Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet Explorer / Google redirect [Solved]

Started by CatMad , Dec 06 2009 06:57 PM

  • This topic is locked This topic is locked

#1
CatMad
Posted 06 December 2009 - 06:57 PM

CatMad

    Member

  • Member
  • PipPip
  • 28 posts
I've run TFC, SystemRestore, ERUNT, Malwarebytes (updated today), and RootRepeal. System is still redirecting from Google. Here are the OTL.txt, Extras.txt, mbam and RootRepeal logs.

OTL logfile created on: 12/6/2009 3:27:37 PM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.48 Mb Total Physical Memory | 362.20 Mb Available Physical Memory | 47.69% Memory free
1.44 Gb Paging File | 1.08 Gb Available in Paging File | 75.39% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.63 Gb Total Space | 92.34 Gb Free Space | 85.79% Space Free | Partition Type: NTFS
Drive D: | 4.14 Gb Total Space | 0.62 Gb Free Space | 14.87% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: QAD
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/06 15:20:28 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/10/20 00:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/12 07:36:46 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/07 17:15:07 | 00,600,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2006/07/07 17:14:38 | 00,576,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2005/05/11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/05/11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/05/11 22:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
PRC - [2005/05/11 22:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005/01/12 14:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2005/01/12 14:54:56 | 00,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2004/08/20 15:51:14 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/05/24 11:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe
PRC - [2004/03/04 09:46:24 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2003/08/21 05:15:48 | 00,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/07/14 19:52:44 | 00,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/02/11 21:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/06 15:20:28 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/11/06 18:57:04 | 00,406,896 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\asOEHook.dll
MOD - [2009/07/12 02:02:02 | 00,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 02:02:00 | 00,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\Microsoft.VC90.CRT\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/20 00:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (NIS)
SRV - [2009/10/12 07:36:46 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/03/19 16:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/05/24 11:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://srch-qus10.hpwis.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro.../Pensacola.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 EB 13 C8 5E 71 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\ [2009/12/01 14:17:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ [2009/12/01 14:17:09 | 00,000,000 | ---D | M]


O1 HOSTS File: (161 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.227 antiviraprof2009.microsoft.com
O1 - Hosts: 91.212.127.227 antiviraprof2009.com
O1 - Hosts: 91.212.127.227 www.antiviraprof2009.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.180.150 97.64.187.153
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAV\SASWINLO.dll - C:\Program Files\SUPERAV\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAV\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/26 03:28:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2002/09/10 11:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{de98fd6a-8ed2-11db-a1e0-000c76dc95ed}\Shell - "" = AutoRun
O33 - MountPoints2\{de98fd6a-8ed2-11db-a1e0-000c76dc95ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{de98fd6a-8ed2-11db-a1e0-000c76dc95ed}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/02/04 13:26:16 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (73468417780219904)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/06 15:20:26 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/01 14:15:30 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/01 14:15:30 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/01 14:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/12/01 14:14:48 | 00,361,520 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\symtdi.sys
[2009/12/01 14:14:48 | 00,339,504 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\symtdiv.sys
[2009/12/01 14:14:47 | 00,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.sys
[2009/12/01 14:14:47 | 00,171,056 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymEFA.sys
[2009/12/01 14:14:47 | 00,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtspx.sys
[2009/12/01 14:14:46 | 00,325,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtsp.sys
[2009/12/01 14:14:46 | 00,114,736 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Ironx86.sys
[2009/12/01 14:14:45 | 00,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\cchpx86.sys
[2009/12/01 14:13:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/12/01 14:13:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1101000.013
[2009/12/01 14:13:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/12/01 14:13:41 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/12/01 13:58:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/12/01 13:58:31 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/12/01 13:58:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/12/01 13:56:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2009/12/01 13:56:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/11/29 18:12:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/29 18:12:14 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAV
[2009/11/29 18:12:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/11/29 16:26:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/11/29 16:26:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/29 16:26:47 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 16:26:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 16:26:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/29 16:25:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/29 16:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/29 16:06:04 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/11/29 16:06:02 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/29 16:06:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GeekToGo_Cleaning_Programs
[2009/11/29 16:05:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\GeekToGo_Cleaning_Programs
[2009/11/25 12:06:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\njnuom

========== Files - Modified Within 14 Days ==========

[2009/12/06 15:20:28 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/06 14:58:31 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/06 14:58:29 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/12/06 14:53:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/06 14:53:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/06 14:53:36 | 79,644,6720 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/06 14:52:42 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/12/06 14:52:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/06 14:38:22 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/02 07:04:01 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
[2009/12/01 14:16:15 | 00,819,994 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Cat.DB
[2009/12/01 14:15:30 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/01 14:15:30 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/01 14:15:30 | 00,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/01 14:15:30 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/01 14:15:22 | 00,000,740 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2009/12/01 14:14:52 | 00,001,997 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/12/01 14:13:11 | 00,000,818 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Norton Installation Files.lnk
[2009/11/29 18:12:17 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/29 16:26:52 | 00,000,722 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 16:24:27 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/11/29 15:41:40 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Owner\Desktop\RootRepeal.exe
[2009/11/29 15:38:54 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Owner\Desktop\SysRestorePoint.exe
[2009/11/25 07:07:49 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/23 11:23:44 | 00,001,269 | ---- | M] () -- C:\WINDOWS\win.ini

