Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

unable to run antivirus and malware [Solved]


  • This topic is locked This topic is locked

#1
papa_A_D

papa_A_D

    Member

  • Member
  • PipPip
  • 56 posts
I am unable to run antivirus and malware programs or to download new ones from ie7 because Internet Explorer cannot display the webpages. Original problem also included an inability to run .exe files (that has been resolved). I don't know whether this will help or not but I also get a Windows Security alert each reboot regarding Automatic Updates being OFF
I could sure use some help again from someone

regards,
Papa
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello papa_A_D and welcome to G2G! :)

My nick is maliprog and I'll will be your technical support on this issue. Before we start please read my notes carefully:

NOTE:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
  • You must reply within 3 days or your topic will be closed
Few questions before we start...

  • Do you have another, clean, PC so we can use it to download tools?
  • Do you have USB memory to transfer tool to infected PC?
  • Can you try to start system to Safe Mode with networking and test if you can go online:

  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Safe Mode and try to get on online

  • 0

#3
papa_A_D

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Thank you, maliprog...here are the answers to your questions. My Toshiba laptop has the problems. I can use a desktop model to transfer back and forth and answer questions. When I try to run SAFE Mode (with or without Networking), my screen scrolls thru the driver files and then goes no further. During normal startup, I have a network connection but with an error: no web pages. It shows only a blank screen with a URL to go to my home web page. As I mentioned, my original problem also included an inability to run .exe files (that has been resolved).

Thanks for responding and looking forward to resolve this.

Edited by papa_A_D, 30 November 2011 - 09:30 PM.

  • 0

#4
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi papa_A_D,

Step 1

We will need clean PC and USB memory to download and transfer tools to infected PC. First we need to disinfect your USB memory so you can transfer files and not get infected. Do this step only once on clean PC. After that you will use USB memory to transfer tools to infected PC and run them as instructed.

Do this on the clean computer:

  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from here and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.
Step 2

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
    . Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 2

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Step 3

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
  • GMER log
It would be helpful if you could post each log in separate post
  • 0

#5
papa_A_D

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
We're not off to a good start. I don't have any USB memory sticks - only DVD transfer. Is this gonna work for you? I do have a downloaded program titled "OTListIt2". Can I use this?
  • 0

#6
papa_A_D

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Thinking it over, I'm going to try loading OTL and GMER using DVD transfer and get you the logs you require.

P
  • 0

#7
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi papa_A_D,

To be honest it would be great if you could borrow USB memory from friend. You can use DVD to transfer tools but we are going to use a lots of it (talking from experience). Also, after the scans you need to transfer logs to clean PC and post it to me.
  • 0

#8
papa_A_D

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Alright, I'll try and get one but, in the meantime, go ahead and close this post and I'll start up again when ready.
Thank you, maliprog

P
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I won't close topic :). I'll give you 4 days to try and find USB memory. I'll be here...
  • 0

#10
papa_A_D

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
maliprog...I ran the GMER program but there was a problem near the end. I received a warning message that said "GMER has found SYS MODIF caused by ROOTKIT activity both times. The program then stops. ??

Below is the log for OTL

papa

Edited by papa_A_D, 05 December 2011 - 11:05 PM.

  • 0

Advertisements


#11
papa_A_D

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Here is the OTL.txt log and there was no Extras.txt log after the run


OTL logfile created on: 12/1/2011 4:47:57 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

501.98 Mb Total Physical Memory | 194.15 Mb Available Physical Memory | 38.68% Memory free
1.25 Gb Paging File | 0.96 Gb Available in Paging File | 76.64% Paging File free
Paging file location(s): C:\pagefile.sys 812 1792 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.23 Gb Total Space | 29.94 Gb Free Space | 40.33% Space Free | Partition Type: NTFS
Drive D: | 4.38 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDFFS20

Computer Name: WALLSTREAT | User Name: Hemphill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/01 15:45:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.scr
PRC - [2011/11/08 17:19:43 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2011/11/07 23:45:26 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2011/11/07 18:19:43 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2011/11/07 16:51:37 | 000,114,688 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2011/11/02 14:51:10 | 000,045,056 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2011/11/02 14:51:07 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2011/11/02 14:51:06 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2011/11/02 14:51:03 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2011/11/02 14:50:58 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/02 15:52:46 | 000,364,544 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2006/02/07 15:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2004/08/27 23:37:00 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/07 18:19:43 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
MOD - [2011/11/02 14:51:10 | 000,045,056 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
MOD - [2011/11/02 14:51:03 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
MOD - [2011/02/04 16:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/02/05 10:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 16:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 16:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/07/02 21:44:10 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/07/02 21:42:44 | 000,348,160 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006/01/04 17:14:36 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2004/07/20 16:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (IOLO_SRV)
SRV - [2011/11/08 17:19:43 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2011/11/08 06:08:49 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2011/11/07 23:45:26 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2011/11/07 18:19:43 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2011/11/07 16:51:37 | 000,114,688 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2011/11/07 16:51:34 | 000,214,720 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2011/11/02 14:51:10 | 000,045,056 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2011/11/02 14:51:07 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2011/11/02 14:51:06 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2011/11/02 14:51:03 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2011/11/02 14:51:02 | 001,160,848 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2011/11/02 14:50:58 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/09/27 19:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 19:33:32 | 001,813,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/02/07 15:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)


========== Driver Services (SafeList) ==========

DRV - [2011/08/18 00:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/18 00:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/01/31 13:53:34 | 000,194,320 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2006/12/16 12:37:50 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2006/09/18 16:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/25 15:33:50 | 000,061,824 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/08/23 19:37:50 | 004,374,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/08/22 09:11:30 | 000,040,064 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/08/07 15:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 15:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/07/13 09:33:10 | 000,074,752 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/07/02 23:16:30 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/06/28 15:25:06 | 000,081,920 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/28 10:50:00 | 000,098,816 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2006/05/30 15:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/04/11 16:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/03/18 06:36:42 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/03/02 17:49:50 | 000,015,360 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2005/12/20 15:54:34 | 000,027,008 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/12/20 15:54:28 | 000,069,376 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMOUKE.sys -- (LMouKE)
DRV - [2005/12/20 15:54:04 | 000,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2005/12/20 15:53:44 | 000,013,440 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005/10/20 13:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/09/09 13:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/24 14:20:28 | 000,009,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (tbiosdrv)
DRV - [2005/06/02 02:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/09/19 00:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 13:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2003/01/10 12:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [1999/09/10 11:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {e7472076-ff9d-4325-8eaf-613572008758} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:52970

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.mozilla.org/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:0.7.5.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 52970
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@DictionaryBoss.com/Plugin: C:\Program Files\DictionaryBoss\bar\1.bin\NPv4Stub.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/04/14 21:06:00 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\DictionaryBoss\bar\1.bin

[2008/11/05 20:47:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hemphill\Application Data\Mozilla\Extensions
[2009/08/30 22:41:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hemphill\Application Data\Mozilla\Firefox\Profiles\mqrzvjre.default\extensions
[2008/11/06 02:17:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Hemphill\Application Data\Mozilla\Firefox\Profiles\mqrzvjre.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/08/30 22:41:32 | 000,000,000 | ---D | M] (MediaBar) -- C:\Documents and Settings\Hemphill\Application Data\Mozilla\Firefox\Profiles\mqrzvjre.default\extensions\{E84D42CA-64EB-11DE-A65F-8C3656D89593}
[2009/01/01 12:02:32 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/11/14 18:02:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O2 - BHO: (no name) - {6eb534fb-2001-45c4-b860-bc904865a379} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {20001E7A-823D-4E19-ADE2-D6AB53C7C81E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3042df7a-e900-4389-9b94-923df0daa57e} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3042DF7A-E900-4389-9B94-923DF0DAA57E} - No CLSID value found.
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 11
O8 - Extra context menu item: &Search - http://tbedits.dicti...ED&n=2010091401 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm File not found
O9 - Extra 'Tools' menuitem : PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - Reg Error: Key error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: wordpress.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: wordpress.com ([support] http in Trusted sites)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.1)
O16 - DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} http://download.micr...tualEarth3D.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.maricopa....in/mgaxctrl.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://bigtrends.we...bex/ieatgpc.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Hemphill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Hemphill\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/07/18 18:37:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{97b0e45a-be32-11db-aa7e-0018dea72941}\Shell\AutoRun\command - "" = E:\LinksysConnectPC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 6\)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O36 - AppCertDlls: msdttify - (C:\WINDOWS\system32\boottvdm.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/01 15:45:20 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\OTL.scr
[2011/11/30 19:09:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Hemphill\Recent
[2011/11/30 18:56:10 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/11/23 15:16:42 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/21 19:44:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/21 19:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/11/14 18:02:21 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/11/07 23:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/07 23:25:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/02 14:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/11/02 14:44:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Hemphill\Local Settings\Application Data\922a6d98
[2006/07/19 14:49:10 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\WINDOWS\System32\
[2011/12/01 15:45:19 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\OTL.scr
[2011/12/01 14:29:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/12/01 12:30:09 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A00C3A91-1B39-4F57-A4C7-6A0B0F8DC435}.job
[2011/11/30 20:00:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\jrayjaam.job
[2011/11/30 19:17:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/30 19:17:25 | 526,438,400 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/30 19:01:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\2557291154
[2011/11/26 16:23:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/25 17:00:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\Symantec AntiVirus.job
[2011/11/23 15:38:32 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/11/23 13:00:51 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/21 21:28:54 | 000,496,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/21 21:28:54 | 000,090,796 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/21 20:40:46 | 000,021,158 | ---- | M] () -- C:\Documents and Settings\Hemphill\Desktop\xpnetdiag.xml
[2011/11/19 18:42:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/11/19 15:17:23 | 005,410,816 | ---- | M] () -- C:\Documents and Settings\Hemphill\ntuser.bak
[2011/11/19 14:28:40 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2011/11/19 10:51:02 | 000,005,828 | ---- | M] () -- C:\Documents and Settings\Hemphill\Desktop\Default_EXE.reg
[2011/11/14 18:02:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/11/09 20:41:28 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/07 18:19:43 | 000,174,656 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe
[2011/11/07 16:51:37 | 000,114,688 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\System32\DVDRAMSV.exe
[2011/11/02 14:51:03 | 000,036,864 | ---- | M] () -- C:\WINDOWS\System32\acs.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/21 20:40:46 | 000,021,158 | ---- | C] () -- C:\Documents and Settings\Hemphill\Desktop\xpnetdiag.xml
[2011/11/19 10:50:54 | 000,005,828 | ---- | C] () -- C:\Documents and Settings\Hemphill\Desktop\Default_EXE.reg
[2011/11/09 20:41:28 | 000,281,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/02 14:44:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\2557291154
[2011/06/11 21:54:29 | 000,011,310 | -HS- | C] () -- C:\Documents and Settings\Hemphill\Local Settings\Application Data\523i15k6q8ybe1q7n25tq08885823u42w2p3g6pwjy2
[2011/06/11 21:54:29 | 000,011,310 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\523i15k6q8ybe1q7n25tq08885823u42w2p3g6pwjy2
[2011/06/11 21:54:25 | 000,003,660 | ---- | C] () -- C:\Documents and Settings\Hemphill\Application Data\883A.096
[2011/02/12 21:34:31 | 000,000,607 | ---- | C] () -- C:\WINDOWS\FCRCfg.ini
[2011/02/10 22:06:34 | 000,187,904 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe
[2011/02/10 22:06:33 | 000,641,021 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/02/10 22:06:33 | 000,001,674 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/02/16 00:49:59 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/02/16 00:49:59 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/02/16 00:49:21 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/02/16 00:49:20 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/02/16 00:49:19 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/10/09 23:45:54 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\AscSQLite.dll
[2009/08/25 00:59:33 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\evqla.sys
[2009/08/24 23:45:16 | 000,687,104 | ---- | C] () -- C:\WINDOWS\is-NMITE.exe
[2009/02/23 18:11:19 | 000,476,752 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\pswi_preloaded.exe
[2009/02/13 14:02:52 | 000,018,432 | ---- | C] () -- C:\WINDOWS\ss3unstl.exe
[2009/02/13 13:49:06 | 000,035,572 | R--- | C] () -- C:\WINDOWS\muscroll.dll
[2009/02/13 13:49:05 | 000,259,462 | R--- | C] () -- C:\WINDOWS\accusft5.dll
[2009/01/02 15:57:00 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/12/21 18:02:23 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\uhkec.sys
[2008/04/18 20:22:38 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ControlWZCS.exe
[2008/04/18 20:22:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\acs.exe
[2008/04/18 20:22:17 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2008/01/31 13:53:36 | 000,096,800 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/01/31 13:53:36 | 000,010,784 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008/01/29 16:30:41 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini
[2008/01/22 22:49:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/01/19 19:40:53 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\MetaLib.dll
[2007/08/08 15:30:12 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerLang.dll
[2007/08/02 17:11:28 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLA.dll
[2007/08/02 17:11:14 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerDLLW.dll
[2007/07/27 14:49:02 | 000,225,355 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiW.dll
[2007/07/27 14:49:02 | 000,196,683 | ---- | C] () -- C:\WINDOWS\System32\lnod32apiA.dll
[2007/07/25 18:00:45 | 004,369,388 | -H-- | C] () -- C:\WINDOWS\System32\spython.bin
[2007/07/05 00:11:00 | 000,000,176 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/07/04 23:49:21 | 000,003,424 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/06/13 10:10:34 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\OnlineScannerUninstaller.exe
[2007/05/27 13:20:39 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2007/04/26 18:39:12 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/04/26 18:39:12 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\A37964C185.sys
[2007/04/26 16:48:35 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2007/04/25 07:13:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2007/04/12 19:06:23 | 000,047,366 | ---- | C] () -- C:\Documents and Settings\Hemphill\Application Data\wklnhst.dat
[2007/03/10 22:49:51 | 000,004,388 | ---- | C] () -- C:\WINDOWS\smflt.dll
[2007/02/19 19:33:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/02/09 01:35:27 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/02/01 14:07:56 | 000,000,068 | ---- | C] () -- C:\WINDOWS\NavWin.INI
[2007/01/31 22:09:09 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\G32_TICK.DLL
[2007/01/31 22:09:09 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\G32_rkey.dll
[2007/01/31 22:09:09 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\free_res.exe
[2007/01/27 19:42:35 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\vsppg.dll
[2007/01/27 19:40:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\VsPPG7.dll
[2007/01/27 19:35:40 | 000,000,194 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/01/27 19:20:43 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007/01/27 19:20:04 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\W048T32W.DLL
[2007/01/27 19:20:04 | 000,128,000 | ---- | C] () -- C:\WINDOWS\System32\W046T32W.DLL
[2007/01/27 19:20:04 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\W801T32W.DLL
[2007/01/27 19:20:04 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\W770T32W.DLL
[2007/01/27 19:20:03 | 000,202,752 | ---- | C] () -- C:\WINDOWS\System32\W042T32W.DLL
[2007/01/27 19:20:03 | 000,202,240 | ---- | C] () -- C:\WINDOWS\System32\W019T32W.DLL
[2007/01/27 19:20:03 | 000,168,960 | ---- | C] () -- C:\WINDOWS\System32\W037T32W.DLL
[2007/01/27 19:20:03 | 000,163,328 | ---- | C] () -- C:\WINDOWS\System32\W033T32W.DLL
[2007/01/27 19:20:03 | 000,137,216 | ---- | C] () -- C:\WINDOWS\System32\W043T32W.DLL
[2007/01/27 19:20:03 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\W015T32W.DLL
[2007/01/27 19:20:03 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\W040T32W.DLL
[2007/01/27 19:20:01 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2007/01/27 19:20:00 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2007/01/26 19:30:03 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/01/26 12:13:09 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Hemphill\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/26 12:13:09 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Hemphill\Local Settings\Application Data\fusioncache.dat
[2007/01/26 11:59:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/02 19:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/08/31 13:27:28 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/08/31 13:27:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/08/11 13:33:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006/08/11 13:33:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006/08/11 13:33:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006/08/11 13:33:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006/08/11 13:33:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006/08/11 13:33:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006/08/11 13:12:03 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2006/08/11 13:12:03 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2006/07/19 18:50:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/07/19 18:38:09 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/07/19 18:13:07 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/07/19 16:51:22 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006/07/19 16:51:22 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006/07/19 15:18:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006/07/19 15:02:31 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2006/07/19 15:01:55 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006/07/19 15:01:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006/07/19 15:01:55 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006/07/19 15:01:55 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006/07/19 14:49:10 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006/07/18 18:44:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/18 18:40:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/07/18 18:33:55 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/18 18:32:30 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/07/18 16:52:17 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/07/18 16:47:49 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/07/18 16:47:41 | 000,496,004 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/07/18 16:47:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/07/18 16:47:41 | 000,090,796 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/07/18 16:47:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/07/18 16:47:39 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/07/18 16:47:37 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/07/18 16:47:33 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/07/18 16:47:21 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/07/18 16:47:21 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/07/18 16:47:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/07/18 16:46:50 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/07/18 11:28:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/29 07:43:38 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\ALZZip.BIN
[2006/03/29 07:43:36 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\ALZALZ.BIN
[2005/12/05 19:25:22 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\lnod32umc.dll
[2005/12/05 12:37:10 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lnod32upd.dll
[2005/09/02 13:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/24 14:20:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 20:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/12/20 10:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 10:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/07/20 16:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 13:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1999/01/22 10:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 00:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== LOP Check ==========

[2008/06/10 17:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AceReader Pro
[2009/10/09 23:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ascentive
[2011/11/21 19:44:39 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/01/19 10:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2011/02/04 23:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Boost
[2008/02/08 13:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gecko Software
[2008/01/22 21:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/11/21 19:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/01/16 12:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2010/05/17 22:30:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/12/20 00:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2011/02/10 23:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/01/29 16:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/01/25 17:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/07/19 15:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2007/01/26 19:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2011/01/27 21:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/01 22:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/04/20 00:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\Barnes & Noble
[2009/08/31 20:08:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/01/19 10:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\DassaultSystemes
[2010/05/19 15:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\ElevatedDiagnostics
[2011/02/12 19:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\Focus Mp3 Recorder
[2008/01/22 22:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\Grisoft
[2007/04/17 21:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\ICAClient
[2007/02/25 21:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\InterVideo
[2008/02/07 20:13:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\JGsoft
[2011/06/14 17:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\licenses
[2008/11/03 19:08:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\LimeWire
[2011/06/27 21:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\PandoraRecovery
[2007/03/20 22:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\papa_A_D
[2011/06/14 17:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\PCMM2009
[2011/06/14 17:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\PCMM2011
[2008/01/16 12:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\PKWARE
[2011/02/11 00:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\RipIt4Me
[2010/12/20 00:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\Systweak
[2007/04/12 19:06:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\Template
[2011/06/15 04:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\toshiba
[2008/02/07 18:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\Trading Applications
[2008/01/29 16:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\TuneUp Software
[2007/06/01 19:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\Viewpoint
[2007/04/26 16:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hemphill\Application Data\webex
[2011/11/30 20:00:00 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\jrayjaam.job
[2011/12/01 12:30:09 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A00C3A91-1B39-4F57-A4C7-6A0B0F8DC435}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[1999/11/16 17:55:20 | 000,077,824 | ---- | M] () MD5=514249B5445C95DB0A1A7D26FFC05280 -- C:\VS\VSflex7\SAMPLES\VC\EXPLORER\ReleaseMinSize\Explorer.exe
[2007/06/13 03:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 02:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/10 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 16:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/10 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/10 04:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 16:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/10 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 16:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 03:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 03:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 03:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/17 03:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/17 03:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/17 03:43:27 | 000,070,656 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB77$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 816 bytes -> C:\WINDOWS\2557291154:1842713191.exe
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:907E90B1
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC5DB2B
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C1F4198F

< End of report >
  • 0

#12
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Now we see infection.

Step 1

NOTE: You have very nasty infection! I would strongly advice you to backup all your important data from your system before you begin with the fix.

This malware tends to disable you whole system and let you with nothing. Please backup your date.

Step 2

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Step 3

Please don't forget to include these items in your reply:

  • Combofix log
It would be helpful if you could post each log in separate post
  • 0

#13
papa_A_D

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Sorry, now more problems while trying to run ComboFix:

1) I can't seem to disable the auto-protect on the Symantec AntiVirus 2007

2) I can't connect to the internet
  • 0

#14
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. That is all malware signature.

Step 1

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

You need to print screen Disk Management for me. To do this

  • Press Alt and Print Screen button on your keyboard
  • Open Paint program
  • From the menu choose Edit then Paste
  • Now save the picture and attach it here for me.

Step 2

Please read carefully and follow these steps.

Download TDSSKiller.zip from Kaspersky and save it to your Desktop.
  • Extract the zip file to its own folder.
  • Double click TDSSKiller.exe to run the program (Run as Administrator for Vista/Windows 7).
  • Click Start scan to start scanning.
  • If infection is detected, the default setting for "action" should be Cure
    • (If suspicious file is detected please click on it and change it to Skip).
  • Click Continue button
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

Step 3

Download aswMBR.exe ( 511KB ) to your desktop.

  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start scan
  • On completion of the scan click save log, save it to your desktop and post in your next reply

Step 4

Please download MBRCheck.exe to your desktop.

  • Double click to run it
  • It will prompt you with some text
  • A text file will be generated on your desktop
  • Now paste that text here for me.

Step 5

Please don't forget to include these items in your reply:

  • Disk Management screen shot
  • TDSSKiller log
  • aswMBR log
  • MBRCheck log
It would be helpful if you could post each log in separate post
  • 0

#15
papa_A_D

papa_A_D

    Member

  • Topic Starter
  • Member
  • PipPip
  • 56 posts
Sorry, maliprog:
I've had to spend a few days with a problem on my HOST computer, but I'm now back up and running. Below is the diskmgmt.log. I'll start on the other programs right away.

papa

Well, can't upload or cut & paste it.

Edited by papa_A_D, 11 December 2011 - 09:35 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP