Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Loathing Paladin Antivirus, and the Black screen startup I am stuck at


  • This topic is locked This topic is locked
19 replies to this topic

#1 ShaneJ

ShaneJ

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 24 February 2010 - 09:02 PM

Unfortunately much of the information that would generally be helpful (hijack this logs etc.) is presently unavailable to me.

I was doing some research in misandry, with Google Chrome, when I appeared to have picked up a trojan. This is pure speculation on my part, it is just the most temporally proximate event to the self install of Paladin Antivirus. As soon as the green generic box showed up above all of my other screens my heart sank.
I immediately tried to run Spybot S&D, which seemed to launch, though never appeared. There was no error or termination message. I then tried AdAware, and that earned me a Blue Screen hard windows crash and memory dump to restart. My computer restarted, and I attempted to research the source of my woes. I only discovered the name of (probably only part) of my troubles when the red X icon appeared in the system tray showing Paladin Antivirus.

I came to Bleeping Computer, and found several guides for the removal of Paladin Antivirus, and downloaded Rkill.com to a USB drive via the laptop I am presently using. By running Rkill, I was able to download UnHack Me. I ran the program, and it identified two trojans, as well as Paladin Antivirus. There was also a report of a rootkit, which was not surprising from what I read in the guide. I tried to remove it, and UnHack Me required a restart. I clicked restart. There was, and remains on each restart now, text that flashes after the POST, about the Partizan DLL running, then there is irregularly the windows loading progress bar. Then the mouse and black screen are all.

This was when I reached the end of my (not extensive) tech rope. The computer now restarts in all three safe modes, as well as normal startup, by rendering a resolution appropriate size mouse and a black screen. The USB mouse responds to movement, and is rendered correctly in all ways. If I allow the mouse to sit long enough, the monitor goes to sleep, per the timer I have set in my power settings.

I cannot access any more information because the computer is stuck at this black screen. I broke out my system OS disk, and booted from it. I attempted the windows repair, with no success or identified faults. The system restore option does not detect any of the system restore points I created. Also, I am confident I can restore to factory image, but would really really rather not lose the accumulated updates, settings, passwords, etc. that accumulate on my computers.

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:44 PM

Posted 24 February 2010 - 09:26 PM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
***************************************************

You will need a clean computer to create this disc...

Print these instruction out so that you know what you are doing

First
  • Please open a Notepad file. (Go to Start>Run and type Notepad into the run dialogue and press Enter,
  • Copy and paste the following code into the notepad file. Do not include the word "Code".
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
  • Save the Notepad file to a flash drive.
Download ISOBurner. This will allow you to burn an ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second
  • Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  • When downloaded double click and this will then open ISOBurner to burn the file to CD
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Copy and Paste the contents of the notepad file I had you create earlier into the textbox.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the C:\OTL.txt file in your reply.

Edited by Blade Zephon, 24 February 2010 - 09:42 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 ShaneJ

ShaneJ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 24 February 2010 - 11:31 PM

Thanks for the swift response Blade, I have the computer booted on the OTLPE ISO. I wanted to clarify one of your steps before I proceed any further though.
You indicate that i should load the remote registry as the first decision point. I had to choose the C:\windows location as my first step after double clicking the OTLPE icon.
Secondly, I loaded the profiles per the next step.
After this you indicate that I should change drivers to "non-microsoft"
The Drivers box includes three mutually exclusive options:
None
Use SafeList
All

None seems to be the closes to what you intend, but I wanted to be clear.

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:44 PM

Posted 24 February 2010 - 11:39 PM

Whoops. . . SafeList was formerly called Non-Microsoft.

Please select "Use SafeList"

Sorry about that.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 ShaneJ

ShaneJ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 25 February 2010 - 12:25 AM

Not a problem, just wanted to make sure I got you the correct information.
Please find below the file contents:



OTL logfile created on: 2/24/2010 11:43:39 PM - Run
OTLPE by OldTimer - Version 3.1.30.1 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 170.38 Gb Free Space | 37.80% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 15.00 Gb Total Space | 2.68 Gb Free Space | 17.83% Space Free | Partition Type: NTFS
Drive L: | 1.97 Gb Total Space | 1.97 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (SessionLauncher)
SRV - [2009/12/08 23:48:27 | 000,030,192 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/11/25 10:33:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/20 22:49:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/08/12 13:07:39 | 000,312,568 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/08 07:12:06 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/09 15:22:48 | 000,026,112 | ---- | M] () [Auto] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/25 16:01:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/03 02:33:18 | 000,684,032 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/05/14 09:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 09:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 09:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/05/02 13:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/03/24 06:35:22 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/02/13 10:43:36 | 000,441,136 | ---- | M] (Broadcom Corporation.) [Auto] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/21 11:38:44 | 000,508,824 | ---- | M] ( ) [Disabled] -- C:\Windows\System32\DKabcoms.exe -- (dkab_device)
SRV - [2006/02/28 11:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [Disabled] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (CTHWIUT.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (CTEXFIFX.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (CT20XUT.DLL)
DRV - [2010/02/24 19:48:13 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2010/02/24 19:46:23 | 000,034,760 | ---- | M] (Greatis Software) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Partizan.sys -- (Partizan)
DRV - [2010/02/24 18:17:17 | 000,042,496 | ---- | M] () [Kernel | System] -- C:\Windows\system32\drivers\_VOIDdxridlwvgq.sys -- (_VOIDd.sys)
DRV - [2009/11/04 23:07:20 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/07/28 22:48:37 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 22:33:21 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/14 22:33:21 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/14 20:44:22 | 001,443,584 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/06/03 14:27:56 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/03 14:27:44 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/03 14:27:34 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/03 14:27:26 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/03 14:27:20 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/03 14:27:00 | 000,527,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/03 14:26:50 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/03 14:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/03 14:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/03 14:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/03 14:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/03 14:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/03 14:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/02/19 09:54:48 | 001,222,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2008/12/09 15:23:42 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/12/09 15:21:48 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/03 05:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 05:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/08 02:00:00 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2008/01/20 21:24:06 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/09/12 03:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/06/01 12:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 15:44:00 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007/04/01 23:42:08 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/04/01 23:42:04 | 000,080,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/04/01 23:42:02 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2004/08/09 06:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 06:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 09:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 10:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Bob_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=5080925
IE - HKU\Bob_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
IE - HKU\Bob_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Bob_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 15:55:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 15:55:24 | 000,000,000 | ---D | M]

[2010/02/24 18:13:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/30 15:11:11 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Bob_ON_C..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\Bob_ON_C..\Run: [Google Update] C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\Bob_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\Bob_ON_C..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send To CaseMap - C:\Windows\System32\lnToCM.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\Bob_ON_C\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Bob_ON_C\..Trusted Ranges: 1 range(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7d19394b-ca1e-11de-8940-001e4ce685dd}\Shell - "" = AutoRun
O33 - MountPoints2\{7d19394b-ca1e-11de-8940-001e4ce685dd}\Shell\AutoRun\command - "" = M:\AutoRun.exe -- File not found
O33 - MountPoints2\{7d193a04-ca1e-11de-8940-001e4ce685dd}\Shell - "" = AutoRun
O33 - MountPoints2\{7d193a04-ca1e-11de-8940-001e4ce685dd}\Shell\AutoRun\command - "" = N:\autorun.exe -- File not found
O33 - MountPoints2\{7edc5581-1da8-11df-b7ec-001e4ce685dd}\Shell - "" = AutoRun
O33 - MountPoints2\{7edc5581-1da8-11df-b7ec-001e4ce685dd}\Shell\AutoRun\command - "" = P:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\Windows\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/24 22:40:39 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/02/24 22:39:50 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/02/24 22:39:50 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/02/24 22:39:50 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/02/24 22:39:50 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/02/24 22:39:50 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/02/24 22:39:50 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/02/24 22:39:50 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/02/24 22:39:50 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/02/24 22:39:50 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/02/24 22:39:50 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/02/24 22:39:50 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/02/24 22:39:50 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/02/24 22:39:50 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/02/24 22:39:50 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/02/24 22:39:50 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/02/24 22:39:50 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/02/24 22:39:50 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/02/24 19:48:13 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/02/24 19:46:23 | 000,035,040 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/02/24 19:46:23 | 000,034,760 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/02/24 19:46:18 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\RegRun2
[2010/02/24 19:46:17 | 000,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2010/02/24 19:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/02/24 19:44:01 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bob\Desktop\mbam-setup.exe
[2010/02/24 19:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Paladin Antivirus
[2010/02/24 19:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/24 18:23:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/24 18:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/24 18:21:38 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Users\Bob\Desktop\Ad-AwareInstaller.exe
[2010/02/23 21:01:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 21:01:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 21:01:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 21:01:25 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 21:01:25 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 21:01:25 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 21:01:25 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 21:01:25 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 21:01:25 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 21:01:25 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/23 21:01:24 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/23 21:01:23 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/23 21:01:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/22 09:16:45 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Ascaron Entertainment
[2010/02/21 23:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Deep Silver
[2010/02/21 23:18:19 | 000,000,000 | ---D | C] -- C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
[2010/02/19 18:16:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Divinity 2
[2010/02/19 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Divinity II - Ego Draconis
[2010/02/19 17:24:36 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WING.DLL
[2010/02/19 17:24:36 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WAVMIX16.DLL
[2010/02/19 17:24:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WING32.DLL
[2010/02/19 09:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect 2
[2010/02/18 19:02:52 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010/02/18 19:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Netstorm
[2010/02/17 01:58:26 | 000,188,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WINGDE.DLL
[2010/02/17 01:58:26 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WING.DLL
[2010/02/17 01:58:26 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WAVMIX16.DLL
[2010/02/17 01:58:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WING32.DLL
[2010/02/17 01:58:26 | 000,006,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WINGDIB.DRV
[2010/02/17 01:58:26 | 000,005,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WINGPAL.WND
[2010/02/17 01:58:25 | 000,000,000 | ---D | C] -- C:\SIMTOWER
[2010/02/15 02:25:17 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\Imperialism
[2010/02/12 03:52:57 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/02/09 16:58:29 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/09 16:58:29 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/09 16:58:26 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 16:58:26 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 16:58:26 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/09 16:58:26 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/09 02:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2010/02/08 19:53:49 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\SaintXi
[2010/01/27 23:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect
[2009/06/03 12:21:54 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/03/22 19:48:21 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2009/03/22 19:47:49 | 001,204,224 | ---- | C] ( ) -- C:\Windows\System32\DKabserv.dll
[2009/03/22 19:47:49 | 000,987,136 | ---- | C] ( ) -- C:\Windows\System32\DKabusb1.dll
[2009/03/22 19:47:49 | 000,675,840 | ---- | C] ( ) -- C:\Windows\System32\DKabpmui.dll
[2009/03/22 19:47:49 | 000,561,152 | ---- | C] ( ) -- C:\Windows\System32\DKablmpm.dll
[2009/03/22 19:47:49 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\DKabpar1.dll
[2009/03/22 19:47:49 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\DKabinpa.dll
[2009/03/22 19:47:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\DKabprox.dll
[2009/03/22 19:47:49 | 000,114,688 | ---- | C] ( ) -- C:\Windows\System32\DKabpplc.dll
[2009/03/22 19:47:48 | 001,056,768 | ---- | C] ( ) -- C:\Windows\System32\DKabip1.dll
[2009/03/22 19:47:48 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\DKabcomc.dll
[2009/03/22 19:47:48 | 000,507,904 | ---- | C] ( ) -- C:\Windows\System32\DKabhcp.dll
[2009/03/22 19:47:48 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\DKabcomm.dll
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/24 22:44:49 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/24 22:35:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/24 19:49:24 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2010/02/24 19:49:24 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2010/02/24 19:49:24 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2010/02/24 19:49:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/24 19:49:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/24 19:49:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/24 19:49:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/24 19:49:15 | 006,291,456 | -H-- | M] () -- C:\Users\Bob\AppData\Local\IconCache.db
[2010/02/24 19:48:13 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/02/24 19:46:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/02/24 19:46:33 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2010/02/24 19:46:33 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/02/24 19:46:23 | 000,035,040 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/02/24 19:46:23 | 000,034,760 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/02/24 19:46:17 | 000,000,754 | ---- | M] () -- C:\Users\Bob\Desktop\UnHackMe.lnk
[2010/02/24 19:45:35 | 000,704,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/24 19:45:35 | 000,604,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/24 19:45:35 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/24 19:23:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-282226416-3928609622-257776007-1000UA.job
[2010/02/24 19:22:39 | 000,001,714 | ---- | M] () -- C:\Users\Bob\Desktop\Paladin Antivirus Support.lnk
[2010/02/24 19:22:39 | 000,000,804 | ---- | M] () -- C:\Users\Bob\Desktop\Paladin Antivirus.lnk
[2010/02/24 19:04:54 | 244,428,260 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/24 18:29:25 | 000,000,248 | ---- | M] () -- C:\Windows\System32\_VOIDocotrxptxj.dat
[2010/02/24 18:23:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-282226416-3928609622-257776007-1000Core.job
[2010/02/24 18:17:57 | 000,049,152 | ---- | M] () -- C:\Windows\System32\_VOIDpevfamvnir.dll
[2010/02/24 18:17:56 | 000,049,152 | ---- | M] () -- C:\Windows\System32\_VOIDunjfvpesbn.dll
[2010/02/24 18:17:17 | 000,042,496 | ---- | M] () -- C:\Windows\System32\drivers\_VOIDdxridlwvgq.sys
[2010/02/24 18:17:17 | 000,028,160 | ---- | M] () -- C:\Windows\System32\_VOIDppnxptedhk.dll
[2010/02/24 18:15:41 | 000,018,432 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\1483.exe
[2010/02/24 03:19:01 | 000,078,360 | ---- | M] () -- C:\Users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/24 03:18:17 | 000,319,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/23 01:05:52 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2010/02/23 01:05:52 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2010/02/22 08:49:48 | 000,139,264 | ---- | M] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/19 18:10:13 | 000,001,919 | ---- | M] () -- C:\Users\Bob\Desktop\Divinity II - Ego Draconis.lnk
[2010/02/19 02:25:11 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/19 02:25:11 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/19 02:25:11 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/19 02:25:11 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/19 02:25:11 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/19 02:25:11 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/19 02:25:10 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/19 02:25:10 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/19 02:25:10 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/19 02:25:10 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/19 02:25:10 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/19 02:25:10 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/19 02:25:10 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/19 02:25:10 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/18 19:02:45 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010/02/15 03:50:07 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Users\Bob\Desktop\Ad-AwareInstaller.exe
[2010/02/12 11:45:32 | 000,000,253 | ---- | M] () -- C:\Windows\system.ini
[2010/02/11 23:35:22 | 000,000,090 | ---- | M] () -- C:\Windows\FE.INI
[2010/02/11 21:35:31 | 000,705,980 | ---- | M] () -- C:\Users\Bob\Documents\Lexcorp, 7.00AM May 18 2000.Sav
[2010/02/11 18:23:34 | 000,002,034 | ---- | M] () -- C:\Users\Bob\Desktop\Google Chrome.lnk
[2010/02/11 04:43:19 | 000,468,150 | ---- | M] () -- C:\Users\Bob\Documents\Billingsley Co., 7.02AM Jan 19 2000.Sav
[2010/02/10 08:27:07 | 000,018,032 | ---- | M] () -- C:\Users\Bob\Documents\bob_ree2.sav
[2010/02/10 08:27:07 | 000,000,010 | ---- | M] () -- C:\Users\Bob\Documents\ree2.sav
[2010/02/08 17:31:02 | 000,022,328 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\PnkBstrK.sys
[2010/02/08 17:30:47 | 000,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2010/02/03 16:27:28 | 000,001,704 | ---- | M] () -- C:\Users\Bob\Desktop\Defraggler.lnk
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/24 22:39:50 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/24 22:39:50 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/24 22:39:50 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/24 22:39:50 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/24 22:39:50 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/24 22:39:50 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/24 22:39:50 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/24 22:39:50 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/24 22:39:50 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/24 22:39:50 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/24 22:39:50 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/24 22:39:50 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/24 22:39:50 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/24 22:39:50 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/24 22:39:50 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/24 22:39:50 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/24 22:39:50 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/24 19:46:33 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/02/24 19:46:17 | 000,000,754 | ---- | C] () -- C:\Users\Bob\Desktop\UnHackMe.lnk
[2010/02/24 19:45:48 | 009,061,300 | ---- | C] () -- C:\Users\Bob\Desktop\unhackme.zip
[2010/02/24 19:22:39 | 000,001,714 | ---- | C] () -- C:\Users\Bob\Desktop\Paladin Antivirus Support.lnk
[2010/02/24 19:22:39 | 000,000,804 | ---- | C] () -- C:\Users\Bob\Desktop\Paladin Antivirus.lnk
[2010/02/24 18:26:01 | 244,428,260 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/02/24 18:17:31 | 000,049,152 | ---- | C] () -- C:\Windows\System32\_VOIDunjfvpesbn.dll
[2010/02/24 18:17:29 | 000,049,152 | ---- | C] () -- C:\Windows\System32\_VOIDpevfamvnir.dll
[2010/02/24 18:17:17 | 000,042,496 | ---- | C] () -- C:\Windows\System32\drivers\_VOIDdxridlwvgq.sys
[2010/02/24 18:17:17 | 000,028,160 | ---- | C] () -- C:\Windows\System32\_VOIDppnxptedhk.dll
[2010/02/24 18:17:17 | 000,000,248 | ---- | C] () -- C:\Windows\System32\_VOIDocotrxptxj.dat
[2010/02/24 18:15:41 | 000,018,432 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\1483.exe
[2010/02/19 18:10:13 | 000,001,919 | ---- | C] () -- C:\Users\Bob\Desktop\Divinity II - Ego Draconis.lnk
[2010/02/19 17:45:15 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settingsbkup.sfm
[2010/02/19 17:45:15 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settings.sfm
[2010/02/17 01:58:26 | 000,002,554 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2010/02/17 01:58:26 | 000,001,966 | ---- | C] () -- C:\Windows\System\DVA.386
[2010/02/17 01:33:21 | 002,356,736 | ---- | C] () -- C:\Users\Bob\Desktop\JSanJuan_v11.exe
[2010/02/11 04:43:22 | 000,000,090 | ---- | C] () -- C:\Windows\FE.INI
[2010/02/11 04:43:19 | 000,468,150 | ---- | C] () -- C:\Users\Bob\Documents\Billingsley Co., 7.02AM Jan 19 2000.Sav
[2010/02/09 02:41:55 | 000,018,032 | ---- | C] () -- C:\Users\Bob\Documents\bob_ree2.sav
[2010/02/09 02:41:27 | 000,000,010 | ---- | C] () -- C:\Users\Bob\Documents\ree2.sav
[2010/02/08 17:31:02 | 000,022,328 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\PnkBstrK.sys
[2010/02/08 17:30:47 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/02/03 16:27:28 | 000,001,704 | ---- | C] () -- C:\Users\Bob\Desktop\Defraggler.lnk
[2010/01/25 08:39:39 | 000,102,400 | ---- | C] () -- C:\Windows\System32\LNToCMCrypt.dll
[2010/01/14 19:11:18 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/12/30 18:38:52 | 000,000,091 | ---- | C] () -- C:\Users\Bob\AppData\Local\fusioncache.dat
[2009/11/25 10:00:38 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/18 16:32:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/28 16:05:57 | 000,000,110 | ---- | C] () -- C:\Windows\ENations.ini
[2009/06/03 13:00:30 | 000,026,928 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/03 13:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/03 12:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/05/26 10:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/04/03 07:38:57 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/04/03 07:38:54 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/03/31 15:10:42 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/03/22 21:37:24 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/22 21:37:23 | 002,255,360 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/03/22 21:37:23 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/03/22 21:37:23 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/03/22 21:37:22 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/03/22 21:37:21 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/22 21:37:21 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/03/22 14:40:07 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/03/22 11:50:11 | 000,139,264 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 07:58:02 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/25 19:05:23 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/09/25 19:05:22 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2008/09/25 19:05:17 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/09/25 15:31:07 | 000,164,864 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2008/09/25 15:31:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2008/09/25 15:27:36 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/09/25 15:22:22 | 000,131,066 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2007/02/13 10:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/27 10:34:00 | 000,462,848 | ---- | C] () -- C:\Windows\System32\softcoin.dll
[2006/12/27 10:34:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\gencoin.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/16 23:00:18 | 000,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/01/09 18:04:45 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Arcen Games, LLC
[2009/05/24 16:16:51 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Braid
[2010/01/25 08:40:27 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\CaseSoft
[2009/10/14 19:12:21 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DivoGames
[2009/09/03 09:09:24 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\GraveyardShift
[2009/03/30 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\PlayFirst
[2009/11/05 13:51:11 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\runic games
[2010/02/08 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\SaintXi
[2009/10/15 10:07:46 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\ShinyTales
[2009/04/20 07:34:19 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Stardock
[2010/01/18 20:42:33 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\The Creative Assembly
[2009/06/18 21:36:29 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Tilted Mill
[2010/01/15 19:17:02 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Tropico 3
[2009/12/30 18:38:56 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Turbine
[2009/07/14 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Ubisoft
[2009/12/02 09:33:48 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\UDP Software
[2009/05/26 09:50:44 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\ValuSoft
[2009/06/23 07:55:48 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\webex
[2009/06/28 10:43:48 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\YoudaGames
[2010/02/24 19:49:16 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/09/25 18:59:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008/09/25 18:59:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/09/25 18:59:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/09/25 18:59:26 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/09/29 22:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Drivers\storage\R173412\IaStor.sys
[2007/09/29 22:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 01:28:19 | 000,142,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\fontext.dll
[2009/04/11 01:28:19 | 000,270,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iertutil.dll
[2009/04/11 01:28:24 | 011,584,000 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\shell32.dll
[2009/12/16 06:44:14 | 001,176,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\urlmon.dll
[10 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
< End of report >


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:44 PM

Posted 25 February 2010 - 11:57 AM

From a clean computer
  • Copy and paste the contents of the following codebox into a Notepad file. Do not include the word "Code"
    CODE
    :Services
    _VOIDd.sys

    :OTL
    [2010/02/24 19:22:39 | 000,001,714 | ---- | M] () -- C:\Users\Bob\Desktop\Paladin Antivirus Support.lnk
    [2010/02/24 19:22:39 | 000,000,804 | ---- | M] () -- C:\Users\Bob\Desktop\Paladin Antivirus.lnk
    [2010/02/24 18:17:31 | 000,049,152 | ---- | C] () -- C:\Windows\System32\_VOIDunjfvpesbn.dll
    [2010/02/24 18:17:29 | 000,049,152 | ---- | C] () -- C:\Windows\System32\_VOIDpevfamvnir.dll
    [2010/02/24 18:17:17 | 000,042,496 | ---- | C] () -- C:\Windows\System32\drivers\_VOIDdxridlwvgq.sys
    [2010/02/24 18:17:17 | 000,028,160 | ---- | C] () -- C:\Windows\System32\_VOIDppnxptedhk.dll
    [2010/02/24 18:17:17 | 000,000,248 | ---- | C] () -- C:\Windows\System32\_VOIDocotrxptxj.dat
    :reg
  • Save this notepad file to your flash drive, and move the flash drive over to your infected machine. Boot the machine using the OTLPE disk you created earlier.
From the OTLPE Environment
  • Please reopen OTLPE on your desktop.
  • Copy and Paste the contents of the notepad file saved to your Flash Drive into the textbox.
  • Push
  • When the fix is complete a report will open. Use a Flash drive to move the report over to your clean computer and Copy and Paste that report in your next reply.
***************************************************

At this point, please reboot your infected machine and attempt to boot into normal Windows.

~Blade


In your next reply, please include the following:
OTLPE Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 ShaneJ

ShaneJ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 25 February 2010 - 02:05 PM

I copied the text into the Custom Scans/Fixes box, and clicked Run Fix. After it finished, a popup indicated: "Fix Complete! Click Ok to opent the fix log." I clicked OK, and no log appeared. The C:\OTL.txt was also unchanged.
I am attempting to reboot into normal windows now.

{Edit}
I have attempted to restart both normally and in safe mode, and remain with a responsive mouse cursor rendered on a black screen. Monitor continues to go to sleep if left to sit long enough.

Edited by ShaneJ, 25 February 2010 - 02:20 PM.


#8 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:44 PM

Posted 25 February 2010 - 03:44 PM

Hello ShaneJ

First, please check the following location for the log from the OTL fix: C:\_OTL\Moved Files. Next, please follow the steps below

From a clean computer:Boot the infected machine using the OTLPE boot disk you created earlier.

From the booted environment:
  • Insert your flash drive into the machine, and copy the downloaded program to your Desktop.
  • Close all other windows, then double click the program to run it.
  • Once the program is finished, a logfile will be generated. Save this logfile to your Flash Drive.
  • Move the flash drive back to the clean computer and post the log in your next reply.
~Blade


In your next reply, please include the following:
OTL fix log (if found)
DDS.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#9 ShaneJ

ShaneJ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 25 February 2010 - 04:10 PM

Please find below the OTL log.

{Edit}
When I attempt to run dds-bootcd.exe it generates multiple error dialogues, and the command window remains open with no change. The errors are as follows:
C:Windows\System32\regsvr32.exe is not a valid Win32 application.
C:Windows\System32\regsvr32.exe is not a valid Win32 application. (repeats)
C:Windows\System32\regsvr32.exe is not a valid Win32 application. (repeats again)
C:Windows\System32\findstr.exe is not a valid Win32 application.

The prompt then responds like a normal dos prompt.

========== SERVICES/DRIVERS ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\_VOIDd.sys deleted successfully.
========== OTL ==========
C:\Users\Bob\Desktop\Paladin Antivirus Support.lnk moved successfully.
C:\Users\Bob\Desktop\Paladin Antivirus.lnk moved successfully.
C:\Windows\System32\_VOIDunjfvpesbn.dll moved successfully.
C:\Windows\System32\_VOIDpevfamvnir.dll moved successfully.
C:\Windows\System32\drivers\_VOIDdxridlwvgq.sys moved successfully.
C:\Windows\System32\_VOIDppnxptedhk.dll moved successfully.
C:\Windows\System32\_VOIDocotrxptxj.dat moved successfully.
========== REGISTRY ==========

OTLPE by OldTimer - Version 3.1.30.1 log created on 02252010_140014

Edited by ShaneJ, 25 February 2010 - 04:16 PM.


#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:44 PM

Posted 26 February 2010 - 11:27 PM

Hi ShaneJ

Sorry for the delay.

Please run another OTLPE scan as follows:
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Use SafeList
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the C:\OTL.txt file in your reply.
~Blade


In your next reply, please include the following:
OTL.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#11 ShaneJ

ShaneJ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 27 February 2010 - 12:06 AM

Please find the OTL logfile below.
Thanks for the ongoing assistance, I am looking forward to getting my desktop back.

OTL logfile created on: 2/26/2010 11:54:40 PM - Run
OTLPE by OldTimer - Version 3.1.30.1 Folder = X:\Programs\OTLPE
Windows Vista ™ Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 170.38 Gb Free Space | 37.80% Space Free | Partition Type: NTFS
Drive D: | 1.97 Gb Total Space | 1.40 Gb Free Space | 70.95% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 15.00 Gb Total Space | 2.57 Gb Free Space | 17.11% Space Free | Partition Type: NTFS
Drive X: | 276.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (SessionLauncher)
SRV - [2009/12/08 23:48:27 | 000,030,192 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/11/25 10:33:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/20 22:49:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/08/12 13:07:39 | 000,312,568 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/08 07:12:06 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/30 15:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/12/09 15:22:48 | 000,026,112 | ---- | M] () [Auto] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/11/04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/09/25 16:01:32 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/06/03 02:33:18 | 000,684,032 | ---- | M] (ATI Technologies Inc.) [Auto] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/05/14 09:32:18 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 09:32:10 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 09:31:38 | 001,120,752 | ---- | M] (Sonic Solutions) [On_Demand] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/05/02 13:09:04 | 000,161,048 | ---- | M] (Stardock Corporation) [Auto] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/03/24 06:35:22 | 000,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/02/13 10:43:36 | 000,441,136 | ---- | M] (Broadcom Corporation.) [Auto] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/11/02 07:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/21 11:38:44 | 000,508,824 | ---- | M] ( ) [Disabled] -- C:\Windows\System32\DKabcoms.exe -- (dkab_device)
SRV - [2006/02/28 11:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [Disabled] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (CTHWIUT.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (CTEXFIFX.DLL)
DRV - File not found [Kernel | On_Demand] -- -- (CT20XUT.DLL)
DRV - [2010/02/24 19:48:13 | 000,024,416 | ---- | M] (Greatis Software) [Kernel | On_Demand] -- C:\Windows\System32\drivers\regguard.sys -- (RegGuard)
DRV - [2010/02/24 19:46:23 | 000,034,760 | ---- | M] (Greatis Software) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Partizan.sys -- (Partizan)
DRV - [2009/11/04 23:07:20 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/07/28 22:48:37 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/14 22:33:21 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/14 22:33:21 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/14 20:44:22 | 001,443,584 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2009/06/03 14:27:56 | 001,177,624 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/06/03 14:27:44 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/06/03 14:27:34 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/06/03 14:27:26 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/06/03 14:27:20 | 000,130,072 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/06/03 14:27:00 | 000,527,512 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/06/03 14:26:50 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/06/03 14:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/06/03 14:26:40 | 001,324,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/06/03 14:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/06/03 14:26:26 | 000,072,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/06/03 14:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/06/03 14:26:16 | 000,171,032 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/02/19 09:54:48 | 001,222,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2008/12/09 15:23:42 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/12/09 15:21:48 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/03 05:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 05:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/08 02:00:00 | 000,044,944 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\Windows\System32\drivers\pxhelp20.sys -- (PxHelp20)
DRV - [2008/01/20 21:24:06 | 000,012,800 | ---- | M] (Microsoft Corporation) [Recognizer | System] -- C:\Windows\System32\drivers\fs_rec.sys -- (Fs_Rec)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/11 03:43:48 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\Windows\System32\drivers\iaStor.sys -- (iaStor)
DRV - [2007/09/12 03:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/06/01 12:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pmxmouse.sys -- (pmxmouse)
DRV - [2007/05/24 15:44:00 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pmxusblf.sys -- (pmxusblf)
DRV - [2007/04/01 23:42:08 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/04/01 23:42:04 | 000,080,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/04/01 23:42:02 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:10:22 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand] -- C:\Windows\System32\WINSOCK.DLL -- (Winsock)
DRV - [2006/11/02 01:37:21 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2004/08/09 06:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004/08/09 06:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004/07/19 09:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\Windows\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003/12/01 10:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Bob_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=5080925
IE - HKU\Bob_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/
IE - HKU\Bob_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Bob_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/19 15:55:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 15:55:24 | 000,000,000 | ---D | M]

[2010/02/24 18:13:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/30 15:11:11 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Bluetooth HCI Monitor] C:\Windows\System32\HCIMNTR.DLL (Logitech Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PMX Daemon] C:\Windows\System32\ico.exe (Primax Electronics Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\Bob_ON_C..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\Bob_ON_C..\Run: [Google Update] C:\Users\Bob\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\Bob_ON_C..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\Bob_ON_C..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe (Greatis Software)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EditLevel = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle = %SystemRoot%\Resources\Themes\Luna.theme File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send To CaseMap - C:\Windows\System32\lnToCM.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\Bob_ON_C\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\Bob_ON_C\..Trusted Ranges: 1 range(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/C/0...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img35.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{7d19394b-ca1e-11de-8940-001e4ce685dd}\Shell - "" = AutoRun
O33 - MountPoints2\{7d19394b-ca1e-11de-8940-001e4ce685dd}\Shell\AutoRun\command - "" = M:\AutoRun.exe -- File not found
O33 - MountPoints2\{7d193a04-ca1e-11de-8940-001e4ce685dd}\Shell - "" = AutoRun
O33 - MountPoints2\{7d193a04-ca1e-11de-8940-001e4ce685dd}\Shell\AutoRun\command - "" = N:\autorun.exe -- File not found
O33 - MountPoints2\{7edc5581-1da8-11df-b7ec-001e4ce685dd}\Shell - "" = AutoRun
O33 - MountPoints2\{7edc5581-1da8-11df-b7ec-001e4ce685dd}\Shell\AutoRun\command - "" = P:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (Partizan) - C:\Windows\System32\Partizan.exe (Greatis Software)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/26 23:52:11 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft
[2010/02/26 23:51:22 | 000,000,000 | --SD | C] -- B:\Documents and Settings\Default User\Cookies
[2010/02/26 23:51:22 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Recent
[2010/02/26 23:51:22 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Pictures
[2010/02/26 23:51:22 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents\My Music
[2010/02/26 23:51:22 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\My Documents
[2010/02/26 23:51:22 | 000,000,000 | R--D | C] -- B:\Documents and Settings\Default User\Favorites
[2010/02/26 23:51:22 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Templates
[2010/02/26 23:51:22 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings\Application Data\Temp
[2010/02/26 23:51:22 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Start Menu
[2010/02/26 23:51:22 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\SendTo
[2010/02/26 23:51:22 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\PrintHood
[2010/02/26 23:51:22 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\NetHood
[2010/02/26 23:51:22 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\My Documents\My Videos
[2010/02/26 23:51:22 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data\Microsoft
[2010/02/26 23:51:22 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Local Settings
[2010/02/26 23:51:22 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Desktop
[2010/02/26 23:51:22 | 000,000,000 | ---D | C] -- B:\Documents and Settings\Default User\Application Data
[2010/02/25 16:24:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/25 14:00:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/02/24 19:48:13 | 000,024,416 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/02/24 19:46:23 | 000,035,040 | ---- | C] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/02/24 19:46:23 | 000,034,760 | ---- | C] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/02/24 19:46:18 | 000,000,000 | ---D | C] -- C:\Users\Bob\Documents\RegRun2
[2010/02/24 19:46:17 | 000,012,752 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\System32\drivers\UnHackMeDrv.sys
[2010/02/24 19:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/02/24 19:44:01 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Bob\Desktop\mbam-setup.exe
[2010/02/24 19:21:32 | 000,000,000 | ---D | C] -- C:\Program Files\Paladin Antivirus
[2010/02/24 19:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/24 18:23:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/02/24 18:23:58 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/24 18:21:38 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Users\Bob\Desktop\Ad-AwareInstaller.exe
[2010/02/23 21:01:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/02/23 21:01:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/23 21:01:27 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/23 21:01:25 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/23 21:01:25 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/23 21:01:25 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/23 21:01:25 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/23 21:01:25 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/02/23 21:01:25 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/23 21:01:25 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/23 21:01:24 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/02/23 21:01:23 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/02/23 21:01:23 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/02/22 09:16:45 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Ascaron Entertainment
[2010/02/21 23:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Deep Silver
[2010/02/21 23:18:19 | 000,000,000 | ---D | C] -- C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
[2010/02/19 18:16:35 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Local\Divinity 2
[2010/02/19 17:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Divinity II - Ego Draconis
[2010/02/19 17:24:36 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WING.DLL
[2010/02/19 17:24:36 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WAVMIX16.DLL
[2010/02/19 17:24:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WING32.DLL
[2010/02/19 09:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mass Effect 2
[2010/02/18 19:02:52 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010/02/18 19:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Netstorm
[2010/02/17 01:58:26 | 000,188,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WINGDE.DLL
[2010/02/17 01:58:26 | 000,092,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WING.DLL
[2010/02/17 01:58:26 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WAVMIX16.DLL
[2010/02/17 01:58:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WING32.DLL
[2010/02/17 01:58:26 | 000,006,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WINGDIB.DRV
[2010/02/17 01:58:26 | 000,005,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\WINGPAL.WND
[2010/02/17 01:58:25 | 000,000,000 | ---D | C] -- C:\SIMTOWER
[2010/02/15 02:25:17 | 000,000,000 | ---D | C] -- C:\Users\Bob\Desktop\Imperialism
[2010/02/12 03:52:57 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/02/09 16:58:29 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/09 16:58:29 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/09 16:58:26 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/09 16:58:26 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/02/09 16:58:26 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/09 16:58:26 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/09 02:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\ReflexiveArcade
[2010/02/08 19:53:49 | 000,000,000 | ---D | C] -- C:\Users\Bob\AppData\Roaming\SaintXi
[2009/06/03 12:21:54 | 000,060,928 | ---- | C] ( ) -- C:\Windows\System32\a3d.dll
[2009/03/22 19:48:21 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll
[2009/03/22 19:47:49 | 001,204,224 | ---- | C] ( ) -- C:\Windows\System32\DKabserv.dll
[2009/03/22 19:47:49 | 000,987,136 | ---- | C] ( ) -- C:\Windows\System32\DKabusb1.dll
[2009/03/22 19:47:49 | 000,675,840 | ---- | C] ( ) -- C:\Windows\System32\DKabpmui.dll
[2009/03/22 19:47:49 | 000,561,152 | ---- | C] ( ) -- C:\Windows\System32\DKablmpm.dll
[2009/03/22 19:47:49 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\DKabpar1.dll
[2009/03/22 19:47:49 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\DKabinpa.dll
[2009/03/22 19:47:49 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\DKabprox.dll
[2009/03/22 19:47:49 | 000,114,688 | ---- | C] ( ) -- C:\Windows\System32\DKabpplc.dll
[2009/03/22 19:47:48 | 001,056,768 | ---- | C] ( ) -- C:\Windows\System32\DKabip1.dll
[2009/03/22 19:47:48 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\DKabcomc.dll
[2009/03/22 19:47:48 | 000,507,904 | ---- | C] ( ) -- C:\Windows\System32\DKabhcp.dll
[2009/03/22 19:47:48 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\DKabcomm.dll
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/26 23:54:01 | 000,001,332 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/25 15:57:48 | 000,412,501 | ---- | M] () -- C:\dds-bootcd.exe
[2010/02/25 14:16:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/24 19:49:24 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2010/02/24 19:49:24 | 000,055,468 | ---- | M] () -- C:\Windows\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2010/02/24 19:49:24 | 000,000,788 | ---- | M] () -- C:\Windows\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-60021102}.rfx
[2010/02/24 19:49:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/24 19:49:16 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/24 19:49:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/02/24 19:49:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/24 19:49:15 | 006,291,456 | -H-- | M] () -- C:\Users\Bob\AppData\Local\IconCache.db
[2010/02/24 19:48:13 | 000,024,416 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\regguard.sys
[2010/02/24 19:46:33 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/02/24 19:46:33 | 000,001,688 | ---- | M] () -- C:\Windows\System32\autoexec.nt
[2010/02/24 19:46:33 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2010/02/24 19:46:23 | 000,035,040 | ---- | M] (Greatis Software) -- C:\Windows\System32\Partizan.exe
[2010/02/24 19:46:23 | 000,034,760 | ---- | M] (Greatis Software) -- C:\Windows\System32\drivers\Partizan.sys
[2010/02/24 19:46:17 | 000,000,754 | ---- | M] () -- C:\Users\Bob\Desktop\UnHackMe.lnk
[2010/02/24 19:45:35 | 000,704,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/24 19:45:35 | 000,604,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/24 19:45:35 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/24 19:23:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-282226416-3928609622-257776007-1000UA.job
[2010/02/24 19:04:54 | 244,428,260 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/02/24 18:23:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-282226416-3928609622-257776007-1000Core.job
[2010/02/24 18:15:41 | 000,018,432 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\1483.exe
[2010/02/24 03:19:01 | 000,078,360 | ---- | M] () -- C:\Users\Bob\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/24 03:18:17 | 000,319,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/23 01:05:52 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settingsbkup.sfm
[2010/02/23 01:05:52 | 000,001,080 | ---- | M] () -- C:\Windows\System32\settings.sfm
[2010/02/22 08:49:48 | 000,139,264 | ---- | M] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/19 18:10:13 | 000,001,919 | ---- | M] () -- C:\Users\Bob\Desktop\Divinity II - Ego Draconis.lnk
[2010/02/19 02:25:11 | 000,001,547 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/19 02:25:11 | 000,001,535 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/19 02:25:11 | 000,001,479 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/19 02:25:11 | 000,001,475 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/19 02:25:11 | 000,001,437 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/19 02:25:11 | 000,001,343 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/19 02:25:10 | 000,001,483 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/19 02:25:10 | 000,001,469 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/19 02:25:10 | 000,001,465 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/19 02:25:10 | 000,001,427 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/19 02:25:10 | 000,001,371 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/19 02:25:10 | 000,001,353 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/19 02:25:10 | 000,001,347 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/19 02:25:10 | 000,001,313 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/19 02:25:10 | 000,001,261 | ---- | M] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/18 19:02:45 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010/02/15 03:50:07 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Users\Bob\Desktop\Ad-AwareInstaller.exe
[2010/02/12 11:45:32 | 000,000,253 | ---- | M] () -- C:\Windows\system.ini
[2010/02/11 23:35:22 | 000,000,090 | ---- | M] () -- C:\Windows\FE.INI
[2010/02/11 21:35:31 | 000,705,980 | ---- | M] () -- C:\Users\Bob\Documents\Lexcorp, 7.00AM May 18 2000.Sav
[2010/02/11 18:23:34 | 000,002,034 | ---- | M] () -- C:\Users\Bob\Desktop\Google Chrome.lnk
[2010/02/11 04:43:19 | 000,468,150 | ---- | M] () -- C:\Users\Bob\Documents\Billingsley Co., 7.02AM Jan 19 2000.Sav
[2010/02/10 08:27:07 | 000,018,032 | ---- | M] () -- C:\Users\Bob\Documents\bob_ree2.sav
[2010/02/10 08:27:07 | 000,000,010 | ---- | M] () -- C:\Users\Bob\Documents\ree2.sav
[2010/02/08 17:31:02 | 000,022,328 | ---- | M] () -- C:\Users\Bob\AppData\Roaming\PnkBstrK.sys
[2010/02/08 17:30:47 | 000,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2010/02/03 16:27:28 | 000,001,704 | ---- | M] () -- C:\Users\Bob\Desktop\Defraggler.lnk
[7 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[10 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/26 23:51:22 | 000,001,547 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\MSKeyViewer Plus.lnk
[2010/02/26 23:51:22 | 000,001,535 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\RegistryEditorPE.lnk
[2010/02/26 23:51:22 | 000,001,483 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\HandyRecovery 1.lnk
[2010/02/26 23:51:22 | 000,001,479 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Undelete Plus.lnk
[2010/02/26 23:51:22 | 000,001,475 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Magical Jelly Bean Keyfinder.lnk
[2010/02/26 23:51:22 | 000,001,469 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DiskPartitioner.lnk
[2010/02/26 23:51:22 | 000,001,465 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Agent Ransack.lnk
[2010/02/26 23:51:22 | 000,001,437 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\notepad++.lnk
[2010/02/26 23:51:22 | 000,001,427 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\2xExplorer.lnk
[2010/02/26 23:51:22 | 000,001,371 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\ImgBurn.lnk
[2010/02/26 23:51:22 | 000,001,353 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\DriveImage XML.lnk
[2010/02/26 23:51:22 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\A43 File Management Utility.lnk
[2010/02/26 23:51:22 | 000,001,347 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\7-Zip File Manager.lnk
[2010/02/26 23:51:22 | 000,001,343 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Windows Registry Recovery.lnk
[2010/02/26 23:51:22 | 000,001,332 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\OTLPE.lnk
[2010/02/26 23:51:22 | 000,001,313 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Disk Investigator.lnk
[2010/02/26 23:51:22 | 000,001,261 | ---- | C] () -- B:\Documents and Settings\Default User\Desktop\Internet Explorer.lnk
[2010/02/25 16:11:16 | 000,412,501 | ---- | C] () -- C:\dds-bootcd.exe
[2010/02/24 19:46:33 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2010/02/24 19:46:17 | 000,000,754 | ---- | C] () -- C:\Users\Bob\Desktop\UnHackMe.lnk
[2010/02/24 19:45:48 | 009,061,300 | ---- | C] () -- C:\Users\Bob\Desktop\unhackme.zip
[2010/02/24 18:26:01 | 244,428,260 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/02/24 18:15:41 | 000,018,432 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\1483.exe
[2010/02/19 18:10:13 | 000,001,919 | ---- | C] () -- C:\Users\Bob\Desktop\Divinity II - Ego Draconis.lnk
[2010/02/19 17:45:15 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settingsbkup.sfm
[2010/02/19 17:45:15 | 000,001,080 | ---- | C] () -- C:\Windows\System32\settings.sfm
[2010/02/17 01:58:26 | 000,002,554 | ---- | C] () -- C:\Windows\WAVEMIX.INI
[2010/02/17 01:58:26 | 000,001,966 | ---- | C] () -- C:\Windows\System\DVA.386
[2010/02/17 01:33:21 | 002,356,736 | ---- | C] () -- C:\Users\Bob\Desktop\JSanJuan_v11.exe
[2010/02/11 21:35:31 | 000,705,980 | ---- | C] () -- C:\Users\Bob\Documents\Lexcorp, 7.00AM May 18 2000.Sav
[2010/02/11 04:43:22 | 000,000,090 | ---- | C] () -- C:\Windows\FE.INI
[2010/02/11 04:43:19 | 000,468,150 | ---- | C] () -- C:\Users\Bob\Documents\Billingsley Co., 7.02AM Jan 19 2000.Sav
[2010/02/09 02:41:55 | 000,018,032 | ---- | C] () -- C:\Users\Bob\Documents\bob_ree2.sav
[2010/02/09 02:41:27 | 000,000,010 | ---- | C] () -- C:\Users\Bob\Documents\ree2.sav
[2010/02/08 17:31:02 | 000,022,328 | ---- | C] () -- C:\Users\Bob\AppData\Roaming\PnkBstrK.sys
[2010/02/08 17:30:47 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/02/03 16:27:28 | 000,001,704 | ---- | C] () -- C:\Users\Bob\Desktop\Defraggler.lnk
[2010/01/25 08:39:39 | 000,102,400 | ---- | C] () -- C:\Windows\System32\LNToCMCrypt.dll
[2010/01/14 19:11:18 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2009/12/30 18:38:52 | 000,000,091 | ---- | C] () -- C:\Users\Bob\AppData\Local\fusioncache.dat
[2009/11/25 10:00:38 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/18 16:32:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/28 16:05:57 | 000,000,110 | ---- | C] () -- C:\Windows\ENations.ini
[2009/06/03 13:00:30 | 000,026,928 | ---- | C] () -- C:\Windows\System32\instwdm.ini
[2009/06/03 13:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\System32\ctzapxx.ini
[2009/06/03 12:19:42 | 000,002,560 | ---- | C] () -- C:\Windows\System32\CtxfiRes.dll
[2009/05/26 10:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\System32\kill.ini
[2009/04/03 07:38:57 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009/04/03 07:38:54 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009/03/31 15:10:42 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/03/22 21:37:24 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/03/22 21:37:23 | 002,255,360 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2009/03/22 21:37:23 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/03/22 21:37:23 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/03/22 21:37:22 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/03/22 21:37:21 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/03/22 21:37:21 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/03/22 14:40:07 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/03/22 11:50:11 | 000,139,264 | ---- | C] () -- C:\Users\Bob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 07:58:02 | 000,002,560 | ---- | C] () -- C:\Windows\CTXFIRES.DLL
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/25 19:05:23 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/09/25 19:05:22 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2008/09/25 19:05:17 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/09/25 15:31:07 | 000,164,864 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2008/09/25 15:31:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2008/09/25 15:27:36 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/09/25 15:22:22 | 000,131,066 | ---- | C] () -- C:\Windows\System32\DellPM.ini
[2007/02/13 10:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/12/27 10:34:00 | 000,462,848 | ---- | C] () -- C:\Windows\System32\softcoin.dll
[2006/12/27 10:34:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\gencoin.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/11/16 23:00:18 | 000,001,361 | ---- | C] () -- C:\Windows\System32\WLAN.INI
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/01/09 18:04:45 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Arcen Games, LLC
[2009/05/24 16:16:51 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Braid
[2010/01/25 08:40:27 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\CaseSoft
[2009/10/14 19:12:21 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\DivoGames
[2009/09/03 09:09:24 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\GraveyardShift
[2009/03/30 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\PlayFirst
[2009/11/05 13:51:11 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\runic games
[2010/02/08 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\SaintXi
[2009/10/15 10:07:46 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\ShinyTales
[2009/04/20 07:34:19 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Stardock
[2010/01/18 20:42:33 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\The Creative Assembly
[2009/06/18 21:36:29 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Tilted Mill
[2010/01/15 19:17:02 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Tropico 3
[2009/12/30 18:38:56 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Turbine
[2009/07/14 22:52:08 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\Ubisoft
[2009/12/02 09:33:48 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\UDP Software
[2009/05/26 09:50:44 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\ValuSoft
[2009/06/23 07:55:48 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\webex
[2009/06/28 10:43:48 | 000,000,000 | ---D | M] -- C:\Users\Bob\AppData\Roaming\YoudaGames
[2010/02/24 19:49:16 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:44 PM

Posted 01 March 2010 - 01:19 PM

Hello ShaneJ

My apologies for the delay in reply.
Before we continue: I would like you to know that I'm consulting some colleagues on the matter, so you've got a team of experts working on this. However, fixes we try at this point may be experimental in nature, as your situation is a unique one. Removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

In light of this it would be wise for you to back up any files and folders that you don't want to lose before we continue. You may do this by using the OTLPE disk to access your hard drive, and copy files to a USB drive.

***************************************************

From a clean computer
  • Copy and paste the contents of the following codebox into a Notepad file. Do not include the word "Code"
    CODE
    :OTL
    O20 - HKLM Winlogon: GinaDLL - (GTGina.dll) - File not found
  • Save this notepad file to your flash drive, and move the flash drive over to your infected machine. Boot the machine using the OTLPE disk you created earlier.
From the OTLPE Environment
  • Please reopen OTLPE on your desktop.
  • Copy and Paste the contents of the notepad file saved to your Flash Drive into the textbox.
  • Push
  • When the fix is complete a report will open. Use a Flash drive to move the report over to your clean computer and Copy and Paste that report in your next reply.
***************************************************

At this point, please reboot your infected machine and attempt to boot into normal Windows.

~Blade

Edited by Blade Zephon, 01 March 2010 - 01:19 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 ShaneJ

ShaneJ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 01 March 2010 - 06:58 PM

I have understood your warning. The first thing I did upon using the OTLPE disc and regaining access to my harddrive was to back up all the files I was concerned about. I can reinstall the factory image at this point with minimal loss, though would still prefer not to if at all possible.

I attempted to restart in normal windows and all three safe modes, and loaded the mouse cursor on a black background again.

Please see the log file copied below.



========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL:GTGina.dll deleted successfully.

OTLPE by OldTimer - Version 3.1.30.1 log created on 03012010_185146

#14 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:09:44 PM

Posted 02 March 2010 - 02:36 PM

Hello ShaneJ

Before we continue further I would like you to disconnect all auxilliary hardware (printers, USB devices, routers, etc) and try booting. Leave only the keyboard, mouse, and monitor connected. Let me know if there is any change.

Sorry this is proving to be so difficult.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#15 ShaneJ

ShaneJ
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 03 March 2010 - 10:46 AM

I have disconnected the printer, the only remaining peripheral, with the exception of the antenna extension for my wifi. I can remove it, however, access to my network is likely to be impossible should the computer restart.
Nevertheless, attempted restarts after disconnecting the printer results in the same black screen and mouse condition, in all safe modes and regular startup.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users