========== Files Created - No Company Name ==========

[2009/12/06 14:37:39 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/12/01 14:15:49 | 00,819,994 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Cat.DB
[2009/12/01 14:15:30 | 00,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/01 14:15:30 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/01 14:14:52 | 00,001,997 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/12/01 14:14:00 | 00,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymNetV.inf
[2009/12/01 14:14:00 | 00,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymNet.inf
[2009/12/01 14:13:59 | 00,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymEFA.inf
[2009/12/01 14:13:59 | 00,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.inf
[2009/12/01 14:13:59 | 00,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtspx.inf
[2009/12/01 14:13:59 | 00,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtsp.inf
[2009/12/01 14:13:59 | 00,000,743 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Iron.inf
[2009/12/01 14:13:58 | 00,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\ccHPx86.inf
[2009/12/01 14:13:50 | 00,007,774 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\symnetv.cat
[2009/12/01 14:13:50 | 00,007,355 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymNet.cat
[2009/12/01 14:13:49 | 00,007,493 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.cat
[2009/12/01 14:13:49 | 00,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtsp.cat
[2009/12/01 14:13:49 | 00,007,431 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymEFA.cat
[2009/12/01 14:13:49 | 00,007,429 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtspx.cat
[2009/12/01 14:13:49 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\iron.cat
[2009/12/01 14:13:48 | 00,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\cchpx86.cat
[2009/12/01 14:13:47 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\isolate.ini
[2009/12/01 13:56:19 | 00,000,818 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Norton Installation Files.lnk
[2009/11/29 18:12:17 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/11/29 16:26:52 | 00,000,722 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/29 16:24:26 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/06/02 08:38:17 | 00,000,384 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/25 14:25:42 | 00,000,445 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Officejet 5600 series1193325707_PROTOCOL.log
[2008/01/25 14:25:41 | 00,000,364 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Officejet 5600 series1193325707_UI.log
[2008/01/25 14:25:41 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/01/25 14:25:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Officejet 5600 series1193325707_API.log
[2006/01/18 09:44:35 | 00,000,311 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2005/04/22 12:05:30 | 00,010,680 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2005/03/24 10:59:59 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2004/02/04 13:10:20 | 00,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2004/01/28 20:21:05 | 00,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/28 20:21:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/27 04:47:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/27 04:26:18 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/26 07:32:19 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/01/26 07:31:25 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/01/26 07:31:25 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/26 07:27:36 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/01/26 07:23:22 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/26 07:17:11 | 00,029,216 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/26 07:16:36 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/26 07:16:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/26 07:00:28 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/26 06:46:03 | 00,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/26 05:11:29 | 00,002,544 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/01/26 04:56:30 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/26 04:14:16 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/26 04:02:59 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/26 04:02:59 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/26 04:02:33 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/26 03:33:52 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/26 02:11:44 | 00,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/23 02:19:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/07 00:53:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/08 00:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 14:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 12:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1998/01/12 02:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/12/01 13:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2005/04/28 10:17:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/04/16 13:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2009/03/30 12:33:49 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2009/02/09 11:25:08 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2009/11/16 10:20:16 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
[2008/01/25 14:34:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2004/01/27 04:26:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2006/06/08 11:03:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2005/02/10 14:39:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2004/01/26 07:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/02/09 14:56:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\System Tweaker
[2004/05/05 10:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/02/09 11:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2008/05/15 06:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Viewer
[2009/12/02 07:04:01 | 00,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
[2008/04/17 06:07:28 | 00,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/07/19 13:08:12 | 35,604,792 | ---- | M] () -- C:\NISAS05ENG.exe


< MD5 for: AGP440.SYS >
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 12:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003/08/15 20:05:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004/08/03 23:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008/04/13 12:40:30 | 00,096,512 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 18:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 18:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 18:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


OTL Extras logfile created on: 12/6/2009 3:27:37 PM - Run 1
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.48 Mb Total Physical Memory | 362.20 Mb Available Physical Memory | 47.69% Memory free
1.44 Gb Paging File | 1.08 Gb Available in Paging File | 75.39% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.63 Gb Total Space | 92.34 Gb Free Space | 85.79% Space Free | Partition Type: NTFS
Drive D: | 4.14 Gb Total Space | 0.62 Gb Free Space | 14.87% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: QAD
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"30236:TCP" = 30236:TCP:*:Enabled:PORT_30236
"8538:TCP" = 8538:TCP:*:Enabled:PORT_8538
"45723:TCP" = 45723:TCP:*:Enabled:PORT_45723
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{314D1B1F-1C53-489A-91C6-0BCAD7012906}" = AdwareAlert
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{483616D1-867E-46F8-BEC7-3C6475933908}" = Adobe Photoshop Album Starter Edition
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}" = Zone Deluxe Games
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6C117F31-28A8-4477-BE91-64AC0A2204AD}" = Microsoft IntelliPoint 6.01
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E2B5D63-AAFA-40BD-B499-90308E1E2D9E}" = DesignCAD 3D Max 14
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D75915D3-6CFF-445F-A346-18ED6EF2F618}" = Microsoft IntelliType Pro 6.01
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}" = Uniblue RegistryBooster 2009
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BackWeb-1940576 Uninstaller" = Compaq Connections
"Compaq Instant Support" = Compaq Instant Support
"ERUNT_is1" = ERUNT 1.1j
"HP Deskjet 3740 Series_Driver" = HP Deskjet 3740 Series
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{8E2B5D63-AAFA-40BD-B499-90308E1E2D9E}" = DesignCAD 3D MAX 14
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA GART Driver" = NVIDIA GART Driver
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"QuickTime" = QuickTime
"SpamSubtract" = SpamSubtract
"sTile99_is1" = sTile V2.6
"System Tweaker_is1" = Uniblue System Tweaker
"TweakNow PowerPack 2006 Professional_is1" = TweakNow PowerPack 2006 Professional
"Uniblue RegistryBooster 2009" = Uniblue RegistryBooster 2009
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/17/2009 1:57:01 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/17/2009 1:57:01 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/18/2009 8:55:27 AM | Computer Name = QAD | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 11/20/2009 3:44:03 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2009 3:44:03 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2009 3:44:06 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2009 3:44:06 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2009 3:52:12 PM | Computer Name = QAD | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/30/2009 12:18:37 PM | Computer Name = QAD | Source = Automatic LiveUpdate Scheduler | ID = 101
Description =

Error - 12/6/2009 12:49:36 PM | Computer Name = QAD | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x4ec683bd.

[ System Events ]
Error - 12/6/2009 1:18:20 PM | Computer Name = QAD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/6/2009 1:18:20 PM | Computer Name = QAD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/6/2009 1:19:39 PM | Computer Name = QAD | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 12/6/2009 4:18:24 PM | Computer Name = QAD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/6/2009 4:18:24 PM | Computer Name = QAD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/6/2009 4:19:32 PM | Computer Name = QAD | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2

Error - 12/6/2009 4:39:18 PM | Computer Name = QAD | Source = Service Control Manager | ID = 7000
Description = The SABProcEnum service failed to start due to the following error:
%%2

Error - 12/6/2009 4:54:05 PM | Computer Name = QAD | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/6/2009 4:54:05 PM | Computer Name = QAD | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/6/2009 4:55:11 PM | Computer Name = QAD | Source = Service Control Manager | ID = 7000
Description = The mrtRate service failed to start due to the following error: %%2


< End of report >


Malwarebytes' Anti-Malware 1.42
Database version: 3304
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/6/2009 2:12:47 PM
mbam-log-2009-12-06 (14-12-47).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 214786
Time elapsed: 1 hour(s), 55 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/12/06 15:08
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEC9E2000 Size: 49152 File Visible: No Signed: -
Status: -

Name: SYMDS.SYS
Image Path: SYMDS.SYS
Address: 0xF76CE000 Size: 352256 File Visible: No Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xF7690000 Size: 180224 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x83b7e548

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x83b7e5e8

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x83c56490

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x83b734e8

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x83df3450

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xed4cc210

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x83b7eb78

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x83b74470

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x83cc7238

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x83b735a8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xed4cc490

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xed4cc9f0

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x83bb24f0

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x83b726d0

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x83b7e810

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x83b7e8b0

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x83cc51a8

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x83cd9660

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x83b7ead8

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xed4cc7a0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x83e738b0

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x83bb2450

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x83b7d4e8

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x83e7ea90

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x83b74540

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x83b7e688

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x83b72b18

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x83b72bb8

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x83b7d7b0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xed4ccc40

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x83b7d5a8

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x83b72df0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x83b7cf70

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x83b72e90

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x83b72c48

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x83c563e0

==EOF==


Thank you in advance for your help.
  • 0

Advertisements

#2
NeonFx
Posted 06 December 2009 - 11:35 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Hello there :) Welcome to the GeeksToGo forums.
My name is NeonFx. I'll be glad to help you with your computer problems. Logs can take some time to research, so please be patient with me.

Please note the following:

  • The fixes are specific to your problem and should only be used on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clean. Absence of symptoms does not necessarily mean that the system is completely clean.
  • It's often worth reading through these instructions and printing them for ease of reference. I may ask you to boot into Safe Mode where you will be unable to follow my instructions online.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.


Step 1


NOTE: ComboFix should NOT be used without supervision by someone trained in its use. It does a whole lot more to a system than just remove infected files.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop



  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Disabling Security Programs
  • Double click on ComboFix.exe & follow the prompts.

    Note: Combofix will run without the Recovery Console installed.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you please let me know. A increasing number of infections are spreading using Autoplay and leaving it disabled is a good idea.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
  • 0

#3
CatMad
Posted 07 December 2009 - 03:10 AM

CatMad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hello NeonFx thanks for your help. SuperAntiVirus and Norton were both diabled, Combofix was downloaded and run. Windows Recovery Console must have been already installed because I didn't get that window. While Combofix was running I got a popup window that "PEV.exe has encountered a problem and needs to close". Here's the log generated.

ComboFix 09-12-06.09 - Owner 12/07/2009 2:03.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.496 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\NPROTECT
c:\recycler\NPROTECT\00019303.
c:\recycler\NPROTECT\00030740.
c:\windows\Downloaded Program Files\Quarantine
c:\windows\system32\ps2.bat
c:\windows\viassary-hp.reg
D:\Autorun.inf

----- BITS: Possible infected sites -----

hxxp://spftrl.digitalriver.com
hxxp://liveupdate.symantec.com
hxxp://definitions.symantec.com
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys

.
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 00:55 . 2009-12-01 07:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091206.022\NAVENG.SYS
2009-12-07 00:55 . 2009-12-01 07:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091206.022\NAVENG32.DLL
2009-12-07 00:55 . 2009-12-01 07:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091206.022\NAVEX32A.DLL
2009-12-07 00:55 . 2009-12-01 07:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091206.022\NAVEX15.SYS
2009-12-07 00:55 . 2009-12-01 07:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091206.022\EECTRL.SYS
2009-12-07 00:55 . 2009-12-01 07:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091206.022\CCERASER.DLL
2009-12-07 00:55 . 2009-12-01 07:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091206.022\ECMSVR32.DLL
2009-12-07 00:55 . 2009-12-01 07:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091206.022\ERASER.SYS
2009-12-06 18:01 . 2009-12-06 18:01 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-01 20:38 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-12-01 20:38 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-12-01 20:38 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-12-01 20:38 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-12-01 20:38 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-12-01 20:38 . 2009-11-04 23:50 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091104.001\BHRules.dll
2009-12-01 20:38 . 2009-11-04 23:50 663088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091104.001\BHDrvx64.sys
2009-12-01 20:38 . 2009-11-04 23:50 524848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091104.001\BHDrvx86.sys
2009-12-01 20:38 . 2009-11-04 23:50 1413520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091104.001\BHEngine.dll
2009-12-01 20:38 . 2009-11-04 23:50 610704 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091104.001\bbRGen.dll
2009-12-01 20:17 . 2009-10-29 02:31 784752 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
2009-12-01 20:17 . 2009-10-01 09:19 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\IPSFFPl.dll
2009-12-01 20:15 . 2009-12-01 20:15 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-01 20:15 . 2009-12-01 20:15 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-01 20:15 . 2009-12-01 20:15 -------- d-----w- c:\program files\Symantec
2009-12-01 20:14 . 2009-10-09 02:54 466480 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20090911.001\IDSVia64.sys
2009-12-01 20:14 . 2009-10-09 02:54 342576 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20090911.001\IDSVix86.sys
2009-12-01 20:14 . 2009-10-09 02:54 329080 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20090911.001\IDSxpx86.sys
2009-12-01 20:14 . 2009-10-09 02:54 732536 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20090911.001\Scxpx86.dll
2009-12-01 20:14 . 2009-10-09 02:54 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20090911.001\IDSxpx86.dll
2009-12-01 20:14 . 2009-10-05 17:34 929648 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\OCS\hsplayer.dll
2009-12-01 20:14 . 2009-11-07 01:10 893808 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\CLT\cltLMSx.dll
2009-12-01 20:13 . 2009-12-01 20:13 -------- d-----w- c:\windows\system32\drivers\NIS
2009-12-01 20:13 . 2009-12-01 20:13 -------- d-----w- c:\program files\Windows Sidebar
2009-12-01 20:13 . 2009-12-01 20:13 -------- d-----w- c:\program files\Norton Internet Security
2009-12-01 19:58 . 2009-12-01 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-12-01 19:58 . 2009-12-01 19:58 -------- d-----w- c:\program files\NortonInstaller
2009-12-01 19:58 . 2009-12-01 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-01 19:56 . 2009-12-01 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-30 00:12 . 2009-12-03 13:45 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-30 00:12 . 2009-11-30 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-30 00:12 . 2009-11-30 00:12 -------- d-----w- c:\program files\SUPERAV
2009-11-30 00:12 . 2009-11-30 00:12 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-11-29 22:26 . 2009-11-29 22:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-29 22:26 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 22:26 . 2009-12-06 18:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 22:26 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 22:26 . 2009-11-29 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-29 22:24 . 2009-11-29 22:24 -------- d-----w- c:\program files\ERUNT
2009-11-25 18:06 . 2009-11-30 01:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\njnuom
2009-11-16 16:33 . 2009-11-16 16:33 152752 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-16 16:20 . 2009-04-29 09:45 845128 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\58D97068\B74607BA\System.Data.SQLite.dll
2009-11-16 16:20 . 2009-04-29 09:45 771368 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\9966075F\B74607BA\UBSysMan.dll
2009-11-16 16:20 . 2009-04-29 09:45 614696 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\7AEFAE8C\B74607BA\Launcher.exe
2009-11-16 16:20 . 2009-04-29 09:45 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\D720648F\B74607BA\Interop.IWshRuntimeLibrary.dll
2009-11-16 16:20 . 2009-04-29 09:45 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\78B94F67\B74607BA\IsLicense40.dll
2009-11-16 16:20 . 2009-04-29 09:45 474408 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\62A3297F\B74607BA\AvalonCommon.dll
2009-11-16 16:20 . 2009-04-29 09:45 395048 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\C77843B\B74607BA\SUMPBackend.dll
2009-11-16 16:20 . 2009-04-29 09:45 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\4BF757A\B74607BA\IsLicense30.dll
2009-11-16 16:20 . 2009-04-29 09:45 236840 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\683B013A\B74607BA\PowerSuiteBackendUtils.dll
2009-11-16 16:20 . 2009-04-29 09:45 197968 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\6A0591D6\B74607BA\ICSharpCode.SharpZipLib.dll
2009-11-16 16:20 . 2009-04-29 09:45 1250600 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\B430549D\B74607BA\SUMP.exe
2009-11-16 16:19 . 2009-11-16 16:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2009-11-13 15:12 . 2009-11-13 16:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\mslbof
2009-11-09 14:20 . 2009-11-09 14:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-11-09 13:33 . 2009-11-09 16:16 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\fxuyfd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 21:01 . 2004-01-27 10:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-01 20:15 . 2009-12-01 20:15 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-01 20:15 . 2009-12-01 20:15 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-01 20:11 . 2004-01-27 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-30 00:11 . 2007-05-16 13:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-13 19:38 . 2005-04-14 13:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-13 19:29 . 2005-04-14 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-22 12:53 . 2006-12-18 20:04 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-10-13 12:12 . 2009-10-09 20:02 -------- d-----w- c:\program files\Google
2009-10-12 13:36 . 2009-10-12 13:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-12 13:36 . 2004-01-26 10:23 -------- d-----w- c:\program files\Java
2009-10-12 13:34 . 2009-10-12 13:34 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-11 14:18 . 2004-02-04 19:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
2004-06-16 17:08 . 2004-06-16 17:08 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-01-26 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"LTMSG"="LTMSG.exe" [2003-07-15 40960]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-08-10 77824]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAV\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAV\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30236:TCP"= 30236:TCP:PORT_30236
"8538:TCP"= 8538:TCP:PORT_8538
"45723:TCP"= 45723:TCP:PORT_45723

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1101000.013\SymDS.sys [12/1/2009 2:14 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1101000.013\SymEFA.sys [12/1/2009 2:14 PM 171056]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091104.001\BHDrvx86.sys [12/1/2009 2:38 PM 524848]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1101000.013\cchpx86.sys [12/1/2009 2:14 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAV\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAV\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1101000.013\Ironx86.sys [12/1/2009 2:14 PM 114736]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [12/1/2009 2:14 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/1/2009 2:16 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [12/1/2009 2:38 PM 329592]
S2 mrtRate;mrtRate; [x]
S3 SASENUM;SASENUM;c:\program files\SUPERAV\SASENUM.SYS [11/23/2009 8:43 AM 7408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wunderground.com/US/FL/Pensacola.html
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
AddRemove-KBD - c:\hp\KBD\KBD.EXE uninstalled
AddRemove-NVIDIA GART Driver - c:\windows\System32\nvugart.exe Uninstall
AddRemove-PS2 - c:\windows\system32\ps2.exe uninstall
AddRemove-Uniblue RegistryBooster 2009 - c:\documents and settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}\Uniblue RegistryBooster.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-Uniblue SpeedUpMyPC 2009 - c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-{98E8A2EF-4EAE-43B8-A172-74842B764777} - c:\program files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe REMOVEALL



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 02:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAV\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3528)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\wscntfy.exe
c:\windows\LTMSG.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2009-12-07 02:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-07 08:34

Pre-Run: 99,086,385,152 bytes free
Post-Run: 99,113,652,224 bytes free

- - End Of File - - 97249614770A3D75E5EC0C881ECA4D83
  • 0

#4
NeonFx
Posted 07 December 2009 - 01:26 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Good to hear :) Let me know if you notice any new symptoms.

Please do the following:

1. Close any open open programs before running the fix.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad (Start > Programs > Accessories) and copy/paste the text in the codebox below into it:

Folder::
c:\documents and settings\Owner\Local Settings\Application Data\mslbof
c:\documents and settings\Owner\Local Settings\Application Data\fxuyfd

Driver::
mrtRate

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30236:TCP"=-
"8538:TCP"=-
"45723:TCP"=-

NOTE: Make sure WordWrap is unchecked in Notepad by clicking on the "Format" menu icon.

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
  • 0

#5
CatMad
Posted 07 December 2009 - 06:20 PM

CatMad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Computer is much better. It's running faster and isn't redirecting from Google.
Followed your instructions in the last post and the new ComboFix log is below.

ComboFix 09-12-06.09 - Owner 12/07/2009 17:26.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.355 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Local Settings\Application Data\fxuyfd
c:\documents and settings\Owner\Local Settings\Application Data\mslbof

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_mrtRate


((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.

2009-12-07 17:03 . 2009-12-01 07:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091207.002\NAVENG.SYS
2009-12-07 17:03 . 2009-12-01 07:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091207.002\NAVENG32.DLL
2009-12-07 17:03 . 2009-12-01 07:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091207.002\NAVEX32A.DLL
2009-12-07 17:03 . 2009-12-01 07:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091207.002\NAVEX15.SYS
2009-12-07 17:03 . 2009-12-01 07:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091207.002\EECTRL.SYS
2009-12-07 17:03 . 2009-12-01 07:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091207.002\CCERASER.DLL
2009-12-07 17:03 . 2009-12-01 07:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091207.002\ECMSVR32.DLL
2009-12-07 17:03 . 2009-12-01 07:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20091207.002\ERASER.SYS
2009-12-06 18:01 . 2009-12-06 18:01 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-01 20:38 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-12-01 20:38 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-12-01 20:38 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-12-01 20:38 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-12-01 20:38 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-12-01 20:38 . 2009-11-04 23:50 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091104.001\BHRules.dll
2009-12-01 20:38 . 2009-11-04 23:50 663088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091104.001\BHDrvx64.sys
2009-12-01 20:38 . 2009-11-04 23:50 524848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091104.001\BHDrvx86.sys
2009-12-01 20:38 . 2009-11-04 23:50 1413520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091104.001\BHEngine.dll
2009-12-01 20:38 . 2009-11-04 23:50 610704 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091104.001\bbRGen.dll
2009-12-01 20:17 . 2009-10-29 02:31 784752 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\components\coFFPlgn.dll
2009-12-01 20:17 . 2009-10-01 09:19 164216 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\components\IPSFFPl.dll
2009-12-01 20:15 . 2009-12-01 20:15 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-12-01 20:15 . 2009-12-01 20:15 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-12-01 20:15 . 2009-12-01 20:15 -------- d-----w- c:\program files\Symantec
2009-12-01 20:14 . 2009-10-09 02:54 466480 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20090911.001\IDSVia64.sys
2009-12-01 20:14 . 2009-10-09 02:54 342576 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20090911.001\IDSVix86.sys
2009-12-01 20:14 . 2009-10-09 02:54 329080 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20090911.001\IDSxpx86.sys
2009-12-01 20:14 . 2009-10-09 02:54 732536 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20090911.001\Scxpx86.dll
2009-12-01 20:14 . 2009-10-09 02:54 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20090911.001\IDSxpx86.dll
2009-12-01 20:14 . 2009-10-05 17:34 929648 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\OCS\hsplayer.dll
2009-12-01 20:14 . 2009-11-07 01:10 893808 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\CLT\cltLMSx.dll
2009-12-01 20:13 . 2009-12-01 20:13 -------- d-----w- c:\windows\system32\drivers\NIS
2009-12-01 20:13 . 2009-12-01 20:13 -------- d-----w- c:\program files\Windows Sidebar
2009-12-01 20:13 . 2009-12-01 20:13 -------- d-----w- c:\program files\Norton Internet Security
2009-12-01 19:58 . 2009-12-01 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2009-12-01 19:58 . 2009-12-01 19:58 -------- d-----w- c:\program files\NortonInstaller
2009-12-01 19:58 . 2009-12-01 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-12-01 19:56 . 2009-12-01 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-11-30 00:12 . 2009-12-03 13:45 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-30 00:12 . 2009-11-30 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-30 00:12 . 2009-11-30 00:12 -------- d-----w- c:\program files\SUPERAV
2009-11-30 00:12 . 2009-11-30 00:12 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-11-29 22:26 . 2009-11-29 22:26 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-11-29 22:26 . 2009-12-03 22:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 22:26 . 2009-12-06 18:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 22:26 . 2009-12-03 22:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 22:26 . 2009-11-29 22:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-29 22:24 . 2009-11-29 22:24 -------- d-----w- c:\program files\ERUNT
2009-11-25 18:06 . 2009-11-30 01:09 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\njnuom
2009-11-16 16:33 . 2009-11-16 16:33 152752 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-16 16:20 . 2009-04-29 09:45 845128 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\58D97068\B74607BA\System.Data.SQLite.dll
2009-11-16 16:20 . 2009-04-29 09:45 771368 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\9966075F\B74607BA\UBSysMan.dll
2009-11-16 16:20 . 2009-04-29 09:45 614696 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\7AEFAE8C\B74607BA\Launcher.exe
2009-11-16 16:20 . 2009-04-29 09:45 54608 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\D720648F\B74607BA\Interop.IWshRuntimeLibrary.dll
2009-11-16 16:20 . 2009-04-29 09:45 519168 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\78B94F67\B74607BA\IsLicense40.dll
2009-11-16 16:20 . 2009-04-29 09:45 474408 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\62A3297F\B74607BA\AvalonCommon.dll
2009-11-16 16:20 . 2009-04-29 09:45 395048 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\C77843B\B74607BA\SUMPBackend.dll
2009-11-16 16:20 . 2009-04-29 09:45 345008 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\4BF757A\B74607BA\IsLicense30.dll
2009-11-16 16:20 . 2009-04-29 09:45 236840 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\683B013A\B74607BA\PowerSuiteBackendUtils.dll
2009-11-16 16:20 . 2009-04-29 09:45 197968 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\6A0591D6\B74607BA\ICSharpCode.SharpZipLib.dll
2009-11-16 16:20 . 2009-04-29 09:45 1250600 -c--a-w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}\SpeedUpMyPC2009\B430549D\B74607BA\SUMP.exe
2009-11-16 16:19 . 2009-11-16 16:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
2009-11-09 14:20 . 2009-11-09 14:20 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-01 21:01 . 2004-01-27 10:21 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-01 20:15 . 2009-12-01 20:15 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-12-01 20:15 . 2009-12-01 20:15 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-01 20:11 . 2004-01-27 10:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-11-30 00:11 . 2007-05-16 13:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-13 19:38 . 2005-04-14 13:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-13 19:29 . 2005-04-14 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-22 12:53 . 2006-12-18 20:04 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2009-10-13 12:12 . 2009-10-09 20:02 -------- d-----w- c:\program files\Google
2009-10-12 13:36 . 2009-10-12 13:38 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-12 13:36 . 2004-01-26 10:23 -------- d-----w- c:\program files\Java
2009-10-12 13:34 . 2009-10-12 13:34 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-11 14:18 . 2004-02-04 19:12 136192 ----a-w- c:\windows\system32\msv1_0.dll
2004-06-16 17:08 . 2004-06-16 17:08 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-12-07_08.25.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-07 13:01 . 2009-12-07 13:01 16384 c:\windows\Temp\Perflib_Perfdata_540.dat
+ 2009-12-07 23:47 . 2009-12-07 23:47 16384 c:\windows\Temp\Perflib_Perfdata_518.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-01-26 151597]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-04 221184]
"LTMSG"="LTMSG.exe" [2003-07-15 40960]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-13 98304]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-08-10 77824]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAV\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAV\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1101000.013\SymDS.sys [12/1/2009 2:14 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1101000.013\SymEFA.sys [12/1/2009 2:14 PM 171056]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20091104.001\BHDrvx86.sys [12/1/2009 2:38 PM 524848]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1101000.013\cchpx86.sys [12/1/2009 2:14 PM 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAV\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAV\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1101000.013\Ironx86.sys [12/1/2009 2:14 PM 114736]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe [12/1/2009 2:14 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [12/1/2009 2:16 PM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [12/1/2009 2:38 PM 329592]
S3 SASENUM;SASENUM;c:\program files\SUPERAV\SASENUM.SYS [11/23/2009 8:43 AM 7408]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wunderground.com/US/FL/Pensacola.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 17:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.1.0.19\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\program files\SUPERAV\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3408)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\windows\system32\wscntfy.exe
c:\windows\LTMSG.exe
c:\program files\HP\hpcoretech\comp\hptskmgr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
.
**************************************************************************
.
Completion time: 2009-12-07 18:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-08 00:00
ComboFix2.txt 2009-12-07 08:34

Pre-Run: 99,099,111,424 bytes free
Post-Run: 98,977,341,440 bytes free

- - End Of File - - E88593376283FADB77796E7749FDC7DB
  • 0

#6
NeonFx
Posted 08 December 2009 - 03:38 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Sorry for the delay. Have you noticed any new symptoms?

STEP 1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[CLEARALLRESTOREPOINTS]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • This will create a log in C:\_OTL\MovedFiles\<date>_<time>.log where date and time are those of when the fix was run. Open it from there if it does not appear automatically on reboot. Please copy and paste or attach the contents of that file here.

Note: You may receive some errors while running the fix. Just press Ok and the fix should continue normally.
If it seems to get stuck, give it some time. It's probably still working.


STEP 2

The online scanner uses Java, so I will need you to download and install the latest version for that.

Please go here to download the installer:

http://java.com/en/download/index.jsp

Reboot your machine when that's done.

STEP 3

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.



2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.


The program will then begin downloading and installing and will also update the database.


Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image
  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

STEP 4

Run OTL again and click on the Quick Scan button at the top. Attach the results of this scan in your next reply.

Edited by NeonFx, 08 December 2009 - 03:39 PM.

  • 0

#7
CatMad
Posted 08 December 2009 - 06:58 PM

CatMad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thank you for your reply. My husband has to have the computer at work. He brought it home last night so I could continue working with you, but he had to take it back this morning. It will be tomorrow night before it is available to continue with the process. He did not notice any new problems today. I should be able to post the requested info before 6:30 pm cst.

Edited by CatMad, 08 December 2009 - 06:59 PM.

  • 0

#8
NeonFx
Posted 08 December 2009 - 07:11 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
alright. There's no rush
  • 0

#9
CatMad
Posted 10 December 2009 - 02:40 PM

CatMad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Sorry it's taken some time to complete the tasks. The hard part was turning off all the parts of Norton 2010, there are an unbelievable number of auto run programs. Once I finally got them to all stop, everything ran smoothly. I was surprised at how long it took to run the scan, but I was pleased when it said "No Threat Found". Below are the two logs requested for your review. I hope with your skilled review the report will also be good.

KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, December 10, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, December 10, 2009 00:56:49
Records in database: 3349866
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 105767
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 07:34:26

No threats found. Scanned area is clean.

Selected area has been scanned.


OTL logfile created on: 12/10/2009 5:28:14 AM - Run 2
OTL by OldTimer - Version 3.1.11.8 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

759.48 Mb Total Physical Memory | 458.17 Mb Available Physical Memory | 60.33% Memory free
1.44 Gb Paging File | 0.88 Gb Available in Paging File | 61.48% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.63 Gb Total Space | 93.06 Gb Free Space | 86.46% Space Free | Partition Type: NTFS
Drive D: | 4.14 Gb Total Space | 0.62 Gb Free Space | 14.88% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: QAD
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/09 19:49:24 | 00,139,264 | ---- | M] (Kaspersky Lab.) -- C:\Documents and Settings\Owner\Local Settings\Temp\jkos-Owner\binaries\ScanningProcess.exe
PRC - [2009/12/06 15:20:28 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2009/10/20 00:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/13 18:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/07 17:15:07 | 00,600,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\ipoint.exe
PRC - [2006/07/07 17:14:38 | 00,576,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2005/05/11 23:40:38 | 00,204,800 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2005/05/11 22:23:26 | 00,282,624 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2005/05/11 22:16:22 | 00,077,824 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
PRC - [2005/05/11 22:12:54 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2005/01/12 14:54:58 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
PRC - [2005/01/12 14:54:56 | 00,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2004/08/20 15:51:14 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2004/05/24 11:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe
PRC - [2004/03/04 09:46:24 | 00,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2003/08/21 05:15:48 | 00,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/07/14 19:52:44 | 00,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/02/11 21:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe
PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe


========== Modules (SafeList) ==========

MOD - [2009/12/06 15:20:28 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2009/11/06 18:57:04 | 00,406,896 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\asOEHook.dll
MOD - [2009/07/12 02:02:02 | 00,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\Microsoft.VC90.CRT\msvcr90.dll
MOD - [2009/07/12 02:02:00 | 00,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\Microsoft.VC90.CRT\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/20 00:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (NIS)
SRV - [2009/10/20 00:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (EraserSvc10923)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/03/19 16:08:58 | 00,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/05/24 11:35:52 | 00,322,104 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
SRV - [2003/07/28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wundergro.../Pensacola.html
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F6 EB 13 C8 5E 71 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\IPSFFPlgn\ [2009/12/01 14:17:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\coFFPlgn\ [2009/12/01 14:17:09 | 00,000,000 | ---D | M]


O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.64.180.150 97.64.187.153
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAV\SASWINLO.dll - C:\Program Files\SUPERAV\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAV\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/26 03:28:24 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 14:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/09 18:45:20 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/09 18:43:24 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/07 01:53:33 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/07 01:53:33 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/07 01:53:33 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/07 01:53:33 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/07 01:51:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/06 15:20:26 | 00,537,088 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/01 14:15:30 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/01 14:15:30 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/01 14:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/12/01 14:14:48 | 00,361,520 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\symtdi.sys
[2009/12/01 14:14:48 | 00,339,504 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\symtdiv.sys
[2009/12/01 14:14:47 | 00,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.sys
[2009/12/01 14:14:47 | 00,171,056 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymEFA.sys
[2009/12/01 14:14:47 | 00,043,696 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtspx.sys
[2009/12/01 14:14:46 | 00,325,168 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtsp.sys
[2009/12/01 14:14:46 | 00,114,736 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Ironx86.sys
[2009/12/01 14:14:45 | 00,501,888 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NIS\1101000.013\cchpx86.sys
[2009/12/01 14:13:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS
[2009/12/01 14:13:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NIS\1101000.013
[2009/12/01 14:13:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/12/01 14:13:41 | 00,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2009/12/01 13:58:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/12/01 13:58:31 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/12/01 13:58:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/12/01 13:56:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Norton
[2009/12/01 13:56:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/11/29 18:12:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/11/29 18:12:14 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAV
[2009/11/29 18:12:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2009/11/29 16:26:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/11/29 16:26:49 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/11/29 16:26:47 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/11/29 16:26:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/11/29 16:26:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/29 16:25:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/29 16:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/11/29 16:06:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GeekToGo_Cleaning_Programs
[2009/11/29 16:05:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\GeekToGo_Cleaning_Programs

========== Files - Modified Within 14 Days ==========

[2009/12/09 19:35:32 | 00,000,188 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2009/12/09 19:35:23 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/09 19:30:31 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/09 19:30:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/09 19:30:25 | 79,644,6720 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/09 19:29:28 | 07,864,320 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2009/12/09 19:29:28 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/09 18:45:20 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/12/09 15:19:00 | 00,830,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Cat.DB
[2009/12/09 15:18:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/08 20:04:10 | 00,371,137 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DCP_6757.JPG
[2009/12/07 20:01:34 | 00,000,740 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2009/12/07 17:51:48 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/07 03:04:28 | 00,001,321 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows Explorer.lnk
[2009/12/07 01:44:00 | 03,583,178 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/12/06 15:20:28 | 00,537,088 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/06 14:38:22 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/02 07:04:01 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
[2009/12/01 14:15:30 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/12/01 14:15:30 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/12/01 14:15:30 | 00,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/01 14:15:30 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/01 14:14:52 | 00,001,997 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/12/01 14:13:11 | 00,000,818 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Norton Installation Files.lnk
[2009/11/29 18:12:17 | 00,000,731 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk

========== Files Created - No Company Name ==========

[2009/12/09 08:48:11 | 00,371,137 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DCP_6757.JPG
[2009/12/07 01:53:33 | 00,260,608 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/07 01:53:33 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/07 01:53:33 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/07 01:53:33 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/07 01:53:33 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/07 01:43:52 | 03,583,178 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2009/12/06 14:37:39 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\settings.dat
[2009/12/01 14:15:49 | 00,830,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Cat.DB
[2009/12/01 14:15:30 | 00,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/12/01 14:15:30 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/12/01 14:14:52 | 00,001,997 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton Internet Security.LNK
[2009/12/01 14:14:00 | 00,001,474 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymNetV.inf
[2009/12/01 14:14:00 | 00,001,446 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymNet.inf
[2009/12/01 14:13:59 | 00,003,373 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymEFA.inf
[2009/12/01 14:13:59 | 00,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.inf
[2009/12/01 14:13:59 | 00,001,389 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtspx.inf
[2009/12/01 14:13:59 | 00,001,383 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtsp.inf
[2009/12/01 14:13:59 | 00,000,743 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\Iron.inf
[2009/12/01 14:13:58 | 00,001,756 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\ccHPx86.inf
[2009/12/01 14:13:50 | 00,007,774 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\symnetv.cat
[2009/12/01 14:13:50 | 00,007,355 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymNet.cat
[2009/12/01 14:13:49 | 00,007,493 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymDS.cat
[2009/12/01 14:13:49 | 00,007,438 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtsp.cat
[2009/12/01 14:13:49 | 00,007,431 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\SymEFA.cat
[2009/12/01 14:13:49 | 00,007,429 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\srtspx.cat
[2009/12/01 14:13:49 | 00,007,424 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\iron.cat
[2009/12/01 14:13:48 | 00,007,396 | R--- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\cchpx86.cat
[2009/12/01 14:13:47 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NIS\1101000.013\isolate.ini
[2009/12/01 13:56:19 | 00,000,818 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Norton Installation Files.lnk
[2009/11/29 18:12:17 | 00,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2009/06/02 08:38:17 | 00,000,384 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/01/25 14:25:42 | 00,000,445 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Officejet 5600 series1193325707_PROTOCOL.log
[2008/01/25 14:25:41 | 00,000,364 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Officejet 5600 series1193325707_UI.log
[2008/01/25 14:25:41 | 00,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/01/25 14:25:41 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Hewlett-PackardHP Officejet 5600 series1193325707_API.log
[2006/01/18 09:44:35 | 00,000,311 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2005/04/22 12:05:30 | 00,010,680 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2005/03/24 10:59:59 | 00,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2004/01/28 20:21:05 | 00,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/28 20:21:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/27 04:47:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/27 04:26:18 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/26 07:32:19 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/01/26 07:31:25 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/01/26 07:31:25 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/26 07:27:36 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/01/26 07:23:22 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/26 07:17:11 | 00,029,216 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/26 07:16:36 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/26 07:16:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/26 07:00:28 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/26 06:46:03 | 00,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/26 05:11:29 | 00,002,544 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/01/26 04:56:30 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/26 04:14:16 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/26 04:02:59 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/26 04:02:59 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/26 04:02:33 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/26 03:33:52 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/26 02:11:44 | 00,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/23 02:19:42 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/03/07 00:53:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/08 00:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/06 14:30:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 12:46:56 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1998/01/12 02:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2009/12/01 13:58:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2005/04/28 10:17:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2008/04/16 13:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uniblue
[2009/03/30 12:33:49 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
[2009/02/09 11:25:08 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2009/11/16 10:20:16 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A613CA96-150A-4A1D-90CE-67F81379DF8C}
[2008/01/25 14:34:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Image Zone Express
[2004/01/27 04:26:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2006/06/08 11:03:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2005/02/10 14:39:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2004/01/26 07:49:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/02/09 14:56:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\System Tweaker
[2004/05/05 10:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2009/02/09 11:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2008/05/15 06:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Wal-Mart Digital Photo Viewer
[2009/12/02 07:04:01 | 00,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job
[2008/04/17 06:07:28 | 00,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\Uniblue SpyEraser.job

========== Purity Check ==========


< End of report >
  • 0

#10
NeonFx
Posted 10 December 2009 - 08:24 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
I'm glad to hear it didn't find anything :) How's the computer running? Any new symptoms?

I didn't see anything else in your logs so you should be good to go.
  • 0

#11
CatMad
Posted 10 December 2009 - 10:03 PM

CatMad

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
The computer is running great! :)
It's such a relief to know that nasty stuff is gone. Thank you so much for all your help.
  • 0

#12
NeonFx
Posted 11 December 2009 - 10:26 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Excellent. Let's cleanup.

STEP 1

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

(If you use Vista or 7 just paste it into the text box that appears next to your start button)

ComboFix /Uninstall

Note: If you renamed ComboFix to something else (Combo-Fix or Gotcha for example) you might have to change the command accordingly: Combo-Fix /Uninstall

STEP 2

To clean up OldTimer's tools, along with a few others, do the following:

  • Run OTL.exe by double clicking on it
  • Click on the "CleanUp" button on the top.
  • You will be asked if you wish to reboot your system, select "Yes"

STEP 3

Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the Shift key, and select "Delete" by clicking on it. This will delete the files without sending them to the RecycleBin.

You can also uninstall the other programs (HijackThis or MalwareBytes if we used them) by going to Start > Control Panel > Add/Remove programs (The Control Panel is different in different versions of Windows. It will be Programs and Features in Vista and Programs > Uninstall a Program in 7)

You might want to keep MalwareBytes AntiMalware though and that's fine :) Make sure you update it before you run the scans in the future.

All Clean

Congratulations!, Posted Image, your system is now clean. Now that your system is safe we would like you to keep it that way. Take the time to follow these instructions and it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to (Start) > (All) Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates


Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. A HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine and prevent your computer from connecting to that website.

See how to get it HERE
(For Vista and 7 see HERE )

You can also use a tool to update your Hosts file. See HERE and HERE

If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Note: A Hosts file can slow some systems down. If it is slowed down beyond tolerable you might want to empty the Hosts file or reset it using one of the tools.

Install WinPatrol
Download it HERE
You can find information about how WinPatrol works HERE and HERE

Note: This program will work alongside all other security programs without conflicts. It might ask you to allow certain actions that security programs perform often, but if you tell Scotty to remember the action by checking the option, the alerts will lessen.

Other Software Updates
It is very important to update the other software on your computer to patch up any security issues you may have. Go HERE to scan your computer for any out of date software. In particular make sure you download the updates for Java and Adobe as these are subject to many security vulnerabilities.

Setting up Automatic Updates
So that it is not necessary to have to remember to update your computer regularly (something very important to securing your system), automatic updates should be configured on your computer. Microsoft has guides for XP and Vista on how to do this. See HERE for Windows 7.

Read further information HERE, HERE, and HERE on how to prevent Malware infections and keep yourself clean.
  • 0

#13
NeonFx
Posted 15 December 2009 - 01:29 PM

NeonFx

    Malware Removal Dude

  • Expert
  • 3,798 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP