10:53:06 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711726 Description = Security Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged. Error - 6/11/2012 10:53:06 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711685 Description = Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged. Error - 6/11/2012 10:53:06 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711685 Description = Risk Found!Risk: Backdoor.Tidserv.I!inf in File: c:\WINDOWS\compbatt.old by: Auto-Protect scan. Action: Clean failed : Quarantine failed. Action Description: The file was left unchanged. Error - 6/11/2012 10:53:07 AM | Computer Name = CCRSYR04MBC | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Risk: Backdoor.Tidserv.I!inf in File: C:\WINDOWS\compbatt.old by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: Risk was partially removed. < End of report > ALSO: When shutting down the computer the system holds up and says "rundll.exe" does not close and I have "end now" in order to shut down. Thanks
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.