Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection Smorgasbord


  • This topic is locked This topic is locked
37 replies to this topic

#1 aanight

aanight

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 17 April 2010 - 12:30 AM

Hello and thank you in advance for any help or advice you're willing to offer me in helping to clean up my computer!

I am having major malware trouble with a Windows XP Professional PC. It was running SP2 and Internet Explorer 6 with Norton Internet Security 2006 and no firewall (both Norton's and Windows' were turned off). Symptoms included frequent, unsolicited pop-up ads, extremely slow start-up and overall sluggish performance leading to program and system crashes, as well as flickering of the monitor display when manipulating various screen objects (activating the Start menu, opening a folder, etc.) and instances and proliferation of discolored pixels in the display. (The discolored pixels were variable and seemingly independent of the screen's content: The discolored pixels would appear and disappear as random colors in random places throughout use of the computer, and when appearing within a displayed folder, for example, dragging and moving the folder would not move the discolored pixel relative to the pixel's position on the screen. Also, when the computer starts up and a lot of lines of white text on black background rapidly scroll by, a few random letters/numbers would show up as colors other than white... pink or green or blue, etc...?)

Numerous Norton and Malwarebytes' Anti-Malware scans found nothing, but I got lucky once with a SUPERAntiSpyware scan which found nearly 100 instances of malware largely consisting of Gamevance, SpyLocked, Installer-Pkg/Gen, and Gen-Nullo infections. Cleaning these up greatly improved the performance of the computer, but the discolored pixels remained, albeit less abundantly, so I knew it wasn't completely cleaned up. The computer is now running XP SP3 and IE8 with the Windows Firewall on (and Norton Internet Security 2006). It didn't take long, however, for the computer's malware-ridden condition to return, and it is largely in as poor a state as before.

No pop-up troubles and less screen flickering, but the computer is basically locked up from start-up on. Explorer.exe doesn't load properly at start-up; I've had to execute it through the task manager in order to access the destop. Even then, Start Menu and My Computer are inaccessible, and the entire system freezes or quickly gets bogged down while trying to do anything. It was quite the challenge just to get the DDS and GMER logs and then get them off of the computer. Norton, Malwarebytes', and SUPERAntiSpyware scans, of course, find nothing.

Thank you again for any help or advice you can give me to help clean up the computer!

I was unable to get a screenshot example of the discolored pixels to attach, but if you were to copy-and-paste a normal screenshot into MS Paint and then lightly spritz it randomly with the spray can tool, that's about how it looks occasionally.

I've attached the Attach.txt and Ark.txt and below is the DDS.txt log:


DDS (Ver_10-03-17.01) - NTFSx86
Run by B________ at 19:38:56.13 on Fri 04/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1579 [GMT -5:00]

AV: Norton Internet Security 2006 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\java.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Documents and Settings\B________\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061113
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: {20EE85B7-6C5C-4083-B703-C0E7D76AC8E3} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTDVDDET] "c:\program files\creative\sound blaster x-fi\dvdaudio\CTDVDDET.EXE"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
IE: &Test1 - c:\windows\system32\icq6s.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: excite.com
Trusted Zone: excite.com\www
Trusted Zone: farms.com\ames
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: windowsupdate.com
DPF: CabBuilder - hxxp://www.imgag.com/kiw/toolbar/download/InstallerControl.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: wnydby.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: IPC Configuration Utility - No File
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-11-17 334984]
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-11-17 53896]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-11-17 191848]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-11-17 202088]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-11-17 169320]
R2 CX88XBAR;Video Advantage PCI Crossbar;c:\windows\system32\drivers\cx88xbar.sys [2006-11-19 9216]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-4-18 204800]
R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-11-17 139888]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-11-13 1251720]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-1 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100416.003\NAVENG.Sys [2010-4-16 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100416.003\NavEx15.Sys [2010-4-16 1324720]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-11-17 198368]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

============== File Associations ===============

scrfile="%1" %*

=============== Created Last 30 ================

2010-04-16 20:02:13 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-16 20:02:13 0 d-----w- c:\docume~1\b_____~1\applic~1\SUPERAntiSpyware.com
2010-04-15 22:19:34 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-04-15 20:53:09 310 ----a-w- c:\documents and settings\b________\UnifiedToolbarCleanup.bat
2010-04-15 17:15:01 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-15 14:28:25 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2010-04-15 14:28:24 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2010-04-15 14:28:20 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2010-04-15 14:27:46 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2010-04-15 13:40:56 0 d-----w- c:\windows\system32\scripting
2010-04-15 13:40:56 0 d-----w- c:\windows\l2schemas
2010-04-15 13:40:55 0 d-----w- c:\windows\system32\en
2010-04-15 13:40:55 0 d-----w- c:\windows\system32\bits
2010-04-15 13:38:15 0 d-----w- c:\windows\network diagnostic
2010-04-13 21:41:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-09 13:40:52 162 ---ha-w- C:\~$Normal.dot
2010-04-05 01:00:28 0 d-sh--w- c:\documents and settings\b________\IECompatCache
2010-04-05 00:58:54 0 d-sh--w- c:\documents and settings\b________\PrivacIE
2010-04-04 23:46:32 0 d-sh--w- c:\documents and settings\b________\IETldCache
2010-04-04 23:41:02 0 d-----w- c:\windows\ie8updates
2010-04-04 23:40:05 0 dc-h--w- c:\windows\ie8
2010-04-04 23:38:45 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-04 23:38:45 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-04 23:38:45 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-04 23:38:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-04-04 23:38:44 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-04-04 23:38:30 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-04-01 05:28:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-01 05:28:50 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-01 05:28:50 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 04:16:47 0 d-----w- c:\docume~1\b_____~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-04-01 04:04:44 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-01 02:37:33 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-01 02:19:45 0 d-----w- c:\windows\ERUNT
2010-04-01 01:50:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-31 19:21:28 0 dc----w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}

==================== Find3M ====================

2010-04-15 22:13:45 4338 ----a-w- c:\windows\system32\tmp.reg
2010-03-26 16:02:36 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-03-26 16:02:36 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-03-26 16:02:36 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-03-26 16:02:36 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-04 20:01:09 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-03-04 20:01:09 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-03-04 20:01:09 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-02-25 16:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-25 06:24:37 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-02-25 06:24:37 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-02-25 06:24:37 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-02-25 06:24:37 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-02-25 06:24:36 5944832 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-02-25 06:24:35 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-02-25 06:24:35 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-02-25 06:24:34 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-02-24 13:11:07 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-24 09:54:25 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-17 14:10:28 2189952 ------w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 14:08:49 2146304 ------w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-16 13:25:04 2066816 ------w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 13:25:04 2024448 ------w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2007-09-03 00:10:21 774144 ----a-w- c:\program files\RngInterstitial.dll
2007-03-11 16:56:28 88 --sh--r- c:\windows\system32\8F2219AC2C.sys
2007-03-11 16:58:45 4076 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 19:39:31.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:58 AM

Posted 21 April 2010 - 09:54 PM

Hi aanight,

Welcome to Bleeping Computer.

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don''t hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

As it has been a few days, I'm going to need some fresh logs. Please run the following:

STEP 1 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 3 - OTL

Open OTL. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Change the Standard Registry and Extra Registry options to Use Safelist.
  • Check the boxes beside LOP Check and Purity Check.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • OTL Log
  • GMER Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 aanight

aanight
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 22 April 2010 - 06:53 PM

Hello, mpascal. Thank you for taking the time to reply and help me with my computer woes.

Here are the fresh MBAM, GMER, and OTL logs:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4020

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/22/2010 01:19:35 AM
mbam-log-2010-04-22 (01-19-35).txt

Scan type: Quick scan
Objects scanned: 113000
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-22 12:20:02
Windows 5.1.2600 Service Pack 3
Running: ignh75iy.exe; Driver: C:\DOCUME~1\B_____~1\LOCALS~1\Temp\pxtdqpow.sys


---- System - GMER 1.0.15 ----

SSDT 89DF6E68 ZwAlertResumeThread
SSDT 8A084878 ZwAlertThread
SSDT 89E55E98 ZwAllocateVirtualMemory
SSDT 89E600F0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA6558020]
SSDT 89E5A238 ZwCreateMutant
SSDT 89FB7DF0 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA65582A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA6558800]
SSDT 89E412A8 ZwFreeVirtualMemory
SSDT 8A0B2308 ZwImpersonateAnonymousToken
SSDT 89B5E9D8 ZwImpersonateThread
SSDT 89FFF418 ZwMapViewOfSection
SSDT 8A0B55D0 ZwOpenEvent
SSDT 8A002E28 ZwOpenProcessToken
SSDT 8A0B0828 ZwOpenThreadToken
SSDT 89DF4A20 ZwResumeThread
SSDT 89D7E580 ZwSetContextThread
SSDT 8A005960 ZwSetInformationProcess
SSDT 89E03168 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA6558A50]
SSDT 89FFB370 ZwSuspendProcess
SSDT 89B58490 ZwSuspendThread
SSDT 8A002C10 ZwTerminateProcess
SSDT 89FAB0A8 ZwTerminateThread
SSDT 8A061F00 ZwUnmapViewOfSection
SSDT 88C64410 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D3C 805045D8 4 Bytes JMP 995ACF92
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB89C0380, 0x21F1AD, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----



OTL logfile created on: 4/22/2010 05:40:39 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\B________\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.17 Gb Total Space | 256.15 Gb Free Space | 87.08% Space Free | Partition Type: NTFS
Drive D: | 673.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: B__
Current User Name: B________
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\B________\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE (Symantec Corporation)
PRC - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE (Symantec Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\B________\Desktop\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (RetroLauncher) -- File not found
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (navapsvc) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (ccISPwdSvc) -- C:\Program Files\Norton Internet Security\ccPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Norton Internet Security\comHost.exe (Symantec Corporation)
SRV - (NSCService) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SAVScan) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100422.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100422.002\NAVENG.SYS (Symantec Corporation)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20100415.001\SymIDSCo.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GcKernel) -- C:\WINDOWS\system32\drivers\gckernel.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (SAVRT) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (CX23880) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems, Inc.)
DRV - (CX88XBAR) -- C:\WINDOWS\system32\drivers\cx88xbar.sys (Conexant Systems, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061113
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061113

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{55DFB500-63D9-4B14-9657-460B9BA63AA8}: C:\Documents and Settings\B________\Local Settings\Application Data\{55DFB500-63D9-4B14-9657-460B9BA63AA8} [2009/01/17 19:37:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/15 17:20:29 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {20EE85B7-6C5C-4083-B703-C0E7D76AC8E3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O15 - HKCU\..Trusted Domains: excite.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: excite.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: farms.com ([ames] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://www.imgag.com/kiw/toolbar/download/...llerControl.cab (Reg Error: Key error.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - AppInit_DLLs: (wnydby.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/01/16 12:23:48 | 000,126,976 | R--- | M] (Impressions Games) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/03/26 18:17:24 | 000,000,189 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5b4bfdda-f7b7-11de-8fe1-001676c25166}\Shell\AutoRun\command - "" = K:\mybatchfile.bat -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 18:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/04/22 12:14:49 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\B________\Desktop\OTL.exe
[2010/04/16 15:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B________\Application Data\SUPERAntiSpyware.com
[2010/04/16 15:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/15 17:40:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/15 17:38:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/15 17:19:34 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/04/15 17:13:20 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/04/15 17:13:20 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/04/15 17:13:20 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/04/15 17:13:20 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010/04/15 17:13:20 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/04/15 17:13:20 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010/04/15 17:13:20 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010/04/15 17:13:20 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/04/15 17:13:20 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/04/15 17:13:20 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/04/15 17:13:20 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/04/15 12:15:01 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/15 09:29:35 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/15 09:29:27 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/15 09:29:24 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/15 09:29:12 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/15 09:29:12 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/15 09:29:11 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/04/15 09:29:10 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/15 09:29:10 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/15 09:29:09 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/15 09:28:25 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/04/15 09:28:20 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/04/15 09:27:46 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/04/15 08:47:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/15 08:40:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/15 08:40:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/15 08:40:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/15 08:40:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/15 08:38:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/15 08:36:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/13 16:41:07 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/09 09:27:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/04/04 20:00:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\B________\IECompatCache
[2010/04/04 19:58:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\B________\PrivacIE
[2010/04/04 18:46:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\B________\IETldCache
[2010/04/04 18:41:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/04 18:40:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/04 18:40:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/04 18:38:45 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/04 18:38:45 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/04 18:38:44 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/01 00:28:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/01 00:28:50 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/01 00:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/31 23:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/03/31 23:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B________\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/31 23:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/31 23:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/31 21:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/03/31 21:19:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/03/31 20:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/03/31 20:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/31 14:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2006/11/13 20:54:52 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/22 18:06:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/22 17:19:28 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/22 17:19:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/22 17:19:18 | 2145,435,648 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/22 12:21:28 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\B________\Desktop\topic310410.url
[2010/04/22 12:14:54 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B________\Desktop\OTL.exe
[2010/04/22 09:51:09 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/04/22 02:06:43 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\B________\Desktop\ignh75iy.exe
[2010/04/22 02:02:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/22 01:24:19 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2010/04/22 01:24:19 | 000,055,700 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2010/04/22 01:24:19 | 000,055,700 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2010/04/22 01:24:19 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/04/22 01:24:19 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/04/22 01:24:06 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\B________\NTUSER.DAT
[2010/04/22 01:24:06 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\B________\ntuser.ini
[2010/04/22 01:23:58 | 002,645,052 | -H-- | M] () -- C:\Documents and Settings\B________\Local Settings\Application Data\IconCache.db
[2010/04/17 09:47:38 | 000,050,257 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/16 20:14:26 | 000,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - B________.job
[2010/04/16 17:43:37 | 000,085,648 | ---- | M] () -- C:\Documents and Settings\B________\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/16 15:02:16 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/16 03:00:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/15 17:36:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/15 17:20:29 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/04/15 17:19:34 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010/04/15 17:13:45 | 000,004,338 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/15 15:53:09 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\B________\UnifiedToolbarCleanup.bat
[2010/04/15 15:50:37 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/15 15:50:37 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/15 15:50:36 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/15 09:40:54 | 000,307,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/15 08:38:07 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/09 15:12:11 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\B________\Desktop\Darin cover letter.doc
[2010/04/09 09:43:12 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\B________\Desktop\task mgr safe.bmp
[2010/04/09 08:40:52 | 000,000,162 | -H-- | M] () -- C:\~$Normal.dot
[2010/04/09 08:35:32 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 21:55:58 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\B________\My Documents\Investments overview.xls
[2010/04/01 21:54:09 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\B________\My Documents\Sweep Balance.xls
[2010/04/01 21:20:36 | 016,684,327 | ---- | M] () -- C:\Documents and Settings\B________\Desktop\benchmark2010final.pdf
[2010/04/01 18:54:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/31 19:11:31 | 000,000,791 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 11:02:36 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/03/26 11:02:36 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/03/26 11:02:36 | 000,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/03/26 11:02:36 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/22 02:06:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\B________\Desktop\ignh75iy.exe
[2010/04/22 01:23:27 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\B________\Desktop\topic310410.url
[2010/04/16 18:27:28 | 2145,435,648 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/16 15:02:16 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/15 17:13:20 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/04/15 17:13:20 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/04/15 15:53:09 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\B________\UnifiedToolbarCleanup.bat
[2010/04/09 15:12:06 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\B________\Desktop\Darin cover letter.doc
[2010/04/09 09:43:12 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\B________\Desktop\task mgr safe.bmp
[2010/04/09 08:40:52 | 000,000,162 | -H-- | C] () -- C:\~$Normal.dot
[2010/04/01 21:20:29 | 016,684,327 | ---- | C] () -- C:\Documents and Settings\B________\Desktop\benchmark2010final.pdf
[2010/04/01 00:28:55 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/31 23:04:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/12 09:37:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/01/31 17:50:04 | 000,000,158 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2009/01/31 17:50:03 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/01/31 17:42:01 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2008/08/04 22:04:50 | 000,000,594 | -HS- | C] () -- C:\WINDOWS\System32\ayyoobui.ini
[2008/08/02 17:40:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\idqllrqy.dll
[2008/08/02 17:38:53 | 000,000,474 | -HS- | C] () -- C:\WINDOWS\System32\ywavajck.ini
[2008/07/24 19:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\arkcmd.dll
[2008/07/24 19:00:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\vdyuipoa.dll
[2008/07/23 18:05:44 | 001,686,281 | -HS- | C] () -- C:\WINDOWS\System32\bfipjavx.ini
[2008/07/23 18:02:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\qvtdek.dll
[2008/07/23 18:02:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ysuhquwc.dll
[2008/07/22 18:39:58 | 001,685,652 | -HS- | C] () -- C:\WINDOWS\System32\jmomwcte.ini
[2008/07/22 18:37:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ydgchu.dll
[2008/07/22 18:37:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\qmgeghte.dll
[2008/07/21 17:52:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lqosuh.dll
[2008/07/21 17:52:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\kkbyikoh.dll
[2008/07/21 17:50:40 | 001,688,955 | -HS- | C] () -- C:\WINDOWS\System32\ifrkrdmx.ini
[2008/07/20 14:01:38 | 001,688,835 | -HS- | C] () -- C:\WINDOWS\System32\ufgsssfy.ini
[2008/07/13 19:47:34 | 001,688,724 | -HS- | C] () -- C:\WINDOWS\System32\vvdsnase.ini
[2008/07/12 19:45:23 | 001,774,726 | -HS- | C] () -- C:\WINDOWS\System32\llnubhes.ini
[2008/07/11 19:45:51 | 002,800,078 | -HS- | C] () -- C:\WINDOWS\System32\gtksufab.ini
[2008/07/10 19:48:12 | 002,745,025 | -HS- | C] () -- C:\WINDOWS\System32\mtogncrr.ini
[2008/07/09 19:44:03 | 002,809,227 | -HS- | C] () -- C:\WINDOWS\System32\dfqaygjl.ini
[2008/07/09 19:43:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ghcbtktb.dll
[2008/07/07 18:47:06 | 003,460,005 | -HS- | C] () -- C:\WINDOWS\System32\ayyqoaau.ini
[2008/07/06 12:35:01 | 001,702,663 | -HS- | C] () -- C:\WINDOWS\System32\rjfdrjdw.ini
[2008/07/05 17:15:14 | 001,589,237 | -HS- | C] () -- C:\WINDOWS\System32\ysoroqdl.ini
[2008/07/05 11:14:55 | 001,589,075 | -HS- | C] () -- C:\WINDOWS\System32\unjexwxn.ini
[2007/10/13 11:30:42 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2007/07/30 22:49:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/21 17:48:24 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/03 19:43:59 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/11/24 11:03:21 | 000,004,076 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/11/24 11:03:21 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8F2219AC2C.sys
[2006/11/23 12:06:47 | 000,000,719 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/11/13 21:27:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/13 21:14:40 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/13 21:12:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/13 20:49:39 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/11/13 20:49:39 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/11/13 20:49:39 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/11/13 20:49:38 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/11/13 20:48:43 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/11/13 20:47:46 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 02:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/04/15 17:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/09/18 16:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2009/02/01 19:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2009/11/01 09:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/12/03 11:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2007/05/05 15:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/31 18:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/23 12:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/11/13 21:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/03/31 14:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/06/14 19:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\Blackberry Desktop
[2010/03/31 23:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/09/01 12:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\Leadertech
[2009/06/14 19:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\Research In Motion
[2007/01/21 15:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\Smart Recorder
[2007/07/28 10:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\Uniblue
[2008/03/31 18:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\Viewpoint
[2006/11/23 12:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\WildTangent
[2009/05/01 19:23:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1233442209.job
[2010/04/22 02:02:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/04/15 08:36:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/04/15 08:36:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/04/15 08:36:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/04/15 08:36:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/04/15 08:36:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/04/15 08:36:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/07/06 05:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\drivers\storage\onboard\iastor.sys
[2006/07/06 07:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\i386\iaStor.sys
[2006/07/06 07:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2006/07/06 07:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\drivers\iaStor.sys
[2006/07/06 05:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\iaStor.sys
[2006/07/06 08:01:32 | 000,484,864 | ---- | M] (Intel Corporation) MD5=6A3C354BFC163B81F6EF2FC421280DB5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/24 08:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/03/26 11:02:36 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS
[2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\virgx shares.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\The basic keyboard controls required to play the game are.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\Sweep Balance.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\Random comments.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\pc shirts.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\Investments overview.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\Hanor Concerns.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\Copy of 2008 Budget Numbers.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\Brenda Reichle_PTR Offer_PigC_Dec 2007.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\1 year.jpg:Roxio EMC Stream
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F
< End of report >



OTL Extras logfile created on: 4/22/2010 05:40:39 PM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\B________\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.17 Gb Total Space | 256.15 Gb Free Space | 87.08% Space Free | Partition Type: NTFS
Drive D: | 673.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: B__
Current User Name: B________
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\UPnP\yupnpsrv.exe" = C:\Program Files\Yahoo!\UPnP\yupnpsrv.exe:*:Enabled:Yahoo! UPnP AV Media Server -- (Yahoo!)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 Gold -- (Firaxis Games)
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe" = C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization 4 Gold\Warlords\Civ4Warlords.exe:*:Enabled:Sid Meier's Civilization 4: Warlords -- (Firaxis Games)
"C:\DOCUME~1\B_____~1\LOCALS~1\Temp\pinnew.exe" = C:\DOCUME~1\B_____~1\LOCALS~1\Temp\pinnew.exe:*:Enabled:Enabled -- File not found
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\startrekdac\Bin\StarTrekDAC.exe" = C:\Program Files\Steam\steamapps\common\startrekdac\Bin\StarTrekDAC.exe:*:Enabled:Star Trek DAC -- ()
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Pure Networks, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}" = Intel® PRO Network Connections
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon
"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security
"{1619204B-7F8C-4293-B342-5345721F4A1F}_is1" = GTR 2 1.0.0.0
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 20
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3846E811-639D-4DE1-844B-30491C0A6C0C}" = Dell Support 3.2
"{3B29A786-5803-4E9E-9B58-3014A5B4E519}" = Norton AntiSpam
"{3F619B62-0F6D-4747-B778-D7E965994041}" = VideoAdvantage
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55502C49-F061-428C-BF26-06ECDFB3AC29}" = Sid Meier's Civilization 4 Gold
"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{61220C7D-36E9-45A4-8E8B-AF8C3FE1D37F}" = BlackBerry Device Software v4.7.0 for the BlackBerry 9530 smartphone
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{8043219B-D2C0-4561-90AB-3F1113ED5A87}" = Zeus & Poseidon
"{821DABD6-26F2-49E5-AE55-40A589ADBE6D}" = Pharaoh and Cleopatra
"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center
"{82DFB852-9594-4668-9C66-28BB6E94BCB2}" = HP Photo and Imaging 1.0 - PSC 2000 Series
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}" = Readiris 7.5
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3365448-B694-468D-BBF0-D7A4CCDF955F}" = BlackBerry® Media Sync
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{ABDC7CFA-FEB4-4743-A18A-D549571F0B2A}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9530 smartphone
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{ADE91A13-434D-4229-00BC-182BAD607303}" = Need for Speed™ Most Wanted
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer Express
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C41F4616-44B6-4E8D-BFC7-4267862A2CE1}" = CinepPlayer 30 Update
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E85FA9A1-C241-4698-893B-DD99509B8DB0}" = Norton WMI Update
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{ED93995E-8BF2-480F-8EA4-7D29E29A7052}" = HP Photo and Imaging 1.0 - PSC 2000 Series Drivers
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FFB4DD53-28B7-4981-BFF0-9BD801F61095}" = Norton Internet Security
"989E4C3B-B2C9-4486-9A09-D5A8F953837C" = Bejeweled 2 Deluxe
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1
"Caesar 3" = Caesar 3
"CCleaner" = CCleaner (remove only)
"Chicken Invaders 3_is1" = Chicken Invaders 3
"Conexant Video Capture Driver" = Conexant Video Capture Driver
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Dell Game Console" = Dell Game Console
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Floppy Disk Manager" = Floppy Disk Manager
"hp psc 2200 series_Driver" = hp psc 2200 series
"ie8" = Windows Internet Explorer 8
"IL-2 Sturmovik" = IL-2 Sturmovik
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MS Access 97 SP2" = MS Access 97 SP2
"Musicmatch MCE" = Musicmatch MCE
"NVIDIA Drivers" = NVIDIA Drivers
"Peggle Deluxe 1.0" = Peggle Deluxe 1.0
"Platypus" = Platypus
"PSC 2000 Series" = HP Photo and Imaging 1.0 - PSC 2000 Series
"RealPlayer 6.0" = RealPlayer Basic
"Ricochet Infinity_is1" = Ricochet Infinity
"SimCity 3000 Unlimited" = SimCity 3000 Unlimited
"Slacker USB Station Refresher" = Slacker USB Station Refresher
"Steam App 4320" = Star Trek DAC
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Swarm Gold_is1" = Swarm Gold
"SymSetup.{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security 2006 (Symantec Corporation)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft II BNE" = Warcraft II BNE
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wise Disk Cleaner_is1" = Wise Disk Cleaner 4.84
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/15/2010 10:27:19 AM | Computer Name = B__ | Source = Application Error | ID = 1000
Description = Faulting application hpobnz08.exe, version 2.0.0.0, faulting module
hpodvd08.dll, version 0.0.0.0, fault address 0x00006690.

Error - 4/15/2010 11:20:10 AM | Computer Name = B__ | Source = Application Error | ID = 1000
Description = Faulting application hpobnz08.exe, version 2.0.0.0, faulting module
hpodvd08.dll, version 0.0.0.0, fault address 0x00006690.

Error - 4/15/2010 06:34:59 PM | Computer Name = B__ | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_35_0_1000.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 4/16/2010 06:03:31 PM | Computer Name = B__ | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2010 06:18:51 PM | Computer Name = B__ | Source = Application Hang | ID = 1002
Description = Hanging application NMain.exe, version 104.0.1.17, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2010 07:33:06 PM | Computer Name = B__ | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/16/2010 11:12:10 PM | Computer Name = B__ | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
remote procedure call failed and did not execute. ). Group Policy processing aborted.


Error - 4/17/2010 12:57:20 AM | Computer Name = B__ | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
remote procedure call failed and did not execute. ). Group Policy processing aborted.


Error - 4/22/2010 01:11:36 PM | Computer Name = B__ | Source = Application Hang | ID = 1002
Description = Hanging application NMain.exe, version 104.0.1.17, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/22/2010 01:19:59 PM | Computer Name = B__ | Source = Application Hang | ID = 1002
Description = Hanging application NMain.exe, version 104.0.1.17, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 4/16/2010 09:52:49 PM | Computer Name = B__ | Source = Service Control Manager | ID = 7000
Description = The Retrospect Launcher service failed to start due to the following
error: %%121

Error - 4/16/2010 09:52:49 PM | Computer Name = B__ | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 4/17/2010 10:45:48 AM | Computer Name = B__ | Source = Service Control Manager | ID = 7000
Description = The Retrospect Launcher service failed to start due to the following
error: %%121

Error - 4/17/2010 10:45:48 AM | Computer Name = B__ | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 4/17/2010 10:49:04 AM | Computer Name = B__ | Source = System Error | ID = 1003
Description = Error code 0000004e, parameter1 00000007, parameter2 00006c22, parameter3
00000002, parameter4 00000000.

Error - 4/22/2010 02:25:49 AM | Computer Name = B__ | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer3.

Error - 4/22/2010 03:00:31 AM | Computer Name = B__ | Source = Service Control Manager | ID = 7000
Description = The Retrospect Launcher service failed to start due to the following
error: %%121

Error - 4/22/2010 03:00:31 AM | Computer Name = B__ | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 4/22/2010 07:05:31 PM | Computer Name = B__ | Source = Service Control Manager | ID = 7000
Description = The Retrospect Launcher service failed to start due to the following
error: %%121

Error - 4/22/2010 07:05:31 PM | Computer Name = B__ | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.


< End of report >



#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:58 AM

Posted 22 April 2010 - 07:20 PM

Hi aanight,

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    CODE
    :OTL
    O3 - HKLM\..\Toolbar: (no name) - {20EE85B7-6C5C-4083-B703-C0E7D76AC8E3} - No CLSID value found.
    O20 - AppInit_DLLs: (wnydby.dll) - File not found
    O33 - MountPoints2\{5b4bfdda-f7b7-11de-8fe1-001676c25166}\Shell\AutoRun\command - "" = K:\mybatchfile.bat -- File not found
    [2008/08/04 22:04:50 | 000,000,594 | -HS- | C] () -- C:\WINDOWS\System32\ayyoobui.ini
    [2008/08/02 17:40:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\idqllrqy.dll
    [2008/08/02 17:38:53 | 000,000,474 | -HS- | C] () -- C:\WINDOWS\System32\ywavajck.ini
    [2008/07/24 19:00:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\arkcmd.dll
    [2008/07/24 19:00:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\vdyuipoa.dll
    [2008/07/23 18:05:44 | 001,686,281 | -HS- | C] () -- C:\WINDOWS\System32\bfipjavx.ini
    [2008/07/23 18:02:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\qvtdek.dll
    [2008/07/23 18:02:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ysuhquwc.dll
    [2008/07/22 18:39:58 | 001,685,652 | -HS- | C] () -- C:\WINDOWS\System32\jmomwcte.ini
    [2008/07/22 18:37:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ydgchu.dll
    [2008/07/22 18:37:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\qmgeghte.dll
    [2008/07/21 17:52:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\lqosuh.dll
    [2008/07/21 17:52:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\kkbyikoh.dll
    [2008/07/21 17:50:40 | 001,688,955 | -HS- | C] () -- C:\WINDOWS\System32\ifrkrdmx.ini
    [2008/07/20 14:01:38 | 001,688,835 | -HS- | C] () -- C:\WINDOWS\System32\ufgsssfy.ini
    [2008/07/13 19:47:34 | 001,688,724 | -HS- | C] () -- C:\WINDOWS\System32\vvdsnase.ini
    [2008/07/12 19:45:23 | 001,774,726 | -HS- | C] () -- C:\WINDOWS\System32\llnubhes.ini
    [2008/07/11 19:45:51 | 002,800,078 | -HS- | C] () -- C:\WINDOWS\System32\gtksufab.ini
    [2008/07/10 19:48:12 | 002,745,025 | -HS- | C] () -- C:\WINDOWS\System32\mtogncrr.ini
    [2008/07/09 19:44:03 | 002,809,227 | -HS- | C] () -- C:\WINDOWS\System32\dfqaygjl.ini
    [2008/07/09 19:43:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ghcbtktb.dll
    [2008/07/07 18:47:06 | 003,460,005 | -HS- | C] () -- C:\WINDOWS\System32\ayyqoaau.ini
    [2008/07/06 12:35:01 | 001,702,663 | -HS- | C] () -- C:\WINDOWS\System32\rjfdrjdw.ini
    [2008/07/05 17:15:14 | 001,589,237 | -HS- | C] () -- C:\WINDOWS\System32\ysoroqdl.ini
    [2008/07/05 11:14:55 | 001,589,075 | -HS- | C] () -- C:\WINDOWS\System32\unjexwxn.ini

    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

STEP 2 - MBAM

Open Malwarebyte''s Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 aanight

aanight
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 April 2010 - 02:53 AM

I ran the OTL fix and rebooted, MBAM and rebooted (It found and removed one instance of the same malware it found and removed in the previous scan.), and, finally, the Kaspersky Online scan.

Here are the MBAM and Kaspersky logs:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4024

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/22/2010 11:32:47 PM
mbam-log-2010-04-22 (23-32-47).txt

Scan type: Quick scan
Objects scanned: 112793
Time elapsed: 3 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, April 23, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, April 23, 2010 01:28:25
Records in database: 3969626
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 104733
Threats found: 23
Infected objects found: 26
Suspicious objects found: 0
Scan duration: 01:21:41


File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\088C2CAE.exe Infected: Trojan-Clicker.Win32.Delf.buk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AD717A5.exe Infected: Trojan-Clicker.Win32.Delf.bux 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F321F5E.exe Infected: Trojan-Clicker.Win32.Delf.buk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\109A0A1E.exe Infected: Trojan-Clicker.Win32.Delf.buv 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16811AB8.exe Infected: Trojan-PSW.Win32.LdPinch.abyt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\168444B4.exe Infected: Trojan-PSW.Win32.LdPinch.abyt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\189865DC.exe Infected: Trojan-Clicker.Win32.Delf.buy 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19F36189.exe Infected: Trojan-Clicker.Win32.Delf.buk 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A26389E.exe Infected: Trojan-Dropper.Win32.Mudrop.vg 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B045FAA.exe Infected: Trojan-Clicker.Win32.Delf.bxe 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C0C4104.exe Infected: Trojan-Clicker.Win32.Delf.buq 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\345B5CB5.tmp Infected: Trojan-Dropper.Win32.VB.amii 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36C22F57.exe Infected: Trojan-Downloader.Win32.Small.ageu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\379D7D03.exe Infected: Trojan-Clicker.Win32.Agent.gll 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38E41975.exe Infected: Trojan-Downloader.Win32.Banload.aaln 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\405577C6.exe Infected: Trojan-PSW.Win32.LdPinch.gon 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\405821C3.exe Infected: Trojan-Clicker.Win32.Delf.bup 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\405C4BBF.exe Infected: Trojan-Clicker.Win32.Delf.bus 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\405F75BC.exe Infected: Trojan-Downloader.Win32.Banload.aalo 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\45AA21EF.exe Infected: Trojan-Clicker.Win32.Delf.buw 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4605370A.tmp Infected: Packed.Win32.Krap.x 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\538B7ABE.tmp Infected: Backdoor.Win32.Bredolab.bly 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61E9448C.exe Infected: Trojan-Spy.Win32.Zbot.lcd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\623828A2.exe Infected: Trojan.Win32.Buzus.aiyl 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\684F7AC7.exe Infected: Trojan-Clicker.Win32.Delf.bur 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71D51F03.exe Infected: Trojan-Clicker.Win32.Delf.buu 1

Selected area has been scanned.



Thanks again!

#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:58 AM

Posted 23 April 2010 - 09:49 AM

Hi,

How is your computer running now? I don't see any trace of nasties running around inside. ;)

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 aanight

aanight
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 April 2010 - 02:35 PM

I really appreciate all of your help, mpascal!

Honestly, I'm not sure how well the computer is doing; perhaps most of the malware had been taken care of previously or something is still lurking or it is a hardware problem or something else because many of the peculiarities I've been having persist.

The computer is seemingly running quite well right now, but it still takes +30 minutes to start up properly after a restart (?!!) and the discolored pixels remain. Furthermore, I updated MBAM and ran a quick scan once again, and it found and supposedly removed two instances of the Disabled.SecurityCenter it had previously been finding.

To elaborate on the above, when restarting the computer, the discolored pixels show up immediately on the Dell and Windows loading screens, but, otherwise, it seems to load everything normally and quickly. That is, until when you would normally see the desktop icons and Start bar appear. It just hangs with a blank blue screen. I thought it was completely locking up, but you can quickly access the task manager via ctrl-alt-del and then force explorer.exe to load. This isn't much of a solution, however, as desktop links are accessible, but the Start Menu, task bar, and main Windows Explorer hubs are inaccessible and overall performance is terribly sluggish until, eventually, everything loads properly. If left alone for nearly an hour, the blank blue screen will eventually give way to a fully loaded Desktop and Explorer with good performance.

As an example of the discolored pixels, I have attached a screen shot of MBAM during that last scan after I clicked-and-dragged it around the desktop in circular motions. I'll also include the log from that last MBAM scan below.



Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4026

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/23/2010 12:18:12 PM
mbam-log-2010-04-23 (12-18-12).txt

Scan type: Quick scan
Objects scanned: 114962
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:58 AM

Posted 23 April 2010 - 03:15 PM

So everything boots fine, except after you log in?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 aanight

aanight
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 April 2010 - 03:38 PM

Maybe? Haha. It's a little hard to tell. The pixel issue is definitely pre-login. Also, XP is set to load the sole, default account on the computer on start up, so I never see an actual explicit login. I see a 'Welcome' screen briefly, and then blank blue for a long time. The current desktop wallpaper is the same plain blue.

Could something be specifically causing Norton to load extremely slowly on start up, dragging everything else down with it? (My current completely speculative theory....)

#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:58 AM

Posted 23 April 2010 - 03:45 PM

That's one possibility. Try going Start -> Run and type msconfig. Try disabling some of the Norton Services there and see if that helps.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 aanight

aanight
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 April 2010 - 04:25 PM

I disabled the ~13 services I could identify as Symantec, and the computer started up and loaded the desktop in less than a minute! Unfortunately, the Start Menu, task bar, and main Windows Explorer hubs (My Computer,...) are still inaccessible, and programs run sluggishly and lock up until whatever it is about the problematic start-up loading finally finishes.

This is all similar to when I've forced a reload of Explorer.exe from the task manager at start up. Whatever it is holding everything up at start up is relentless.

Also, I updated the display drivers of the graphics card (2006-->2007...), but no noticeable changes with the pixel problem.

#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:58 AM

Posted 23 April 2010 - 04:30 PM

Open up OTL and push the Quickscan button. Post the resulting log here.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 aanight

aanight
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 April 2010 - 05:25 PM

Here's the OTL log:

OTL logfile created on: 4/23/2010 05:14:21 PM - Run 2
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\B________\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.17 Gb Total Space | 255.95 Gb Free Space | 87.01% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: B__
Current User Name: B________
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\B________\Desktop\TLO.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE (Symantec Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\CTXFIHLP.EXE (Creative Technology Ltd)
PRC - C:\WINDOWS\system32\CTXFISPI.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Common Files\Symantec Shared\NMain.exe (Symantec Corporation)
PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\B________\Desktop\TLO.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)


========== Win32 Services (SafeList) ==========

SRV - (RetroLauncher) -- File not found
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (GameConsoleService) -- C:\Program Files\WildTangent\Apps\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (navapsvc) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (Symantec Corporation)
SRV - (ccISPwdSvc) -- C:\Program Files\Norton Internet Security\ccPwdSvc.exe (Symantec Corporation)
SRV - (comHost) -- C:\Program Files\Norton Internet Security\comHost.exe (Symantec Corporation)
SRV - (NSCService) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (SAVScan) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (Symantec Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100423.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100423.002\NAVENG.SYS (Symantec Corporation)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20100415.001\SymIDSCo.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GcKernel) -- C:\WINDOWS\system32\drivers\gckernel.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (ha20x2k) -- C:\WINDOWS\system32\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (SAVRT) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (CX23880) -- C:\WINDOWS\system32\drivers\cx88vid.sys (Conexant Systems, Inc.)
DRV - (CX88XBAR) -- C:\WINDOWS\system32\drivers\cx88xbar.sys (Conexant Systems, Inc.)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061113
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061113

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{55DFB500-63D9-4B14-9657-460B9BA63AA8}: C:\Documents and Settings\B________\Local Settings\Application Data\{55DFB500-63D9-4B14-9657-460B9BA63AA8} [2009/01/17 19:37:49 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/04/15 17:20:29 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Internet Security 2006) - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CTDVDDET] C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O15 - HKCU\..Trusted Domains: excite.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: excite.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: farms.com ([ames] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://www.imgag.com/kiw/toolbar/download/...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.168.12 97.64.179.251
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: IPC Configuration Utility - IPC Configuration Utility - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/04/23 17:13:31 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\B________\Desktop\TLO.exe
[2010/04/23 14:38:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/22 22:42:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/16 15:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B________\Application Data\SUPERAntiSpyware.com
[2010/04/16 15:02:13 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/15 17:40:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/15 17:38:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/15 17:13:20 | 000,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2010/04/15 17:13:20 | 000,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2010/04/15 17:13:20 | 000,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2010/04/15 17:13:20 | 000,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2010/04/15 17:13:20 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2010/04/15 17:13:20 | 000,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2010/04/15 17:13:20 | 000,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2010/04/15 17:13:20 | 000,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2010/04/15 17:13:20 | 000,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2010/04/15 17:13:20 | 000,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2010/04/15 17:13:20 | 000,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2010/04/15 08:47:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/15 08:40:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/15 08:40:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/15 08:40:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/15 08:40:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/15 08:38:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/15 08:36:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/09 09:27:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/04/04 20:00:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\B________\IECompatCache
[2010/04/04 19:58:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\B________\PrivacIE
[2010/04/04 18:46:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\B________\IETldCache
[2010/04/04 18:41:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/04 18:40:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/04 18:40:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/01 00:28:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/01 00:28:50 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/01 00:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/31 23:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/03/31 23:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B________\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/03/31 23:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/03/31 23:04:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/31 21:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/03/31 21:19:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2010/03/31 20:50:49 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/03/31 20:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/03/31 14:21:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/01/31 18:21:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B________\Desktop\BB Pics
[2010/01/23 20:08:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B________\Local Settings\Application Data\Slacker
[2010/01/23 20:08:06 | 000,000,000 | ---D | C] -- C:\Program Files\Slacker
[2006/11/13 20:54:52 | 000,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 90 Days ==========

[2010/04/23 17:13:33 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B________\Desktop\TLO.exe
[2010/04/23 17:12:50 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\B________\Desktop\topic310410.url
[2010/04/23 17:08:58 | 000,000,877 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/23 17:08:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/23 17:08:58 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/04/23 17:08:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/23 16:09:46 | 000,054,308 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/23 16:09:25 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/23 16:09:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/23 16:09:19 | 2145,435,648 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/23 16:08:13 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\B________\NTUSER.DAT
[2010/04/23 16:08:13 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2010/04/23 16:08:13 | 000,055,700 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2010/04/23 16:08:13 | 000,055,700 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000004-00001102-00000005-10031102}.rfx
[2010/04/23 16:08:13 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/04/23 16:08:13 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/04/23 14:54:57 | 000,828,052 | -H-- | M] () -- C:\Documents and Settings\B________\Local Settings\Application Data\IconCache.db
[2010/04/23 14:42:11 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\B________\Desktop\CCleaner.lnk
[2010/04/23 12:18:36 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\B________\ntuser.ini
[2010/04/23 09:54:51 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/04/23 01:30:08 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/04/16 20:14:26 | 000,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - B________.job
[2010/04/16 17:43:37 | 000,085,648 | ---- | M] () -- C:\Documents and Settings\B________\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/16 03:00:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/15 17:36:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/15 17:20:29 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/04/15 17:13:45 | 000,004,338 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2010/04/15 15:53:09 | 000,000,310 | ---- | M] () -- C:\Documents and Settings\B________\UnifiedToolbarCleanup.bat
[2010/04/15 15:50:37 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/15 15:50:37 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/15 15:50:36 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/15 09:40:54 | 000,307,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/15 08:38:07 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/09 15:12:11 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\B________\Desktop\Darin cover letter.doc
[2010/04/09 09:43:12 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\B________\Desktop\task mgr safe.bmp
[2010/04/09 08:40:52 | 000,000,162 | -H-- | M] () -- C:\~$Normal.dot
[2010/04/09 08:35:32 | 000,000,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 21:55:58 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\B________\My Documents\Investments overview.xls
[2010/04/01 21:54:09 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\B________\My Documents\Sweep Balance.xls
[2010/04/01 21:20:36 | 016,684,327 | ---- | M] () -- C:\Documents and Settings\B________\Desktop\benchmark2010final.pdf
[2010/04/01 18:54:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/31 19:11:31 | 000,000,791 | ---- | M] () -- C:\WINDOWS\orun32.ini
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 11:02:36 | 000,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/03/26 11:02:36 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/03/26 11:02:36 | 000,010,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/03/26 11:02:36 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/02/28 15:46:34 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/02/28 13:56:22 | 001,550,819 | ---- | M] () -- C:\Documents and Settings\B________\My Documents\Backup-(2010-02-28).ipd
[2010/01/26 11:47:32 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\B________\Desktop\Trimble PigCHAMP rev.doc

========== Files Created - No Company Name ==========

[2010/04/23 14:54:15 | 000,135,089 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2010/04/22 01:23:27 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\B________\Desktop\topic310410.url
[2010/04/16 18:27:28 | 2145,435,648 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/15 17:13:20 | 000,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2010/04/15 17:13:20 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2010/04/15 15:53:09 | 000,000,310 | ---- | C] () -- C:\Documents and Settings\B________\UnifiedToolbarCleanup.bat
[2010/04/09 15:12:06 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\B________\Desktop\Darin cover letter.doc
[2010/04/09 09:43:12 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\B________\Desktop\task mgr safe.bmp
[2010/04/09 08:40:52 | 000,000,162 | -H-- | C] () -- C:\~$Normal.dot
[2010/04/01 21:20:29 | 016,684,327 | ---- | C] () -- C:\Documents and Settings\B________\Desktop\benchmark2010final.pdf
[2010/04/01 00:28:55 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/31 23:04:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/28 13:56:22 | 001,550,819 | ---- | C] () -- C:\Documents and Settings\B________\My Documents\Backup-(2010-02-28).ipd
[2010/01/26 11:47:32 | 000,103,424 | ---- | C] () -- C:\Documents and Settings\B________\Desktop\Trimble PigCHAMP rev.doc
[2009/10/12 09:37:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2009/08/03 01:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 01:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 01:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/01/31 17:50:04 | 000,000,158 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2009/01/31 17:50:03 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/01/31 17:42:01 | 000,552,960 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2007/10/13 11:30:42 | 000,000,152 | ---- | C] () -- C:\WINDOWS\CoolPlay.ini
[2007/07/30 22:49:40 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/21 17:48:24 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/12/03 19:43:59 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2006/11/24 11:03:21 | 000,004,076 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/11/24 11:03:21 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8F2219AC2C.sys
[2006/11/23 12:06:47 | 000,000,719 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/11/13 21:27:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/13 21:14:40 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/13 21:12:09 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/13 20:49:39 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/11/13 20:49:39 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/11/13 20:49:39 | 000,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/11/13 20:49:38 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2006/11/13 20:47:46 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 02:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/01/28 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2010/04/15 17:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2007/09/18 16:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterAction studios
[2009/02/01 19:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2009/11/01 09:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2007/12/03 11:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2007/05/05 15:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/03/31 18:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/23 12:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2006/11/13 21:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/03/31 14:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/06/14 19:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\Blackberry Desktop
[2010/03/31 23:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2007/09/01 12:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\Leadertech
[2009/06/14 19:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\Research In Motion
[2007/01/21 15:54:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\Smart Recorder
[2007/07/28 10:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\Uniblue
[2008/03/31 18:56:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\Viewpoint
[2006/11/23 12:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B________\Application Data\WildTangent
[2009/05/01 19:23:05 | 000,000,350 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1233442209.job
[2010/04/23 01:30:08 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\virgx shares.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\The basic keyboard controls required to play the game are.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\Sweep Balance.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\Random comments.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\pc shirts.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\Investments overview.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\Hanor Concerns.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\Copy of 2008 Budget Numbers.xls:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\Brenda Reichle_PTR Offer_PigC_Dec 2007.doc:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\B________\My Documents\1 year.jpg:Roxio EMC Stream
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF5194F
< End of report >


#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:58 AM

Posted 23 April 2010 - 05:55 PM

QUOTE
Unfortunately, the Start Menu, task bar, and main Windows Explorer hubs (My Computer,...) are still inaccessible

Not sure I understand, what do you mean by them being inaccessible?

QUOTE
programs run sluggishly and lock up until whatever it is about the problematic start-up loading finally finishes

OK, so your desktop and everything loaded fine, but once it's loaded it takes a while for everything else to load?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 aanight

aanight
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:12:58 AM

Posted 23 April 2010 - 06:56 PM

I'll try to explain the situation better. These problems began with the onslaught of malware previous to my posting here and have persisted throughout the various fixes and scans.

Loading Windows, to a point where files and programs can be easily navigated to and applications can be run without significant slow-down and inevitable crashing, takes an unusually long time. The only reason I know Windows will eventually load properly at all is from experience: countless reboots and frustration in trying to fix it or get it to do something, failing, giving up, and letting it just sit; I come back an hour or two later and it's seemingly fine. It doesn't seem to be doing much of anything at all, though, when it's locked in that plain blue screen after start up for nearly an hour. I wouldn't have thought it was working at all if the screen saver didn't then turn on after a while.

I thought, perhaps, that explorer.exe wasn't loading properly since the computer seemed to be running, but I couldn't see any of the GUI to access or do anything. Accessing the task manager via ctrl-alt-del, I see that explorer.exe is running; I ended its process and then ran explorer.exe again from the task manager. The mouse cursor, desktop icons, and Start Menu / task bar (system tray) appeared. I thought this may be at least a temporary workaround until the overall problem was fixed, but it is a poor one at best: The Start Menu / bar is visible, but moving over it with the mouse cursor results in the cursor becoming a locked hourglass, clicking on it does nothing, no icons appear in the system tray, and the displayed time is frozen at whatever time it was when explorer.exe was loaded. It's innaccessible. It's still loading for some reason, just like the rest of the GUI was until I forced it. Desktop icons are accessible but the results are mixed: Opening or trying to navigate through major navigational hubs such as My Computer result in a locked window with a magnifying glass displayed within it. Opening a text file or running a program such as MBAM works initially, but after a couple of minutes the program or file freezes.

If you then let the computer sit for a half an hour to an hour, then everything unfreezes and will be working properly for the most part, the Start Menu, My Computer, whatever you had opened. This visible-but-'still-loading' state is what I achieved by suppressing the Symantec services. It's not really a solution because you end up having to wait one way or another, and probably even longer this way. So far, the best 'workaround' has been to just angrily wait an hour to use the computer after every restart. This and the discolored pixel issue are the main issues plaguing the computer right now.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users