1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

rootkit, printer and uploading files

Discussion in 'Virus & Other Malware Removal' started by blu47, Jan 10, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. blu47

    blu47 Thread Starter

    Joined:
    Jan 10, 2011
    Messages:
    25
    Hello back in early December I was in process of removing something I got from a Avast download. There was something doing massive uploads. Then I believed I took care of it. Since then I have used many programs and downloaded a number of tools for reassurance that the machine was cleaned. Again, since running comodo I found a large number of uploading or I should say large amount of files in the cache folder. Then I've run another scan later and all the files disappear. Then the printer stopped working for my mother but will work fine under admin privilege. Two weeks ago, I had Combofix detect 2 items of NTDLL code modification: ZwClose, ZwOpenFile. Thought it was taken care of. I've used Malwarebytes', a-squared, SuperAntispyware, Spybot S&D, Comodo, Dsskiller, and maybe a few others to detect anything and remove it but nothing I did helped. Also, last month, Combofix found some strange files, c:\recycler\NPROTECT\00122198.Lee #2 B, and got rid of them. I'm quite convinced there is some type of rootkit or trojan that is sending info or providing access for an hacker. Could you help me solve this? Thank you in advance.
    My OP: XP Pro w/ service pack 3

    Here's a recent HJ log.
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:42:15 PM, on 1/10/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\HPHipm11.exe
    C:\Documents and Settings\Elsa\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
    O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215493224746
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5183/mcfscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9F3269FD-46B5-4252-A9DA-58CF96C69347}: NameServer = 156.154.70.22,156.154.71.22
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E26442D6-73FF-4322-A260-45EFC8BFC03F}: NameServer = 156.154.70.22,156.154.71.22
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\DOCUME~1\Elsa\LOCALS~1\APPLIC~1\Skype\Shared\SKYPE4~1.DLL
    O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
    O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 5703 bytes
     
  2. blu47

    blu47 Thread Starter

    Joined:
    Jan 10, 2011
    Messages:
    25
    Well, I either need a program that blocks uploading or to fix this issue. To give you an idea, this problem is turning into something major. Every day, the computer finds new files like this log finds. And I hope to put a stop to over 100 MB being uploaded on a regular basis.

    ANALYSIS COMPLETE - (7.070 secs)
    ------------------------------------------------------------------------------------------
    114.5 MB to be removed. (Approximate size)
    ------------------------------------------------------------------------------------------
    Details of files to be deleted (Note: No files have been deleted yet)
    ------------------------------------------------------------------------------------------
    Internet Explorer - Temporary Internet Files 1,617 KB 153 files
    Internet Explorer - History 160 KB 5 files
    Internet Explorer - Index.dat files 0 KB 3 files
    Windows Explorer - Recent Documents 28 KB 44 files
    System - Empty Recycle Bin 218 KB 1 files
    System - Temporary Files 1,280 KB 43 files
    System - Windows Log Files 65 KB 4 files
    System - Start Menu Shortcuts 2 KB 2 files
    Firefox/Mozilla - Cookies 0 KB 452 files
    Firefox/Mozilla - Download History 2 KB 1 files
    Firefox/Mozilla - Internet Cache 113,861 KB 281 files
    Applications - Office XP 10 KB 13 files
    Multimedia - Adobe Flash Player 41 KB 106 files
    ------------------------------------------------------------------------------------------
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\006601BFd01 65 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\024B0F66d01 21 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\02D571E9d01 28 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\03B713B6d01 19 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0574F3ECd01 33 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0673F652d01 25 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\07B89374d01 2,059 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\08B06265d01 59 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\08C7CA64d01 252 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0A87AF88d01 18 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0AAD139Cd01 36 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0ACD1C38d01 29 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0E473868d01 40 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0FA52527d01 271 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\114D3E29d01 28 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\11B0FC23d01 17 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\135C67BCd01 76 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\18D441D5d01 32 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\18EE8369d01 172 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\19014B90d01 39 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\19E4238Cd01 21 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\1A677C7Ad01 21 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\1BD575B0d01 142 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\1CCCFBF6d01 33 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\1E7372D6d01 30 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\1FFCFC20d01 26 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\206DA9CBd01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\21A7DBBFd01 19 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\223DBF9Cd01 21 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\23236000d01 51 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2345160Dd01 882 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\245AD0C8d01 129 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\24766117d01 55 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\24F9C4D1d01 21 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\25CC923Bd01 85 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\25E0A3B5d01 27 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\26C91BEAd01 59 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\278052E8d01 74 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\278E3138d01 33 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\29788B88d01 1,637 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2AC566A9d01 335 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2B0DF62Dd01 25 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2CCE9783d01 17 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2DB7255Ad01 9,206 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2DE73497d01 1,621 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2FE8C3FBd01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2FFD42FEd01 135 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\32B0EA89d01 33 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\32CAD3B0d01 113 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\33399782d01 25 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\33A68E23d01 20 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\33D1CCF1d01 39 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\348C1918d01 19 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\348E655Cd01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\349E99B3d01 32 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\34D02809d01 169 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\351ED87Ed01 1,479 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\36CEBF9Cd01 38 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\37EA8334d01 20 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3805D747d01 26 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\396C4619d01 314 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3B66755Dd01 109 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3BBE0069d01 428 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3BDDF7A4d01 35 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3C6D3EE5d01 9,206 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3D3407FCd01 26 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3DD1F669d01 29 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3F02EFE6d01 38 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3F57BEF9d01 21 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\401065D5d01 534 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\4191A544d01 35 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\428A329Ad01 40 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\45EC34A6d01 1,565 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\46E8EDD8d01 20 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\47870182d01 26 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\49102C7Dd01 32 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\4984FAC4d01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\49DE886Ed01 26 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\4AD5A8FDd01 33 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\4B7ACADFd01 21 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\4C1CF33Cd01 71 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\4FEA11E3d01 34 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\52AFDE74d01 22 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\559874CFd01 20 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\56DA0E3Ed01 82 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\57FCFD74d01 31 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\58CA7A9Dd01 21 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\5F97DD87d01 25 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6117B8FEd01 32 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\631BB8A2d01 9,206 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\63381CDEd01 26 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\634BA6ABd01 20 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6425A1D1d01 25 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6479813Dd01 130 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\69BDEEF0d01 212 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6A939EAEd01 49 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6AF0DAC9d01 28 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6B588337d01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6B7B20B7d01 27 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6D301EA2d01 57 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6DD04606d01 45 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6E45453Dd01 89 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6E50ED3Ed01 38 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6F08BCF9d01 1,116 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6F600CA3d01 39 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\709F43B6d01 66 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\74121A58d01 47 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\746D7F06d01 36 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\760BD790d01 75 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\76A1CF42d01 20 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\770EA65Dd01 25 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\775DF64Fd01 30 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\776C8102d01 37 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\7A445A93d01 24 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\7D097A2Bd01 35 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\7DC0F84Bd01 43 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\7E47DBE2d01 44 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\7FD820C6d01 49 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\80DF3199d01 17 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\825ACF3Fd01 68 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8392CA8Bd01 74 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\83F2BF89d01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\843E4639d01 38 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\85738751d01 74 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\85F7F4B0d01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\86C31AD7d01 138 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8769247Dd01 32 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\878206D2d01 32 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\87DB18EAd01 41 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\89F02F68d01 21 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8A8CD792d01 94 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8AA3314Cd01 32 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8B6D9D1Ed01 101 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8BAF22D8d01 59 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8C9059CDd01 17 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8C9CE845d01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8E1EA103d01 30 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8EA099DFd01 9,206 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9165EA71d01 28 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\92BDD22Dd01 98 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9318F5CEd01 45 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9377EDC4d01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\937EAF98d01 19 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\945685D7d01 27 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\94B48BA2d01 19 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\95279401d01 112 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\962D6A12d01 652 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\96AA048Ed01 25 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\99326D35d01 85 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\99988FCAd01 49 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9AE554C4d01 73 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9AEAAFCBd01 29 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9AEBE407d01 21 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9AFC3668d01 20 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9B18ECEEd01 26 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9B24EAA1d01 56 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9B299BB9d01 35 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9B639779d01 56 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9C98DA80d01 29 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9D177907d01 40 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9D27399Dd01 29 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9DF88C5Dd01 31 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9EB9B8AFd01 29 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9EC04489d01 66 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9FC5EE75d01 315 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A00FA659d01 24 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A17DD559d01 56 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A244416Ed01 46 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A4071B59d01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A4341F02d01 18 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A4F47A26d01 129 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A5D41050d01 236 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A6524752d01 72 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A661F649d01 40 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A71E9186d01 19 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A86D12AAd01 95 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A9871CD2d01 36 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A9EC234Ad01 44 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AA491460d01 17 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AAB4A4B5d01 29 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AABDD832d01 37 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AB936624d01 26 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\ACEB4148d01 33 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AD2AE166d01 25 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AD550398d01 652 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\ADB63847d01 253 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AE2BD683d01 35 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AE8A3B1Bd01 35 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AEDC20D2d01 218 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B15EE3B1d01 90 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B2369549d01 25 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B4D0A6C8d01 257 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B614799Dd01 256 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B6C7869Bd01 34 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B74A2DBAd01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B77C3386d01 21 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B7DEA722d01 43 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B8AA1D37d01 40 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BA8B53A1d01 29 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BBA8FB71d01 40 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BBF3DD31d01 24 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BC64775Fd01 1,633 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BC879EADd01 265 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BD63BCF4d01 55 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BE837DB4d01 29 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C0A2F8D3d01 20 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C1BE02B7d01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C2C31209d01 38 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C3AA3A21d01 40 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C4548221d01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C4ACD518d01 32 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C8FF8531d01 32 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C99DA63Ed01 40 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CB650483d01 67 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CBC4022Dd01 652 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CBDA4A15d01 50 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CCB9C726d01 32 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CD3D396Dd01 20 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CD4D4441d01 728 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CD7C8EC2d01 136 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CE0FF505d01 29 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CE1F132Ed01 77 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CEEF1936d01 29 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D1117B31d01 22 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D1BD432Ed01 30 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D1F21A18d01 42 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D218C851d01 129 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D26C3FB9d01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D2BDD127d01 25 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D30117F7d01 18 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D670785Dd01 21 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DCFC2AB9d01 34 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DD1B3C64d01 33 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DD29DAB7d01 24 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DD955BB2d01 29 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DE36596Fd01 47 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DF96A63Fd01 25 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DFD36564d01 644 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E0501CBEd01 9,206 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E1188EE8d01 40 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E1C1C7D3d01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E3F35C3Ad01 958 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E4147EAAd01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E538CCAEd01 20 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E53B50CAd01 18 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E6394991d01 31 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E672C518d01 9,206 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E8984DDDd01 38 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E964E4E5d01 19 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EA19332Dd01 33 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EA9FD14Ed01 20 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EAEE0B68d01 33 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EBD01DF6d01 59 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EC5EDD69d01 85 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EC758B89d01 76 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\ED666544d01 43 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EF30EE40d01 35 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F016EFEDd01 53 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F05728A6d01 24 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F087F11Dd01 25 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F319A556d01 549 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F3F906FDd01 20 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F4DBA8E5d01 19 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F5217707d01 24 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F578123Fd01 23 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F5F1E987d01 66 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F72E00EDd01 266 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F7690240d01 28 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F7BCC2E9d01 36 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F8E0FDD4d01 20 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F8EE8FF1d01 24 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\FA6CB90Fd01 22 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\FA766F70d01 17 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\FB51F64Cd01 48 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\FC610564d01 38 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\FD5E44DEd01 424 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\FDC0CF9Fd01 30 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\_CACHE_001_ 5,819 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\_CACHE_002_ 6,834 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\_CACHE_003_ 14,372 KB
    C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\_CACHE_MAP_ 129 KB
     
  3. blu47

    blu47 Thread Starter

    Joined:
    Jan 10, 2011
    Messages:
    25
    Here's my DDS log as instructed in the "everyone MUST read this..." post.


    DDS (Ver_10-12-12.01) - NTFSx86 NETWORK
    Run by Admin at 16:18:07.84 on Tue 01/11/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.542 [GMT -9:00]
    AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    ============== Running Processes ===============
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\notepad.exe
    C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\dds.pif
    ============== Pseudo HJT Report ===============
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mURLSearchHooks: H - No File
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
    mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
    StartupFolder: c:\docume~1\admin~1.pre\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: Microsoft XML Parser for Java
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215493224746
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5183/mcfscan.cab
    TCP: {9F3269FD-46B5-4252-A9DA-58CF96C69347} = 156.154.70.22,156.154.71.22
    TCP: {E26442D6-73FF-4322-A260-45EFC8BFC03F} = 156.154.70.22,156.154.71.22
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
    LSA: Notification Packages = %I
    mASetup: {622C3E8E-6F9A-4625-BE57-AE60FAF3040A} - rundll32 mvvy5.dll,laspi
    Hosts: 127.0.0.1 www.spywareinfo.com
    ============= SERVICES / DRIVERS ===============
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-9-10 15592]
    S1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2011-1-5 41928]
    S1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2011-1-5 11776]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 239240]
    S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
    S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
    S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-1-5 2849784]
    S2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1901056]
    S2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [2003-9-22 51200]
    S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-1-5 72808]
    S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2003-10-6 16194]
    S3 NDISKIO;NDISKIO;\??\c:\docume~1\admin~1.pre\locals~1\temp\000004dd.nmc\nse\bin\ndiskio.sys --> c:\docume~1\admin~1.pre\locals~1\temp\000004dd.nmc\nse\bin\ndiskio.sys [?]
    S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\drivers\wg311nd5.sys [2003-10-6 307904]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
    =============== File Associations ===============
    JSEFile=NOTEPAD.EXE %1
    =============== Created Last 30 ================
    2011-01-11 20:52:12 -------- d-----w- c:\program files\ESET
    2010-12-18 06:13:05 98816 ----a-w- c:\windows\sed.exe
    2010-12-18 06:13:05 229888 ----a-w- c:\windows\PEV.exe
    2010-12-18 06:13:05 161792 ----a-w- c:\windows\SWREG.exe
    ==================== Find3M ====================
    2010-12-11 02:35:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-12-11 02:35:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
    ============= FINISH: 16:19:16.27 ===============
     
  4. blu47

    blu47 Thread Starter

    Joined:
    Jan 10, 2011
    Messages:
    25
    Attach log


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    DDS (Ver_10-12-12.01)
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/18/2002 12:36:08 PM
    System Uptime: 1/11/2011 10:59:57 AM (6 hours ago)
    Motherboard: | | P4X266-8233
    Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Socket 423 | 2019/100mhz
    ==== Disk Partitions =========================
    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 21.669 GiB free.
    D: is CDROM ()
    E: is FIXED (FAT32) - 19 GiB total, 16.087 GiB free.
    F: is CDROM ()
    ==== Disabled Device Manager Items =============
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: NETGEAR WG311 802.11g Wireless PCI Adapter
    Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_49001385&REV_01\3&13C0B0C5&0&50
    Manufacturer: NETGEAR, Inc.
    Name: NETGEAR WG311 802.11g Wireless PCI Adapter
    PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_49001385&REV_01\3&13C0B0C5&0&50
    Service: NETGEAR_WG311_SERVICE
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: WAN Network Driver
    Device ID: ROOT\NET\0000
    Manufacturer: America Online, Inc.
    Name: WAN Network Driver
    PNP Device ID: ROOT\NET\0000
    Service: wandrv
    ==== System Restore Points ===================
    RP2: 12/21/2010 2:39:25 PM - System Checkpoint
    RP3: 12/23/2010 9:41:04 AM - System Checkpoint
    RP4: 12/24/2010 10:30:10 AM - System Checkpoint
    RP5: 12/25/2010 1:49:24 PM - System Checkpoint
    RP6: 12/26/2010 7:27:16 PM - System Checkpoint
    RP7: 12/27/2010 8:22:16 PM - System Checkpoint
    RP8: 12/28/2010 9:12:21 PM - System Checkpoint
    RP9: 12/30/2010 9:26:50 AM - System Checkpoint
    RP10: 12/31/2010 11:40:07 AM - System Checkpoint
    RP11: 1/1/2011 2:01:23 PM - System Checkpoint
    RP12: 1/2/2011 7:50:26 PM - System Checkpoint
    RP13: 1/3/2011 9:38:12 PM - System Checkpoint
    RP14: 1/5/2011 6:55:03 AM - System Checkpoint
    RP15: 1/7/2011 7:57:17 PM - System Checkpoint
    RP16: 1/8/2011 11:07:51 PM - System Checkpoint
    RP17: 1/10/2011 10:06:28 PM - System Checkpoint
    ==== Installed Programs ======================
    Ad-aware 5.83
    Adobe Acrobat 5.0
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 7.0.7
    Autodesk Express Viewer
    Avance AC'97 Audio
    CCleaner
    COMODO Internet Security
    DivX Plus Web Player
    Duplicate Finder
    Emsisoft Anti-Malware 5.1
    ESET Online Scanner v3
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB981793)
    hp instant support
    HP Memories Disc
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 1200 series
    hp psc 1200 series
    IrfanView (remove only)
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java(TM) 6 Update 22
    K-Lite Mega Codec Pack 6.0.4
    Logitech Desktop Messenger
    Logitech QuickCam
    Logitech® Camera Driver
    Macromedia Flash Player
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Office XP Media Content
    Microsoft Office XP Small Business
    Microsoft Outlook Personal Folders Backup
    Microsoft Reader
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.13)
    MVision
    NETGEAR Wireless PCI Adapter
    NTI CD-Maker 2000 Plus
    NVIDIA Windows 2000/XP Display Drivers
    OGA Notifier 2.0.0048.0
    Photosmart 130,230,7150,7345,7350,7550 (Remove only)
    Plaxo
    QuickBooks Premier Edition 2005
    RealPlayer
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB981957)
    Skype&#8482; 4.1
    Spybot - Search & Destroy
    TurboProject Deluxe v.4
    UDA Construction Office 2003
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB976662)
    WebFldrs XP
    Webshots Desktop
    WinASO Registry Optimizer 4.5.3
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinRAR archiver
    Yahoo! Messenger Explorer Bar
    ==== Event Viewer Messages From Past Week ========
    1/8/2011 11:53:18 PM, error: Print [6161] - The document Microsoft Word - New Microsoft Word Document.doc owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 153716. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
    1/8/2011 11:53:02 PM, error: Print [6161] - The document Microsoft Word - New Microsoft Word Document.doc owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 154500. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
    1/8/2011 11:49:20 PM, error: Print [6161] - The document FW: Confirmed Reservation Standard IT# 1682906 FRENCH - Outlook Web Access Light owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 1096736. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
    1/8/2011 11:47:54 PM, error: Print [6161] - The document FW: Confirmed Reservation Standard IT# 1682906 FRENCH - Outlook Web Access Light owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 589824. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
    1/8/2011 11:09:59 AM, error: Print [6161] - The document Microsoft Word - 10 Amazing Little Heroes.doc owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 549364. Number of bytes printed: 0. Total number of pages in the document: 9. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
    1/8/2011 11:06:28 AM, error: Print [6161] - The document Microsoft Word - 10 Amazing Little Heroes.doc owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 370104. Number of bytes printed: 0. Total number of pages in the document: 8. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
    1/8/2011 11:03:54 AM, error: Print [6161] - The document Microsoft Word - 10 Amazing Little Heroes.doc owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
    1/5/2011 9:26:11 PM, error: Print [6161] - The document Microsoft Word - 10 Amazing Little Heroes.doc owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
    1/5/2011 8:15:04 PM, error: Print [6161] - The document Test Page owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 78048. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
    1/5/2011 8:10:24 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
    1/5/2011 8:10:24 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
    1/5/2011 7:11:40 AM, error: Print [6161] - The document Sallie Mae Manage Your Loans - Pay now: Payment confirmation owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 589824. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
    1/5/2011 7:09:14 AM, error: Print [6161] - The document Sallie Mae Manage Your Loans - Pay now: Payment confirmation owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 529264. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
    1/5/2011 6:58:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/5/2011 6:58:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    1/5/2011 6:53:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/5/2011 6:51:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
    1/5/2011 5:57:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    1/5/2011 5:54:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a2injectiondriver AFD cmdGuard Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
    1/5/2011 5:54:11 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
    1/5/2011 5:54:11 PM, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.
    1/5/2011 5:54:11 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/5/2011 5:54:11 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/5/2011 5:54:11 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
    1/11/2011 11:01:58 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a2injectiondriver cmdGuard Fips intelppm SASDIFSV SASKUTIL
    ==== End Of File ===========================
     
  5. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya blu47,

    I'm kevinf80 and I will be helping with any malware issues you may have with your system.
    • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
    • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
    • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
    • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
    • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.

    If you are using Spybots Teatimer please turn it off as it will definitely interfere with any tools we try to run:

    1) Open Spybot-S&D
    2) Go to the Mode menu, and make sure "Advanced Mode" is selected
    3) On the left hand side, choose Tools -> Resident
    4) Uncheck "Resident TeaTimer" and OK any prompts
    5) Restart your computer.

    Then proceed as follows please :-

    Step 1

    Please download OTM by OldTimer.
    Alternative Mirror
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
    • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      -------------------------------------------------------------------

      :Files
      ipconfig /flushdns /c
      :Commands
      [Purity]
      [EmptyFlash]
      [EmptyTemp]
      [ResetHosts]

      ---------------------------------------------------------------------
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.

    Step 2

    Delete any versions of Combofix you have on your Desktop and download a fresh version from one of the following links:

    Link 1
    Link 2

    Don`t forget Combofix must be saved to your desktop. <--Very important

    Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

    Double click on the Combofix icon to start the scan, Vista and Windows 7 users Right click and select "Run as Administrator" then follow the prompts.

    Please include the C:\ComboFix.txt in your next reply for further review.

    Examples of how to disable realtime protection available at the following link :-

    Disable realtime protection

    Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Step 3

    Download Security Check by screen317 from HERE or HERE.
    Save it to your Desktop.
    Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    What i`d like to see in your reply :-

    • Log from OTM
    • Log from Combofix
    • Log from Security Check

    Kevin...
     
  6. blu47

    blu47 Thread Starter

    Joined:
    Jan 10, 2011
    Messages:
    25
    hi Kevin, thanks for the support. I've been running everything in safe mode because the computer froze 2 days ago and will feel better when it functions properly again. Also, I did 2 scans w/ the Combofix. I downloaded the recovery console and hope that is fine. Also, combofix said comodo was enabled but I could not find it running in the processes list. Another thing, I noticed is that 2 user accounts are showing up on the computer when they have been inactive for over 4 years. I even found a strange txt file that should not be on the computer labeled, "SUPERANTISPYWARE-11-4-2010( 13-47-38 ).LOG"

    1st log requested w/ OTMoveIt3
    All processes killed
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Admin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Admin.PRESTIGE-SYS4
    ->Temp folder emptied: 2387782 bytes
    ->Temporary Internet Files folder emptied: 79240846 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 77426773 bytes
    ->Flash cache emptied: 2778 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 3444288 bytes
    ->Flash cache emptied: 1290 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Elsa
    ->Temp folder emptied: 1358116 bytes
    ->Temporary Internet Files folder emptied: 360582 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 97707146 bytes
    ->Flash cache emptied: 16065 bytes

    User: Jason

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Tom
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->FireFox cache emptied: 43028882 bytes
    ->Flash cache emptied: 1030 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1197825 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 50369856 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 94149960 bytes

    Total Files Cleaned = 430.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTM by OldTimer - Version 3.1.17.2 log created on 11262010_114618


    1st scan using combofix.
    ComboFix 09-09-25.01 - Admin 01/13/2011 12:34.16.1 - NTFSx86 MINIMAL
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.608 [GMT -9:00]
    Running from: c:\documents and settings\Admin.PRESTIGE-SYS4\My Documents\Downloads\ComboFix.exe
    AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
    .
    2011-01-11 20:52 . 2011-01-11 20:52 -------- d-----w- c:\program files\ESET
    2011-01-06 04:01 . 2011-01-06 04:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-12 02:52 . 2007-04-12 00:35 -------- d-----w- c:\program files\Bodog Poker
    2011-01-11 20:02 . 2006-04-04 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2011-01-11 02:47 . 2010-12-11 03:43 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
    2011-01-06 02:24 . 2010-12-11 02:51 -------- d-----w- c:\program files\Emsisoft Anti-Malware
    2011-01-05 04:32 . 2010-07-15 00:59 -------- d-----w- c:\documents and settings\Elsa\Application Data\QuickScan
    2011-01-04 00:47 . 2010-11-25 03:12 -------- d-----w- c:\program files\Lavasoft Ad-Aware
    2011-01-04 00:05 . 2008-08-10 04:25 -------- d-----w- c:\documents and settings\Admin.PRESTIGE-SYS4\Application Data\SUPERAntiSpyware.com
    2010-12-25 18:46 . 2008-02-04 05:29 67928 ----a-w- c:\documents and settings\Elsa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-12-21 21:39 . 2010-11-25 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2010-12-21 03:09 . 2010-11-17 20:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 03:08 . 2010-11-17 20:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-18 00:42 . 2005-03-03 20:25 -------- d-----w- c:\program files\Google
    2010-12-11 03:44 . 2010-12-11 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
    2010-12-11 03:26 . 2010-12-11 03:26 -------- d-----w- c:\program files\COMODO
    2010-12-11 02:36 . 2006-03-01 19:37 -------- d-----w- c:\program files\Common Files\Java
    2010-12-11 02:35 . 2010-12-11 02:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-11 02:35 . 2006-03-01 19:39 -------- d-----w- c:\program files\Java
    2010-12-09 06:31 . 2010-12-09 06:31 -------- d-----w- c:\program files\Panda Security
    2010-12-09 06:22 . 2003-05-20 19:47 -------- d-----w- c:\program files\Radio Free Virgin Player
    2010-12-02 17:42 . 2010-11-25 03:42 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-11-26 05:26 . 2010-06-28 01:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-26 05:00 . 2004-04-09 22:09 67928 ----a-w- c:\documents and settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-11-25 03:39 . 2010-11-25 03:39 -------- d-----w- c:\program files\Hitman Pro 3.5
    2010-11-18 15:46 . 2010-04-16 02:28 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-11-17 20:22 . 2010-11-17 20:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-11-13 03:54 . 2010-03-23 21:48 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-11 2500552]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
    "HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
    c:\documents and settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup\
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-4-22 45056]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ %I
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\winlogon.exe"=
    "c:\\Program Files\\NETGEAR\\Wireless Smart Configuration\\Utility\\NetgearAG.exe"=
    "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\WINDOWS\\system32\\logonui.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\kav\\kav7\\setup.exe"=
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [9/10/2010 11:40 PM 15592]
    S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [1/5/2011 9:09 AM 41928]
    S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [1/5/2011 9:09 AM 11776]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 11:40 PM 239240]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/28/2008 9:33 AM 8944]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 9:33 AM 55024]
    S2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [9/22/2003 10:08 AM 51200]
    S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [1/5/2011 9:09 AM 72808]
    S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [10/6/2003 7:34 AM 16194]
    S3 NDISKIO;NDISKIO;\??\c:\docume~1\ADMIN~1.PRE\LOCALS~1\Temp\00000705.nmc\nse\bin\ndiskio.sys --> c:\docume~1\ADMIN~1.PRE\LOCALS~1\Temp\00000705.nmc\nse\bin\ndiskio.sys [?]
    S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\drivers\wg311nd5.sys [10/6/2003 7:34 AM 307904]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 9:33 AM 7408]
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{622C3E8E-6F9A-4625-BE57-AE60FAF3040A}]
    rundll32 mvvy5.dll,laspi
    .
    Contents of the 'Scheduled Tasks' folder
    2005-08-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8115658956.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]
    2010-11-25 c:\windows\Tasks\HP Usg Login.job
    - c:\program files\hp photosmart 11\printer\Hphusg04.exe [2007-12-12 19:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    TCP: {9F3269FD-46B5-4252-A9DA-58CF96C69347} = 156.154.70.22,156.154.71.22
    TCP: {E26442D6-73FF-4322-A260-45EFC8BFC03F} = 156.154.70.22,156.154.71.22
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: Microsoft XML Parser for Java
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-13 12:35
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(2016)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2011-01-13 12:40
    ComboFix-quarantined-files.txt 2011-01-13 21:40
    ComboFix2.txt 2011-01-06 03:55
    ComboFix4.txt 2010-12-22 03:07
    Pre-Run: 23,420,710,912 bytes free
    Post-Run: 23,381,286,912 bytes free
    140 --- E O F --- 2010-12-12 04:34


    2nd scan --
    ComboFix 11-01-12.04 - Admin 01/13/2011 13:05:11.17.1 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.599 [GMT -9:00]
    Running from: c:\documents and settings\Admin.PRESTIGE-SYS4\Desktop\FixCO.exe
    AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\windows\system32\_000008_.tmp.dll
    c:\windows\system32\fscd.txt
    c:\windows\system32\idm.txt
    c:\windows\system32\svae.jpg
    c:\windows\system32\Thumbs.db
    .
    ((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
    .
    2011-01-11 20:52 . 2011-01-11 20:52 -------- d-----w- c:\program files\ESET
    2011-01-06 04:01 . 2011-01-06 04:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-21 03:09 . 2010-11-17 20:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 03:08 . 2010-11-17 20:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-11 02:35 . 2010-12-11 02:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-12-11 02:35 . 2010-12-11 02:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-12-02 17:42 . 2010-11-25 03:42 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-11 2500552]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
    "HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
    c:\documents and settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup\
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-4-22 45056]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    2007-07-26 01:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2007-07-26 01:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 20:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2008-05-28 18:33 1506544 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\NETGEAR\\Wireless Smart Configuration\\Utility\\NetgearAG.exe"=
    "c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\kav\\kav7\\setup.exe"=
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [9/10/2010 11:40 PM 15592]
    S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [1/5/2011 9:09 AM 41928]
    S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [1/5/2011 9:09 AM 11776]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 11:40 PM 239240]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/28/2008 9:33 AM 8944]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 9:33 AM 55024]
    S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [1/5/2011 9:09 AM 2849784]
    S2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [9/22/2003 10:08 AM 51200]
    S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [1/5/2011 9:09 AM 72808]
    S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [10/6/2003 7:34 AM 16194]
    S3 NDISKIO;NDISKIO;\??\c:\docume~1\ADMIN~1.PRE\LOCALS~1\Temp\00000705.nmc\nse\bin\ndiskio.sys --> c:\docume~1\ADMIN~1.PRE\LOCALS~1\Temp\00000705.nmc\nse\bin\ndiskio.sys [?]
    S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\drivers\wg311nd5.sys [10/6/2003 7:34 AM 307904]
    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 9:33 AM 7408]
    .
    Contents of the 'Scheduled Tasks' folder
    2005-08-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8115658956.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]
    2010-11-25 c:\windows\Tasks\HP Usg Login.job
    - c:\program files\hp photosmart 11\printer\Hphusg04.exe [2007-12-12 19:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    TCP: {9F3269FD-46B5-4252-A9DA-58CF96C69347} = 156.154.70.22,156.154.71.22
    TCP: {E26442D6-73FF-4322-A260-45EFC8BFC03F} = 156.154.70.22,156.154.71.22
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: Microsoft XML Parser for Java
    .
    .
    ------- File Associations -------
    .
    JSEFile=NOTEPAD.EXE %1
    .
    - - - - ORPHANS REMOVED - - - -
    MSConfigStartUp-HPHUPD04 - c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
    HKLM_ActiveSetup-{622C3E8E-6F9A-4625-BE57-AE60FAF3040A} - mvvy5.dll

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-13 13:15
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(1752)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2011-01-13 13:22:46 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-13 22:22
    ComboFix2.txt 2011-01-13 21:40
    ComboFix3.txt 2011-01-06 03:55
    ComboFix4.txt 2010-12-22 03:07
    ComboFix5.txt 2011-01-13 22:01
    Pre-Run: 23,366,660,096 bytes free
    Post-Run: 23,289,241,600 bytes free
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
    - - End Of File - - 0274731195209B616E2EFB74F5A18FE0
     
  7. blu47

    blu47 Thread Starter

    Joined:
    Jan 10, 2011
    Messages:
    25
    Results of screen317's Security Check version 0.99.7
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    ESET Online Scanner v3
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    CCleaner
    Java(TM) 6 Update 22
    Adobe Flash Player 10.1.102.64
    Adobe Reader 7.0.7
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.13)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    ``````````End of Log````````````
     
  8. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya blu47,

    I see you`ve actually ran Combofix 17 times, and it is now re-named as FixCO.exe Why did you not just follow my instructions?

    Proceed as follows :-

    Step 1

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the Codebox below into it:

    Code:
    KillAll::
    
    File::
    c:\windows\system32\drivers\hitmanpro35.sys
    c:\program files\SUPERAntiSpyware\SASENUM.SYS
    c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
    c:\program files\SUPERAntiSpyware\sasdifsv.sys
    Folder::
    c:\program files\SUPERAntiSpyware
    Driver::
    SASDIFSV
    SASKUTIL
    NDISKIO
    SASENUM
    
    Save this as CFScript.txt, in the same location as ComboFix.exe (you`ve re-named it)

    [​IMG]

    [​IMG]

    Refering to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    Step2

    Run ESET Online Scan
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    • Click the [​IMG] button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the [​IMG] icon on your desktop.
    • Check [​IMG]
    • Click the [​IMG] button.
    • Accept any security warnings from your browser.
    • Check [​IMG]
    • Leave the tick out of remove found threats
    • Push the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push [​IMG]
    • Push [​IMG], and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the [​IMG] button.
    • Push [​IMG]
    You can refer to this animation by neomage if needed.
    Frequently asked questions available Here Please read them before running the scan.

    Also be aware this scan can take several hours to complete depending on the size of your
    system.

    Let me see the new Combofix log and the log from ESET in reply please.

    Kevin
     
  9. blu47

    blu47 Thread Starter

    Joined:
    Jan 10, 2011
    Messages:
    25
    ComboFix 11-01-12.04 - Admin 01/13/2011 15:10:58.18.1 - x86 NETWORK
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.575 [GMT -9:00]
    Running from: c:\documents and settings\Admin.PRESTIGE-SYS4\Desktop\FixCO.exe
    Command switches used :: c:\documents and settings\Admin.PRESTIGE-SYS4\Desktop\CFScript.txt
    AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    FILE ::
    "c:\program files\SUPERAntiSpyware\sasdifsv.sys"
    "c:\program files\SUPERAntiSpyware\SASENUM.SYS"
    "c:\program files\SUPERAntiSpyware\SASKUTIL.SYS"
    "c:\windows\system32\drivers\hitmanpro35.sys"
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    c:\program files\SUPERAntiSpyware
    c:\program files\SUPERAntiSpyware\BootSafe.exe
    c:\program files\SUPERAntiSpyware\detect.wav
    c:\program files\SUPERAntiSpyware\deupx.dll
    c:\program files\SUPERAntiSpyware\msvcr71.dll
    c:\program files\SUPERAntiSpyware\Plugins\sab_incr.dll
    c:\program files\SUPERAntiSpyware\Plugins\sab_mapi.dll
    c:\program files\SUPERAntiSpyware\Plugins\sab_wab.dll
    c:\program files\SUPERAntiSpyware\PROCESSLIST.DB
    c:\program files\SUPERAntiSpyware\PROCESSLISTRELATED.DB
    c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
    c:\program files\SUPERAntiSpyware\sasdifsv.sys
    c:\program files\SUPERAntiSpyware\SASENUM.SYS
    c:\program files\SUPERAntiSpyware\SASINST.EXE
    c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
    c:\program files\SUPERAntiSpyware\SASREPAIRS.STG
    c:\program files\SUPERAntiSpyware\SASSEH.DLL
    c:\program files\SUPERAntiSpyware\SASWINLO.dll
    c:\program files\SUPERAntiSpyware\SSUpdate.exe
    c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.chm
    c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    c:\windows\system32\drivers\hitmanpro35.sys
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    -------\Legacy_NDISKIO
    -------\Legacy_SASDIFSV
    -------\Legacy_SASENUM
    -------\Legacy_SASKUTIL
    -------\Service_NDISKIO
    -------\Service_SASDIFSV
    -------\Service_SASENUM
    -------\Service_SASKUTIL

    ((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
    .
    2011-01-11 20:52 . 2011-01-11 20:52 -------- d-----w- c:\program files\ESET
    2011-01-06 04:01 . 2011-01-06 04:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-12-21 03:09 . 2010-11-17 20:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-12-21 03:08 . 2010-11-17 20:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-12-11 02:35 . 2010-12-11 02:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-12-11 02:35 . 2010-12-11 02:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-11 2500552]
    "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
    "HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
    c:\documents and settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup\
    Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-4-22 45056]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
    2007-07-26 01:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2007-07-26 01:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 20:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\NETGEAR\\Wireless Smart Configuration\\Utility\\NetgearAG.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\kav\\kav7\\setup.exe"=
    R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [9/10/2010 11:40 PM 15592]
    S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [1/5/2011 9:09 AM 41928]
    S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [1/5/2011 9:09 AM 11776]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 11:40 PM 239240]
    S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [1/5/2011 9:09 AM 2849784]
    S2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [9/22/2003 10:08 AM 51200]
    S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [1/5/2011 9:09 AM 72808]
    S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [10/6/2003 7:34 AM 16194]
    S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\drivers\wg311nd5.sys [10/6/2003 7:34 AM 307904]
    .
    Contents of the 'Scheduled Tasks' folder
    2005-08-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8115658956.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]
    2010-11-25 c:\windows\Tasks\HP Usg Login.job
    - c:\program files\hp photosmart 11\printer\Hphusg04.exe [2007-12-12 19:07]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = <local>
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    TCP: {9F3269FD-46B5-4252-A9DA-58CF96C69347} = 156.154.70.22,156.154.71.22
    TCP: {E26442D6-73FF-4322-A260-45EFC8BFC03F} = 156.154.70.22,156.154.71.22
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: Microsoft XML Parser for Java
    .
    - - - - ORPHANS REMOVED - - - -
    MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-01-13 15:23
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(192)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    .
    Completion time: 2011-01-13 15:30:38 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-01-14 00:30
    ComboFix2.txt 2011-01-13 22:22
    ComboFix3.txt 2011-01-13 21:40
    ComboFix4.txt 2011-01-06 03:55
    ComboFix5.txt 2011-01-14 00:09
    Pre-Run: 23,294,963,712 bytes free
    Post-Run: 23,279,099,904 bytes free
    - - End Of File - - 9B10A5436D950F3E1E3222D925AA1015
     
  10. blu47

    blu47 Thread Starter

    Joined:
    Jan 10, 2011
    Messages:
    25
    Hello Kevin, the Combofix tried to report a suspicious file but had trouble sending to the server. It required manual upload.
    Here's the file: C:\Qoobox\Quarantine\[4]-Submit_2011-01-13_15.10.38.zip

    I do not know anything about 17 scans. I downloaded it back on the 17th of December. Downloaded again as per instructed. I even scanned Monday on day of posting in case asked for - like all the other asked for logs on this site. Also, I saw that when dealing w/ infected computer, you need to rename toolkits like GMER on download. Sorry, I did not ask nor should have assumed that was okay. I do not pretend to understand why these programs work best from the desktop instead elsewhere. Or why downloading a fresh copy (again) within 30 days timeframe is always required. But I thought I was doing all the required & unnecessary steps and did not think of stepping on any toes. Perhaps I was too impatient and assumed too much, but I never meant or intended to stray from any instructions given to me. Honestly, I can only count about 5-7 scans for last 6 weeks. I found a number of files from the scans placed in the folder, C:\QooBox. Besides the Combofix1-5 logs, I found Add-Remove Programs.txt, ComboFix-quarantined-files.txt, catchme.txt, CFScript_used_2011-01-13_15.10.38.txt

    User: Jason, User: Tom
    Again, these 2 users were removed from the computer. I do not understand why I am seeing them on here. If you wish me to show anything, I would appreciate anything you can do to correct this.

    eset online scanner log
    [email protected] as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6419
    # api_version=3.0.2
    # EOSSerial=2fd3713169a26348afca2b1d2172f8cc
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2011-01-14 04:09:58
    # local_time=2011-01-13 07:09:58 (-0900, Alaskan Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=768 16777215 100 0 9010908 9010908 0 0
    # compatibility_mode=1024 16777215 100 0 28971907 28971907 0 0
    # compatibility_mode=3073 16777190 80 92 0 9850547 0 0
    # compatibility_mode=4352 16777215 100 0 0 0 0 0
    # compatibility_mode=8192 67108863 100 0 104693 104693 0 0
    # scanned=84923
    # found=0
    # cleaned=0
    # scan_time=11583
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya blu47,

    As long as Qoobox is still installed Combofix remembers how many times it has been run. However, it only keeps a maximum 5 logs and just deletes the oldest as a new one is saved. Regarding the suspicious file upload, that is not an automated action, CF only tries to send suspicious files if instructed by a certain command when a Scriptfix is run so I`m not sure what has happened there??

    Have you received help elsewhere and Combofix was used?

    Don`t worry you are not stepping on my toes, it is a bad experience when computers are infected. I know it is frustrating waiting for help and you want to try and get things moving. Sometimes uploading multiple tools and leaving them in place can have a negative effect and compound issues already there. eg Running two Anti-virus programs together, you would think this would be twice a safe, not so. Because of how AV`s work more than one installed with realtime protection and they clash with each other and can negate security altogether.

    Regarding the regenerated accounts, have you used System Restore recently?

    Ok lets continue, i`m just trying to see exactly what we are dealing with and what is present on your system

    Can you let me see the following logs please :-

    Add-Remove Programs.txt,
    ComboFix-quarantined-files.txt,


    Also run the following scan and let me see the two produced logs:

    Download [​IMG] OTL from any of the following links and save to your Desktop:

    Link 1
    Link 2
    Link 3

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
    • Under the Custom Scan box paste this in
      Code:
            netsvcs
            drivers32
            %SYSTEMDRIVE%\*.*
            %systemroot%\*. /mp /s
            CREATERESTOREPOINT
            %systemroot%\System32\config\*.sav
            HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
            HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

    What i`d like in your reply :-

    • Add-Remove Programs.txt from Qoobox
    • ComboFix-quarantined-files.txt from Qoobox
    • OTL Txt
    • Extras Txt

    Kevin...
     
  12. blu47

    blu47 Thread Starter

    Joined:
    Jan 10, 2011
    Messages:
    25
    Hello thanks for replying back so soon. I thought I had shot myself in the foot and you were going to hold it against me. The question about the system restore is that I turned it off back when I found infected files on here. Then forgot to turn it back on. Then tried to create some. Last time I checked I was unable to do a system restore. That's all I can recall.

    I will upload the files requested in the order asked. Also, I am not seeing an Extra log so do not know what happened.

    Add-Remove Programs.txt log
    Ad-aware 5.83
    Adobe Acrobat 5.0
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 7.0.7
    Autodesk Express Viewer
    Avance AC'97 Audio
    CCleaner
    COMODO Internet Security
    DivX Plus Web Player
    Duplicate Finder
    Emsisoft Anti-Malware 5.1
    ESET Online Scanner v3
    HijackThis 2.0.2
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB981793)
    hp instant support
    HP Memories Disc
    HP Photo and Imaging 2.0 - All-in-One
    HP Photo and Imaging 2.0 - All-in-One Drivers
    HP Photo and Imaging 2.0 - hp psc 1200 series
    hp psc 1200 series
    IrfanView (remove only)
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java(TM) 6 Update 22
    K-Lite Mega Codec Pack 6.0.4
    Logitech Desktop Messenger
    Logitech QuickCam
    Logitech® Camera Driver
    Macromedia Flash Player
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2003
    Microsoft Office XP Media Content
    Microsoft Office XP Small Business
    Microsoft Outlook Personal Folders Backup
    Microsoft Reader
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.13)
    MVision
    NETGEAR Wireless PCI Adapter
    NTI CD-Maker 2000 Plus
    NVIDIA Windows 2000/XP Display Drivers
    OGA Notifier 2.0.0048.0
    Photosmart 130,230,7150,7345,7350,7550 (Remove only)
    Plaxo
    QuickBooks Premier Edition 2005
    RealPlayer
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB981957)
    Skype&#8482; 4.1
    Spybot - Search & Destroy
    TurboProject Deluxe v.4
    UDA Construction Office 2003
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB976662)
    WebFldrs XP
    Webshots Desktop
    WinASO Registry Optimizer 4.5.3
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinRAR archiver
    Yahoo! Messenger Explorer Bar
     
  13. blu47

    blu47 Thread Starter

    Joined:
    Jan 10, 2011
    Messages:
    25
    As far as the Combofix being run before. Back in January and July of last year I used it with assistance. I have not used it as you instructed w/ the CFScript file dropped on the icon. That is beyond me for now.

    ComboFix-quarantined-files.txt log
    2011-01-14 00:28:25 . 2011-01-14 00:28:25 648 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SUPERAntiSpyware.reg.dat
    2011-01-14 00:15:39 . 2011-01-14 00:15:39 2,832 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SASKUTIL.reg.dat
    2011-01-14 00:15:39 . 2011-01-14 00:15:39 2,662 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SASENUM.reg.dat
    2011-01-14 00:15:39 . 2011-01-14 00:15:39 2,684 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SASDIFSV.reg.dat
    2011-01-14 00:15:39 . 2011-01-14 00:15:39 2,982 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NDISKIO.reg.dat
    2011-01-14 00:15:38 . 2011-01-14 00:15:38 1,334 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SASKUTIL.reg.dat
    2011-01-14 00:15:38 . 2011-01-14 00:15:38 1,322 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SASENUM.reg.dat
    2011-01-14 00:15:38 . 2011-01-14 00:15:38 1,334 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SASDIFSV.reg.dat
    2011-01-14 00:15:38 . 2011-01-14 00:15:38 1,322 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NDISKIO.reg.dat
    2011-01-14 00:10:53 . 2011-01-14 00:10:55 42,319 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2011-01-13_15.10.38.zip
    2011-01-13 22:20:35 . 2011-01-13 22:20:35 261 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_ActiveSetup-{622C3E8E-6F9A-4625-BE57-AE60FAF3040A}.reg.dat
    2011-01-13 22:20:32 . 2011-01-13 22:20:32 652 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-HPHUPD04.reg.dat
    2011-01-13 22:09:14 . 2011-01-14 00:15:31 13,412 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2010-12-22 02:56:26 . 2011-01-14 00:08:57 306 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2010-11-25 03:42:09 . 2010-12-02 17:42:55 15,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\hitmanpro35.sys.vir
    2010-03-07 01:51:51 . 2010-03-07 01:51:51 5,120 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Thumbs.db.vir
    2010-01-23 01:24:52 . 2010-01-23 01:24:52 1 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fscd.txt.vir
    2010-01-23 01:24:51 . 2010-01-23 01:24:51 1 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\idm.txt.vir
    2010-01-15 01:22:23 . 2010-01-15 01:22:23 65,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\svae.jpg.vir
    2008-05-28 18:33:38 . 2008-05-28 18:33:38 7,408 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASENUM.SYS.vir
    2008-05-28 18:33:36 . 2008-05-28 18:33:36 8,944 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\sasdifsv.sys.vir
    2008-05-28 18:33:36 . 2008-05-28 18:33:36 55,024 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASKUTIL.SYS.vir
    2008-05-28 18:33:34 . 2008-05-28 18:33:34 1,506,544 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir
    2008-05-28 18:33:32 . 2008-05-28 18:33:32 158,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SSUpdate.exe.vir
    2008-05-28 18:32:56 . 2008-05-28 18:32:56 10,307,355 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\PROCESSLIST.DB.vir
    2008-05-28 18:32:46 . 2008-05-28 18:32:46 897,066 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\PROCESSLISTRELATED.DB.vir
    2008-05-13 18:13:36 . 2008-05-13 18:13:36 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASSEH.DLL.vir
    2008-03-12 19:29:50 . 2008-03-12 19:29:50 24,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASINST.EXE.vir
    2007-11-27 21:12:26 . 2007-11-27 21:12:26 1,088,725 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm.vir
    2007-10-18 21:32:34 . 2007-10-18 21:32:34 403,456 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASREPAIRS.STG.vir
    2007-10-02 22:08:48 . 2007-10-02 22:08:48 122,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\BootSafe.exe.vir
    2007-04-19 21:41:36 . 2007-04-19 21:41:36 294,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASWINLO.dll.vir
    2007-02-27 20:39:26 . 2007-02-27 20:39:26 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASCTXMN.DLL.vir
    2006-09-19 23:55:38 . 2006-09-19 23:55:38 360,448 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\deupx.dll.vir
    2004-06-03 17:24:38 . 2004-06-03 17:24:38 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\Plugins\sab_incr.dll.vir
    2004-05-20 21:28:44 . 2004-05-20 21:28:44 2,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\detect.wav.vir
    2004-05-07 23:31:40 . 2004-05-07 23:31:40 348,160 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\msvcr71.dll.vir
    2004-05-07 23:31:40 . 2004-05-07 23:31:40 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\Plugins\sab_mapi.dll.vir
    2004-05-07 23:31:40 . 2004-05-07 23:31:40 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\Plugins\sab_wab.dll.vir
    2001-08-18 12:00:00 . 2010-02-17 17:10:28 2,189,952 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000008_.tmp.dll.vir



    Code:
    OTS logfile created on: 1/14/2011 11:21:43 AM - Run 2
    OTS by OldTimer - Version 3.1.33.0     Folder = C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\COMPFolder2\2t\clean
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    767.00 Mb Total Physical Memory | 608.00 Mb Available Physical Memory | 79.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 93.00% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.27 Gb Total Space | 21.72 Gb Free Space | 58.27% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 19.13 Gb Total Space | 16.09 Gb Free Space | 84.11% Space Free | Partition Type: FAT32
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
     
    Computer Name: ACCOUNTING1
    Current User Name: Admin
    Logged in as Administrator.
     
    Current Boot Mode: SafeMode with Networking
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
     
    [Processes - Safe List]
    ots.exe -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\COMPFolder2\2t\clean\OTS.exe -> [2010/07/14 15:21:50 | 000,640,512 | ---- | M] (OldTimer Tools)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 15:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
     
    [Modules - Safe List]
    comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 07:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
    ots.exe -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\COMPFolder2\2t\clean\OTS.exe -> [2010/07/14 15:21:50 | 000,640,512 | ---- | M] (OldTimer Tools)
    msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008/04/13 15:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation)
     
    [Win32 Services - Safe List]
    (a2AntiMalware) Emsisoft Anti-Malware 5.0 - Service [Auto | Stopped] -> C:\Program Files\Emsisoft Anti-Malware\a2service.exe -> [2010/12/06 08:15:34 | 002,849,784 | ---- | M] (Emsi Software GmbH)
    (cmdAgent) COMODO Internet Security Helper Service [Auto | Stopped] -> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -> [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO)
    (LVSrvLauncher) LVSrvLauncher [Auto | Stopped] -> C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -> [2007/07/20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.)
    (LVPrcSrv) Process Monitor [Auto | Stopped] -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2007/07/20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.)
    (LVCOMSer) LVCOMSer [Auto | Stopped] -> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -> [2007/07/20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.)
    (Pml Driver HPH11) Pml Driver HPH11 [On_Demand | Stopped] -> C:\WINDOWS\system32\hphipm11.exe -> [2006/01/06 10:07:26 | 000,077,824 | ---- | M] (HP)
    (Pml Driver HPZ12) Pml Driver HPZ12 [On_Demand | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2003/03/09 11:31:02 | 000,065,795 | R--- | M] (HP)
    (PackethSvc) Virtual NIC Service [Auto | Stopped] -> C:\WINDOWS\system32\PackethSvc.exe -> [2000/12/07 15:51:56 | 000,051,200 | -H-- | M] (America Online, Inc.)
     
    [Driver Services - Safe List]
    (catchme) catchme [Kernel | On_Demand | Stopped] -> C:\FixCO\catchme.sys -> File not found
    (a2acc) a2acc [File_System | On_Demand | Stopped] -> C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -> [2010/09/19 07:57:36 | 000,072,808 | ---- | M] (Emsi Software GmbH)
    (cmdGuard) COMODO Internet Security Sandbox Driver [File_System | System | Stopped] -> C:\WINDOWS\system32\drivers\cmdGuard.sys -> [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO)
    (cmderd) COMODO Internet Security Eradication Driver [File_System | System | Running] -> C:\WINDOWS\system32\drivers\cmderd.sys -> [2010/09/10 23:40:48 | 000,015,592 | ---- | M] (COMODO)
    (a2injectiondriver) a2injectiondriver [File_System | System | Stopped] -> C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -> [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH)
    (a2util) a-squared Malware-IDS utility driver [Kernel | System | Stopped] -> C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -> [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH)
    (NwlnkIpx) NWLink IPX/SPX/NetBIOS Compatible Transport Protocol [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\nwlnkipx.sys -> [2008/04/13 09:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation)
    (gameenum) Game Port Enumerator [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gameenum.sys -> [2008/04/13 09:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation)
    (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbaudio.sys -> [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation)
    (LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LVMVdrv.sys -> [2007/07/20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.)
    (LVcKap) Logitech AEC Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Lvckap.sys -> [2007/07/20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.)
    (LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LVPr2Mon.sys -> [2007/07/18 17:42:42 | 000,025,624 | ---- | M] ()
    (LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LVUSBSta.sys -> [2007/07/18 15:44:00 | 000,041,752 | R--- | M] (Logitech Inc.)
    (PID_PEPI) Logitech QuickCam IM(PID_PEPI) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LV302V32.SYS -> [2007/07/18 15:39:15 | 001,278,104 | R--- | M] (Logitech Inc.)
    (pepifilter) Volume Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lv302af.sys -> [2007/07/18 15:39:15 | 000,013,848 | R--- | M] (Logitech Inc.)
    (motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\motmodem.sys -> [2006/12/13 16:52:50 | 000,020,992 | ---- | M] (Motorola)
    (symlcbrd) symlcbrd [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\symlcbrd.sys -> [2006/08/31 15:12:08 | 000,010,344 | ---- | M] (Symantec Corporation)
    (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\hphs2k11.sys -> [2006/01/06 10:07:27 | 000,050,276 | ---- | M] (Hewlett-Packard)
    (Dot4Usb HPH11) Dot4Usb HPH11 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\hphius11.sys -> [2006/01/06 10:07:27 | 000,018,928 | ---- | M] (HP)
    (Dot4Print HPH11) Print Class Driver for IEEE-1284.4 HPH11 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\hphipr11.sys -> [2006/01/06 10:07:27 | 000,016,112 | ---- | M] (HP)
    (Dot4 HPH11) Dot4 HPH11 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\hphid411.sys -> [2006/01/06 10:07:26 | 000,050,896 | ---- | M] (HP)
    (AFS2K) AFS2K [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\AFS2K.SYS -> [2004/10/07 16:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.)
    (ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2004/08/03 20:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.)
    (FVNETusb) Linksys Wireless-B USB Network Adapter v2.8 Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\vnet558x.sys -> [2003/06/12 00:56:44 | 000,098,304 | R--- | M] (ATMEL)
    (nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2003/05/02 14:19:00 | 001,312,555 | ---- | M] (NVIDIA Corporation)
    (NETGEAR_WG311_SERVICE) NETGEAR WG311 Wireless PCI Adapter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wg311nd5.sys -> [2003/03/17 19:27:50 | 000,307,904 | ---- | M] (Atheros Communications, Inc.)
    (AN983) ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\an983.sys -> [2002/08/28 20:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.)
    (AWINDIS5) AWINDIS5 Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\AWINDIS5.SYS -> [2002/04/11 16:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.)
    (ALCXWDM) Service for Avance AC97 Audio (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2002/04/08 16:36:18 | 000,305,100 | ---- | M] (Avance Logic, Inc.)
    (NTIDrvr) Upper Class Filter Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NTIDrvr.sys -> [2002/03/28 02:05:00 | 000,006,016 | ---- | M] (NewTech Infosystems, Inc.)
    (NwlnkNb) NWLink NetBIOS [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\nwlnknb.sys -> [2001/08/18 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation)
    (NwlnkSpx) NWLink SPX/SPXII Protocol [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\nwlnkspx.sys -> [2001/08/18 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation)
    (HCF_MSFT) HCF_MSFT [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HCF_MSFT.sys -> [2001/08/17 12:28:02 | 000,907,456 | ---- | M] (Conexant)
    (nv4) nv4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4.sys -> [2001/08/17 03:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation)
    (wandrv) WAN Network Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wandrv.sys -> [2000/12/03 09:35:58 | 000,022,640 | ---- | M] (America Online, Inc.)
     
    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
    HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> [URL]http://www.google.com/ie[/URL] -> 
    < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
    HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
    HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> [URL]http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8[/URL] -> 
    HKEY_CURRENT_USER\: Main\\"Start Page" -> [URL]http://www.msn.com/[/URL] -> 
    HKEY_CURRENT_USER\: SearchURL\\"" -> [URL]http://www.google.com/search?q=%s[/URL] -> 
    HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
    HKEY_CURRENT_USER\: "ProxyOverride" -> <local> -> 
    < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\FireFox\Profiles\r87okycu.default\prefs.js -> 
    browser.search.defaultenginename -> "Yahoo! Search" ->
    browser.search.selectedEngine -> "Yahoo! Search" ->
    browser.search.update -> false ->
    browser.startup.homepage -> "[URL]http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official[/URL]" ->
    extensions.enabledItems -> {CDD6DF24-B2F3-4780-B57C-C984430DAB3D}:1.9.1 ->
    extensions.enabledItems -> {6BBB6066-4F46-4CCE-9540-25178C5ED123}:1.9.1 ->
    extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
    extensions.enabledItems -> [EMAIL="[email protected]:1.0"][email protected]:1.0[/EMAIL] ->
    extensions.enabledItems -> {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9.3 ->
    extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 ->
    keyword.URL -> "[URL]http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p[/URL]=" ->
    network.proxy.no_proxies_on -> "127.0.0.1" ->
    network.proxy.type -> 4 ->
    < FireFox Settings [User.js] > -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\FireFox\Profiles\r87okycu.default\user.js -> 
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\Firefox\Extensions ->  -> 
    HKLM\software\mozilla\Firefox\Extensions\\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D} -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D} [C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D}] -> [2010/01/22 16:48:14 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\{6BBB6066-4F46-4CCE-9540-25178C5ED123} -> C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{6BBB6066-4F46-4CCE-9540-25178C5ED123}\ [C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{6BBB6066-4F46-4CCE-9540-25178C5ED123}\] -> [2010/01/28 15:20:31 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions ->  -> 
    HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/12/15 13:57:07 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/12/15 13:57:06 | 000,000,000 | ---D | M]
    HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
    < FireFox Extensions [User Folders] > -> 
      -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Extensions -> [2008/08/29 11:50:40 | 000,000,000 | ---D | M]
      -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions -> [2011/01/03 12:30:18 | 000,000,000 | ---D | M]
    Session Manager   -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} -> [2010/12/15 13:57:33 | 000,000,000 | ---D | M]
    DownloadHelper   -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2010/12/16 18:01:45 | 000,000,000 | ---D | M]
    < FireFox Extensions [Program Folders] > -> 
      -> C:\Program Files\Mozilla Firefox\extensions -> [2011/01/03 12:30:18 | 000,000,000 | ---D | M]
    Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/12/10 17:36:13 | 000,000,000 | ---D | M]
    < HOSTS File > ([2011/01/13 15:23:18 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
    Reset Hosts
    127.0.0.1       localhost
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2006/01/12 19:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
    ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
    "COMODO Internet Security" -> C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ["C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h] -> [2010/09/10 23:41:20 | 002,500,552 | ---- | M] (COMODO)
    "HPDJ Taskbar Utility" -> C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe] -> [2006/01/06 10:07:25 | 000,188,416 | ---- | M] (HP)
    "HPHmon04" -> C:\WINDOWS\system32\hphmon04.exe [C:\WINDOWS\system32\hphmon04.exe] -> [2006/01/06 10:07:25 | 000,348,160 | ---- | M] (Hewlett-Packard)
    < Admin.PRESTIGE-SYS4 Startup Folder > -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup -> 
    C:\Documents and Settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup\Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe -> [2003/10/30 12:50:22 | 000,045,056 | ---- | M] ()
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
    < Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
    \Main\\"DisableFirstRunCustomize" ->  [1] -> File not found
    < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    [URL="file://\\"NoDriveAutoRun"]\\"NoDriveAutoRun[/URL]" ->  [67108863] -> File not found
    [URL="file://\\"NoDriveTypeAutoRun"]\\"NoDriveTypeAutoRun[/URL]" ->  [323] -> File not found
    [URL="file://\\"HonorAutoRunSetting"]\\"HonorAutoRunSetting[/URL]" ->  [1] -> File not found
    [URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    [URL="file://\\"NoDriveTypeAutoRun"]\\"NoDriveTypeAutoRun[/URL]" ->  [323] -> File not found
    [URL="file://\\"NoNetHood"]\\"NoNetHood[/URL]" ->  [0] -> File not found
    [URL="file://\\"NoDriveAutoRun"]\\"NoDriveAutoRun[/URL]" ->  [67108863] -> File not found
    [URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
    < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
    E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> [2010/04/15 18:32:54 | 009,361,232 | R--- | M] (Microsoft Corporation)
    Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html] -> File not found
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
    {4528BBE0-4E08-11D5-AD55-00010333D0AD}:{4C171D40-8277-11D5-AD55-00010333D0AD} [HKLM] -> Reg Error: Key error. [Button: Messenger] -> File not found
    {4528BBE0-4E08-11D5-AD55-00010333D0AD}:{4C171D40-8277-11D5-AD55-00010333D0AD} [HKLM] -> Reg Error: Key error. [Menu: Yahoo! Messenger] -> File not found
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
    {F47C1DB5-ED21-4dc1-853E-D1495792D4C5}:Exec [HKLM] -> C:\Program Files\Bodog Poker\BPGame.exe [Button: Bodog Poker] -> File not found
    < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
    CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] ->  [Messenger] -> File not found
    CmdMapping\\"{9239E4EC-C9A6-11D2-A844-00C04F68D538}" [HKLM] ->  [Reg Error: Key error.] -> File not found
    CmdMapping\\"{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}" [HKLM] -> C:\Program Files\Bodog Poker\BPGame.exe [Bodog Poker] -> File not found
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7595 domain(s) found. -> 
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
    < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7582 domain(s) found. -> 
      .[msn] -> My Computer -> 
    < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
    {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> [URL]http://go.microsoft.com/fwlink/?linkid=39204[/URL] [Windows Genuine Advantage Validation Tool] -> 
    {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> [URL]http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab[/URL] [BDSCANONLINE Control] -> 
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> [URL]http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215493224746[/URL] [MUWebControl Class] -> 
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab[/URL] [Java Plug-in 1.6.0_22] -> 
    {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> [URL]http://ax.emsisoft.com/asquared.cab[/URL] [a-squared Scanner] -> 
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/URL] [Java Plug-in 1.5.0_06] -> 
    {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[/URL] [Java Plug-in 1.5.0_09] -> 
    {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab[/URL] [Java Plug-in 1.6.0_22] -> 
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab[/URL] [Java Plug-in 1.6.0_22] -> 
    {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> [URL]http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/URL] [Shockwave Flash Object] -> 
    {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [HKLM] -> [URL]http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5183/mcfscan.cab[/URL] [McFreeScan Class] -> 
    Microsoft XML Parser for Java [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
    DhcpNameServer -> 209.165.131.12 209.165.131.13 -> 
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
    {9F3269FD-46B5-4252-A9DA-58CF96C69347}\\DhcpNameServer -> 209.165.131.12 209.165.131.13   (Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)) -> 
    {9F3269FD-46B5-4252-A9DA-58CF96C69347}\\NameServer -> 156.154.70.22,156.154.71.22   (Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)) -> 
    {E26442D6-73FF-4322-A260-45EFC8BFC03F}\\NameServer -> 156.154.70.22,156.154.71.22   (NETGEAR WG311 802.11g Wireless PCI Adapter) -> 
    IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
    "Use My Stylesheet" -> Reg Error: Invalid data type.
    "User Stylesheet" -> 
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
    Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 15:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> -> 
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> [2008/02/29 22:19:59 | 000,067,128 | ---- | M] (Logitech Inc.)
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
    "C:\kav\kav7\setup.exe" -> C:\kav\kav7\setup.exe [C:\kav\kav7\setup.exe:*:Disabled:Kaspersky Anti-Virus 7.0 Setup] -> [2008/02/08 10:04:44 | 000,072,264 | ---- | M] (Kaspersky Lab)
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger] -> [2008/02/29 22:19:59 | 000,067,128 | ---- | M] (Logitech Inc.)
    "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware] -> [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation)
    "C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" -> C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe [C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe:*:Enabled:NetgearAG] -> [2003/05/16 12:59:24 | 000,389,120 | ---- | M] ()
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 -> 
    "DisplayName" -> CD-ROM Driver -> 
    "ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > ->  -> 
    C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2002/09/18 11:33:30 | 000,000,000 | ---- | M] ()
    E:\AUTOEXEC.BAT [SET BLASTER=A220 I7 D1 H7 P330 T6 | SET SBPCI=C:\SBPCI |                                                                                                                                                                                            | ] -> E:\AUTOEXEC.BAT [ FAT32 ] -> [2002/09/18 13:43:36 | 000,000,243 | ---- | M] ()
    E:\autoexec.nav [REM [Header] | @ECHO OFF |                                |                                                    |                                            |          |             |                                         |                    |         |                                    |                                |  | REM [CD-ROM Drive] |  | REM [Miscellaneous] |  | REM [Display] |  | ] -> E:\autoexec.nav [ FAT32 ] -> [2000/04/07 09:02:10 | 000,000,378 | ---- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
    comfile [open] -> "%1" %* -> 
    exefile [open] -> "%1" %* -> 
    < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
    .com [@ = ComFile] -> "%1" %* -> 
    .exe [@ = exefile] -> "%1" %* -> 
     
     
    [Files/Folders - Created Within 30 Days]
     CFlogs -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\CFlogs -> [2011/01/13 16:41:06 | 000,000,000 | ---D | C]
     RECYCLER -> C:\RECYCLER -> [2011/01/13 15:50:24 | 000,000,000 | -HSD | C]
     Recent -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Recent -> [2011/01/13 15:50:22 | 000,000,000 | RH-D | C]
     temp -> C:\WINDOWS\temp -> [2011/01/13 15:17:23 | 000,000,000 | ---D | C]
     FixCO -> C:\FixCO -> [2011/01/13 15:08:55 | 000,000,000 | ---D | C]
     cmdcons -> C:\cmdcons -> [2011/01/13 13:03:41 | 000,000,000 | RHSD | C]
     ESET -> C:\Program Files\ESET -> [2011/01/11 11:52:12 | 000,000,000 | ---D | C]
     Anti-Malware -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\Anti-Malware -> [2011/01/05 09:09:09 | 000,000,000 | ---D | C]
     SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/12/17 21:13:05 | 000,161,792 | ---- | C] (SteelWerX)
     NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/12/17 21:13:05 | 000,031,232 | ---- | C] (NirSoft)
     SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/12/17 21:13:04 | 000,212,480 | ---- | C] (SteelWerX)
     SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/12/17 21:13:04 | 000,136,704 | ---- | C] (SteelWerX)
     
    [Files/Folders - Modified Within 30 Days]
     wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/01/14 11:04:59 | 000,002,422 | ---- | M] ()
     bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/01/14 11:04:13 | 000,002,048 | --S- | M] ()
     SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2011/01/13 22:09:43 | 000,000,006 | -H-- | M] ()
     ntuser.dat -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\ntuser.dat -> [2011/01/13 21:57:27 | 009,175,040 | ---- | M] ()
     ntuser.ini -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\ntuser.ini -> [2011/01/13 21:57:27 | 000,000,278 | -HS- | M] ()
     IconCache.db -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\IconCache.db -> [2011/01/13 21:57:21 | 004,768,744 | -H-- | M] ()
     system.ini -> C:\WINDOWS\system.ini -> [2011/01/13 15:23:33 | 000,000,227 | ---- | M] ()
     hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2011/01/13 15:23:18 | 000,000,027 | ---- | M] ()
     CF-Submit.htm -> C:\CF-Submit.htm -> [2011/01/13 15:10:55 | 000,001,224 | ---- | M] ()
     SecurityCheck.exe -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\SecurityCheck.exe -> [2011/01/13 13:41:25 | 000,879,028 | ---- | M] ()
     boot.ini -> C:\boot.ini -> [2011/01/13 13:03:50 | 000,000,327 | RHS- | M] ()
     ComboFix.exe -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\ComboFix.exe -> [2011/01/13 12:55:06 | 004,154,145 | R--- | M] ()
     esetonline.JPG -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\esetonline.JPG -> [2011/01/11 16:16:33 | 000,046,797 | ---- | M] ()
     dds.pif -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\dds.pif -> [2011/01/11 12:39:03 | 000,624,640 | ---- | M] ()
     Webshots for Admin.bmp -> C:\WINDOWS\Webshots for Admin.bmp -> [2011/01/10 19:01:35 | 002,359,350 | ---- | M] ()
     sfi.dat -> C:\WINDOWS\System32\drivers\sfi.dat -> [2011/01/10 17:47:37 | 001,474,832 | ---- | M] ()
     ntuser.dat.bak -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\ntuser.dat.bak -> [2011/01/08 14:09:01 | 009,437,184 | ---- | M] ()
     RegDefrag.ini -> C:\WINDOWS\RegDefrag.ini -> [2011/01/08 13:53:06 | 000,000,058 | ---- | M] ()
     hpfr5550.xml -> C:\hpfr5550.xml -> [2011/01/05 21:18:54 | 000,000,561 | ---- | M] ()
     hpfsched.ini -> C:\WINDOWS\hpfsched.ini -> [2011/01/05 21:16:56 | 000,000,034 | ---- | M] ()
     cc_20110105_194150.reg -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20110105_194150.reg -> [2011/01/05 19:41:54 | 000,005,292 | ---- | M] ()
     DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/01/05 17:24:53 | 000,012,800 | ---- | M] ()
     cc_20101223_161006.reg -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101223_161006.reg -> [2010/12/23 16:10:09 | 000,004,844 | ---- | M] ()
     FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/12/21 17:52:50 | 000,260,640 | ---- | M] ()
     mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
     mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation)
     Boot.bak -> C:\Boot.bak -> [2010/12/19 12:28:00 | 000,000,211 | ---- | M] ()
     win.ini -> C:\WINDOWS\win.ini -> [2010/12/19 12:28:00 | 000,000,173 | ---- | M] ()
     Shortcut to ComboFix.exe.lnk -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\Shortcut to ComboFix.exe.lnk -> [2010/12/18 14:25:58 | 000,000,985 | ---- | M] ()
     hosts.20110111-110448.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20110111-110448.backup -> [2010/12/17 21:24:17 | 000,000,027 | ---- | M] ()
     cc_20101217_161606.reg -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101217_161606.reg -> [2010/12/17 16:16:12 | 000,012,788 | ---- | M] ()
     
    [Files - No Company Name]
     CF-Submit.htm -> C:\CF-Submit.htm -> [2011/01/13 15:10:55 | 000,001,224 | ---- | C] ()
     SecurityCheck.exe -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\SecurityCheck.exe -> [2011/01/13 13:41:21 | 000,879,028 | ---- | C] ()
     Boot.bak -> C:\Boot.bak -> [2011/01/13 13:03:50 | 000,000,211 | ---- | C] ()
     cmldr -> C:\cmldr -> [2011/01/13 13:03:45 | 000,260,272 | RHS- | C] ()
     MBR.exe -> C:\WINDOWS\MBR.exe -> [2011/01/13 13:00:46 | 000,089,088 | ---- | C] ()
     ComboFix.exe -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\ComboFix.exe -> [2011/01/13 12:54:55 | 004,154,145 | R--- | C] ()
     esetonline.JPG -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\esetonline.JPG -> [2011/01/11 12:42:48 | 000,046,797 | ---- | C] ()
     dds.pif -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\dds.pif -> [2011/01/11 12:39:01 | 000,624,640 | ---- | C] ()
     hpfsched.ini -> C:\WINDOWS\hpfsched.ini -> [2011/01/05 21:16:56 | 000,000,034 | ---- | C] ()
     cc_20110105_194150.reg -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20110105_194150.reg -> [2011/01/05 19:41:52 | 000,005,292 | ---- | C] ()
     cc_20101223_161006.reg -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101223_161006.reg -> [2010/12/23 16:10:08 | 000,004,844 | ---- | C] ()
     Shortcut to ComboFix.exe.lnk -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\Shortcut to ComboFix.exe.lnk -> [2010/12/18 13:04:07 | 000,000,985 | ---- | C] ()
     PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/12/17 21:13:05 | 000,256,512 | ---- | C] ()
     sed.exe -> C:\WINDOWS\sed.exe -> [2010/12/17 21:13:05 | 000,098,816 | ---- | C] ()
     grep.exe -> C:\WINDOWS\grep.exe -> [2010/12/17 21:13:05 | 000,080,412 | ---- | C] ()
     zip.exe -> C:\WINDOWS\zip.exe -> [2010/12/17 21:13:05 | 000,068,096 | ---- | C] ()
     cc_20101217_161606.reg -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101217_161606.reg -> [2010/12/17 16:16:09 | 000,012,788 | ---- | C] ()
     unrar.dll -> C:\WINDOWS\System32\unrar.dll -> [2010/06/24 10:44:22 | 000,165,376 | ---- | C] ()
     avisplitter.ini -> C:\WINDOWS\avisplitter.ini -> [2010/06/24 10:44:22 | 000,000,038 | ---- | C] ()
     xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2010/06/24 10:44:19 | 000,881,664 | ---- | C] ()
     xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2010/06/24 10:44:19 | 000,205,824 | ---- | C] ()
     ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2010/06/24 10:44:19 | 000,000,547 | ---- | C] ()
     ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2010/06/24 10:44:18 | 000,108,032 | ---- | C] ()
     RegDefrag.ini -> C:\WINDOWS\RegDefrag.ini -> [2010/01/31 17:07:07 | 000,000,058 | ---- | C] ()
     wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/10/08 12:09:06 | 000,000,306 | ---- | C] ()
     OGACheckControl.dll -> C:\WINDOWS\System32\OGACheckControl.dll -> [2009/08/03 15:07:42 | 000,403,816 | ---- | C] ()
     mfc45.dll -> C:\WINDOWS\System32\mfc45.dll -> [2008/09/07 12:52:43 | 000,074,703 | ---- | C] ()
     thxcfg.ini -> C:\WINDOWS\System32\thxcfg.ini -> [2008/08/04 20:13:44 | 000,000,032 | ---- | C] ()
     streamhlp.dll -> C:\WINDOWS\System32\streamhlp.dll -> [2008/07/05 20:07:24 | 000,059,392 | R--- | C] ()
     lvcoinst.ini -> C:\WINDOWS\System32\lvcoinst.ini -> [2008/02/29 22:21:02 | 000,058,163 | R--- | C] ()
     bdoscandellang.ini -> C:\WINDOWS\bdoscandellang.ini -> [2008/01/09 14:01:48 | 000,000,453 | ---- | C] ()
     hpodinet.dll -> C:\WINDOWS\System32\hpodinet.dll -> [2007/12/11 20:24:58 | 000,069,632 | ---- | C] ()
     LVPr2Mon.sys -> C:\WINDOWS\System32\drivers\LVPr2Mon.sys -> [2007/07/18 17:42:42 | 000,025,624 | ---- | C] ()
     hpqEmlsz.INI -> C:\WINDOWS\hpqEmlsz.INI -> [2006/05/19 10:12:29 | 000,000,000 | ---- | C] ()
     kodakpcd.Admin.ini -> C:\WINDOWS\kodakpcd.Admin.ini -> [2005/09/02 14:57:21 | 000,000,022 | ---- | C] ()
     hpotscl.dll -> C:\WINDOWS\System32\hpotscl.dll -> [2003/03/09 11:31:04 | 000,561,152 | ---- | C] ()
     Teneron.ini -> C:\WINDOWS\Teneron.ini -> [2003/02/18 16:17:23 | 000,000,186 | ---- | C] ()
     hpgt42.dll -> C:\WINDOWS\System32\hpgt42.dll -> [2002/10/10 16:32:20 | 000,093,696 | ---- | C] ()
     BW.ini -> C:\WINDOWS\BW.ini -> [2002/10/03 11:40:51 | 000,000,187 | ---- | C] ()
     ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2002/09/20 08:45:17 | 000,000,376 | ---- | C] ()
     avrack.ini -> C:\WINDOWS\avrack.ini -> [2002/09/18 17:08:07 | 000,000,164 | ---- | C] ()
     Owl52f.dll -> C:\WINDOWS\System32\Owl52f.dll -> [2000/10/17 16:43:12 | 000,906,784 | ---- | C] ()
     pagesync.dll -> C:\WINDOWS\System32\pagesync.dll -> [2000/09/13 18:15:38 | 000,053,248 | ---- | C] ()
     tx32.dll -> C:\WINDOWS\System32\tx32.dll -> [1999/01/04 12:25:00 | 000,375,296 | ---- | C] ()
     Ic32.ini -> C:\WINDOWS\System32\Ic32.ini -> [1998/11/04 01:20:00 | 000,000,202 | ---- | C] ()
     
    [File - Lop Check]
     iolo -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\iolo -> [2008/09/07 12:54:05 | 000,000,000 | ---D | M]
     TrojanHunter -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\TrojanHunter -> [2008/07/06 00:23:31 | 000,000,000 | ---D | M]
     Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010/09/20 16:55:17 | 000,000,000 | ---D | M]
     America Online -> C:\Documents and Settings\All Users\Application Data\America Online -> [2003/09/22 10:08:01 | 000,000,000 | ---D | M]
     avg9 -> C:\Documents and Settings\All Users\Application Data\avg9 -> [2010/07/14 16:26:57 | 000,000,000 | ---D | M]
     Hitman Pro -> C:\Documents and Settings\All Users\Application Data\Hitman Pro -> [2010/12/21 12:39:37 | 000,000,000 | ---D | M]
     IObit -> C:\Documents and Settings\All Users\Application Data\IObit -> [2010/07/15 12:24:23 | 000,000,000 | ---D | M]
     iolo -> C:\Documents and Settings\All Users\Application Data\iolo -> [2008/09/07 12:54:06 | 000,000,000 | ---D | M]
     supiyiha -> C:\Documents and Settings\All Users\Application Data\supiyiha -> [2010/01/24 15:22:54 | 000,000,000 | ---D | M]
     Temp -> C:\Documents and Settings\All Users\Application Data\Temp -> [2010/02/01 14:40:53 | 000,000,000 | ---D | M]
     vegapaye -> C:\Documents and Settings\All Users\Application Data\vegapaye -> [2010/02/01 17:58:02 | 000,000,000 | ---D | M]
     FRU Task #Hewlett-Packard#hp psc 1200 series#1115658956.job -> C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1115658956.job -> [2005/08/11 10:51:55 | 000,000,342 | ---- | M] ()
     SCHEDLGU.TXT -> C:\WINDOWS\Tasks\SCHEDLGU.TXT -> [2011/01/13 22:09:44 | 000,032,594 | ---- | M] ()
     
    [File - Purity Scan]
     
    [Custom Scans]
    < netsvcs >
    <       drivers32 >
    <       %SYSTEMDRIVE%\*.* >
     AuResult.ini -> C:\AuResult.ini -> [2010/10/10 14:02:42 | 000,000,011 | ---- | M] ()
     AUTOEXEC.BAT -> C:\AUTOEXEC.BAT -> [2002/09/18 11:33:30 | 000,000,000 | ---- | M] ()
     Boot.bak -> C:\Boot.bak -> [2010/12/19 12:28:00 | 000,000,211 | ---- | M] ()
     boot.ini -> C:\boot.ini -> [2011/01/13 13:03:50 | 000,000,327 | RHS- | M] ()
     CF-Submit.htm -> C:\CF-Submit.htm -> [2011/01/13 15:10:55 | 000,001,224 | ---- | M] ()
     cmldr -> C:\cmldr -> [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] ()
     CONFIG.SYS -> C:\CONFIG.SYS -> [2002/09/18 11:33:30 | 000,000,000 | ---- | M] ()
     hpfr3420.xml -> C:\hpfr3420.xml -> [2007/08/31 13:06:34 | 000,000,907 | ---- | M] ()
     hpfr3425.log -> C:\hpfr3425.log -> [2007/08/31 13:06:34 | 000,394,917 | ---- | M] ()
     hpfr5550.xml -> C:\hpfr5550.xml -> [2011/01/05 21:18:54 | 000,000,561 | ---- | M] ()
     hph7350.log -> C:\hph7350.log -> [2011/01/05 21:18:54 | 000,281,034 | ---- | M] ()
     IO.SYS -> C:\IO.SYS -> [2002/09/18 11:33:30 | 000,000,000 | RHS- | M] ()
     Daron Drywall, Inc.QBB -> C:\Daron Drywall, Inc.QBB -> [2002/11/07 08:24:01 | 000,241,664 | ---- | M] ()
     MSDOS.SYS -> C:\MSDOS.SYS -> [2002/09/18 11:33:30 | 000,000,000 | RHS- | M] ()
     NTDETECT.COM -> C:\NTDETECT.COM -> [2004/10/15 08:22:58 | 000,047,564 | RHS- | M] ()
     ntldr -> C:\ntldr -> [2008/08/11 12:11:30 | 000,250,048 | RHS- | M] ()
     Pacific Rim Interiors, LLC.QBB -> C:\Pacific Rim Interiors, LLC.QBB -> [2002/11/07 08:22:16 | 001,086,976 | ---- | M] ()
     pagefile.sys -> C:\pagefile.sys -> [2011/01/14 11:03:50 | 402,653,184 | -HS- | M] ()
     PDOXUSRS.NET -> C:\PDOXUSRS.NET -> [2003/04/21 11:54:24 | 000,013,030 | ---- | M] ()
     Pres.Homes2002.QBB -> C:\Pres.Homes2002.QBB -> [2003/01/30 15:33:24 | 012,396,032 | ---- | M] ()
     TDSSKiller.2.4.12.0_23.12.2010_15.58.30_log.txt -> C:\TDSSKiller.2.4.12.0_23.12.2010_15.58.30_log.txt -> [2010/12/23 16:02:43 | 000,078,136 | ---- | M] ()
     TDSSKiller.2.4.12.0_23.12.2010_16.04.37_log.txt -> C:\TDSSKiller.2.4.12.0_23.12.2010_16.04.37_log.txt -> [2010/12/23 16:05:21 | 000,040,056 | ---- | M] ()
     TDSSKiller.2.4.12.0_31.12.2010_18.28.10_log.txt -> C:\TDSSKiller.2.4.12.0_31.12.2010_18.28.10_log.txt -> [2010/12/31 18:29:03 | 000,039,822 | ---- | M] ()
     The Terraces Subdivision, LLC 03 26 04.QBB -> C:\The Terraces Subdivision, LLC 03 26 04.QBB -> [2004/03/26 10:32:31 | 000,124,416 | ---- | M] ()
     The Terraces Subdivision, LLC.QBB -> C:\The Terraces Subdivision, LLC.QBB -> [2002/11/07 08:29:18 | 000,097,280 | ---- | M] ()
    <       %systemroot%\*. /mp /s >
    Error starting restore point: The function was called in safe mode.
    Error closing restore point: The sequence number is invalid.
    <       %systemroot%\System32\config\*.sav >
     default.sav -> C:\WINDOWS\system32\config\default.sav -> [2002/09/17 19:18:39 | 000,090,112 | ---- | M] ()
     software.sav -> C:\WINDOWS\system32\config\software.sav -> [2002/09/17 19:18:38 | 000,630,784 | ---- | M] ()
     system.sav -> C:\WINDOWS\system32\config\system.sav -> [2002/09/17 19:18:38 | 000,385,024 | ---- | M] ()
    <       HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    <       HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install ->  -> 
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime -> 2010-12-12 04:34:03 -> 
    < End of report >
    
     
  14. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    11,383
    First Name:
    Kevin
    Hiya blu47,

    If you want me to help you must follow my instructions, I asked you to run OTL and gave the relevant instructions, you actually ran OTS and it was the second run, so that tool was used previously.
    Please only do what I ask, also do not post logs in code boxes, it makes it very hard to analyze them.....

    Kevin
     
  15. blu47

    blu47 Thread Starter

    Joined:
    Jan 10, 2011
    Messages:
    25
    sorry about all that. found an older version on here. so got rid of it now. now, that i'm on the same page - is it possible to get rid of any traces of anything else run on here w/ out feeling like an idiot?

    Here's the logs requested.
    OTL logfile created on: 1/14/2011 12:58:35 PM - Run 1
    OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    767.00 Mb Total Physical Memory | 607.00 Mb Available Physical Memory | 79.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.27 Gb Total Space | 21.72 Gb Free Space | 58.27% Space Free | Partition Type: NTFS
    Drive E: | 19.13 Gb Total Space | 16.09 Gb Free Space | 84.11% Space Free | Partition Type: FAT32

    Computer Name: ACCOUNTING1 | User Name: Admin | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/14 12:49:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
    PRC - [2008/04/13 15:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/14 12:49:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
    MOD - [2010/08/23 07:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/12/06 08:15:34 | 002,849,784 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
    SRV - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2007/07/20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
    SRV - [2007/07/20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2007/07/20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
    SRV - [2006/01/06 10:07:26 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)
    SRV - [2003/03/09 11:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2000/12/07 15:51:56 | 000,051,200 | -H-- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\PackethSvc.exe -- (PackethSvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/09/19 07:57:36 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
    DRV - [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
    DRV - [2010/09/10 23:40:48 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
    DRV - [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
    DRV - [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
    DRV - [2008/04/13 09:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
    DRV - [2008/04/13 09:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
    DRV - [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2007/07/20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
    DRV - [2007/07/20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
    DRV - [2007/07/18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2007/07/18 15:44:00 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - [2007/07/18 15:39:15 | 001,278,104 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
    DRV - [2007/07/18 15:39:15 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
    DRV - [2006/12/13 16:52:50 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
    DRV - [2006/08/31 15:12:08 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
    DRV - [2006/01/06 10:07:27 | 000,050,276 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11)
    DRV - [2006/01/06 10:07:27 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
    DRV - [2006/01/06 10:07:27 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
    DRV - [2006/01/06 10:07:26 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
    DRV - [2004/10/07 16:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
    DRV - [2004/08/03 20:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2003/06/12 00:56:44 | 000,098,304 | R--- | M] (ATMEL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vnet558x.sys -- (FVNETusb)
    DRV - [2003/05/02 14:19:00 | 001,312,555 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2003/03/17 19:27:50 | 000,307,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg311nd5.sys -- (NETGEAR_WG311_SERVICE)
    DRV - [2002/08/28 20:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
    DRV - [2002/04/11 16:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
    DRV - [2002/04/08 16:36:18 | 000,305,100 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
    DRV - [2002/03/28 02:05:00 | 000,006,016 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV - [2001/08/18 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
    DRV - [2001/08/18 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
    DRV - [2001/08/17 12:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
    DRV - [2001/08/17 03:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
    DRV - [2000/12/03 09:35:58 | 000,022,640 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
    FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
    FF - prefs.js..extensions.enabledItems: {CDD6DF24-B2F3-4780-B57C-C984430DAB3D}:1.9.1
    FF - prefs.js..extensions.enabledItems: {6BBB6066-4F46-4CCE-9540-25178C5ED123}:1.9.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: [email protected]:1.0
    FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9.3
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
    FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
    FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
    FF - prefs.js..network.proxy.type: 4


    FF - HKLM\software\mozilla\Firefox\Extensions\\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D}: C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D} [2010/01/22 16:48:14 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\Extensions\\{6BBB6066-4F46-4CCE-9540-25178C5ED123}: C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\{6BBB6066-4F46-4CCE-9540-25178C5ED123}\ [2010/01/28 15:20:31 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 13:57:07 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/15 13:57:06 | 000,000,000 | ---D | M]

    [2008/08/29 11:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Extensions
    [2011/01/03 12:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions
    [2010/12/15 13:57:33 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
    [2010/12/16 18:01:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/01/03 12:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2010/12/10 17:36:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/01/28 15:20:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{6BBB6066-4F46-4CCE-9540-25178C5ED123}
    [2010/01/22 16:48:14 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D}
    [2010/12/10 17:35:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2010/12/10 17:35:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2008/06/30 21:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

    O1 HOSTS File: ([2011/01/13 15:23:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
    O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
    O4 - Startup: C:\Documents and Settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215493224746 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5183/mcfscan.cab (McFreeScan Class)
    O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.165.131.12 209.165.131.13
    O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop Components:0 () - http://p.webshots.com/img/mdocs/star_12x12.gif
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2002/09/18 11:33:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2002/09/18 13:43:36 | 000,000,243 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2000/04/07 09:02:10 | 000,000,378 | ---- | M] () - E:\autoexec.nav -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: Ip6FwHlp - File not found

    Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Error starting restore point: The function was called in safe mode.
    Error closing restore point: The sequence number is invalid.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/14 12:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTMlogs
    [2011/01/14 12:49:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
    [2011/01/13 16:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\CFlogs
    [2011/01/13 15:50:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2011/01/13 15:50:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Recent
    [2011/01/13 15:17:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2011/01/13 15:08:55 | 000,000,000 | ---D | C] -- C:\FixCO
    [2011/01/13 13:03:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/01/11 11:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2011/01/05 09:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
    [2011/01/05 09:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\Anti-Malware
    [2010/12/17 21:13:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/12/17 21:13:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/12/17 21:13:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/12/17 21:13:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

    ========== Files - Modified Within 30 Days ==========

    [2011/01/14 12:57:05 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/01/14 12:56:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/01/14 12:49:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
    [2011/01/13 15:23:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/01/13 15:10:55 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
    [2011/01/13 13:41:25 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\SecurityCheck.exe
    [2011/01/13 13:03:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/01/13 12:55:06 | 004,154,145 | R--- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\FixCO.exe
    [2011/01/11 16:16:33 | 000,046,797 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\esetonline.JPG
    [2011/01/10 19:01:35 | 002,359,350 | ---- | M] () -- C:\WINDOWS\Webshots for Admin.bmp
    [2011/01/10 17:47:37 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2011/01/08 13:53:06 | 000,000,058 | ---- | M] () -- C:\WINDOWS\RegDefrag.ini
    [2011/01/05 21:18:54 | 000,000,561 | ---- | M] () -- C:\hpfr5550.xml
    [2011/01/05 21:16:56 | 000,000,034 | ---- | M] () -- C:\WINDOWS\hpfsched.ini
    [2011/01/05 19:41:54 | 000,005,292 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20110105_194150.reg
    [2011/01/05 17:24:53 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/23 16:10:09 | 000,004,844 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101223_161006.reg
    [2010/12/21 17:52:50 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/12/19 12:28:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/12/17 21:24:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110111-110448.backup
    [2010/12/17 16:16:12 | 000,012,788 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101217_161606.reg

    ========== Files Created - No Company Name ==========

    [2011/01/13 15:10:55 | 000,001,224 | ---- | C] () -- C:\CF-Submit.htm
    [2011/01/13 13:41:21 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\SecurityCheck.exe
    [2011/01/13 13:03:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2011/01/13 13:03:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/01/13 13:00:46 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/01/13 12:54:55 | 004,154,145 | R--- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\FixCO.exe
    [2011/01/11 12:42:48 | 000,046,797 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\esetonline.JPG
    [2011/01/05 21:16:56 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
    [2011/01/05 19:41:52 | 000,005,292 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20110105_194150.reg
    [2010/12/23 16:10:08 | 000,004,844 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101223_161006.reg
    [2010/12/17 21:13:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/12/17 21:13:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/12/17 21:13:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/12/17 21:13:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/12/17 16:16:09 | 000,012,788 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101217_161606.reg
    [2010/06/24 10:44:22 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2010/06/24 10:44:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
    [2010/06/24 10:44:19 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2010/06/24 10:44:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2010/06/24 10:44:18 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
    [2010/04/27 17:24:46 | 000,004,940 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
    [2010/01/31 17:07:07 | 000,000,058 | ---- | C] () -- C:\WINDOWS\RegDefrag.ini
    [2010/01/20 20:15:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\housecall.guid.cache
    [2009/10/08 12:09:06 | 000,000,306 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2008/09/07 12:52:43 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
    [2008/08/04 20:13:44 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
    [2008/07/05 20:07:24 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
    [2008/02/29 22:21:02 | 000,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2008/02/16 16:21:29 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
    [2008/01/09 14:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
    [2007/12/11 20:24:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
    [2007/09/30 17:14:20 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/07/18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2006/05/19 10:12:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
    [2006/04/11 08:19:56 | 000,001,398 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\AdobeDLM.log
    [2006/04/11 08:19:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\dm.ini
    [2005/09/02 14:57:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Admin.ini
    [2005/05/09 08:05:54 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2005/04/19 10:12:46 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\fusioncache.dat
    [2003/03/09 11:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
    [2003/02/18 16:17:23 | 000,000,186 | ---- | C] () -- C:\WINDOWS\Teneron.ini
    [2002/10/10 16:32:20 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
    [2002/10/03 11:40:51 | 000,000,187 | ---- | C] () -- C:\WINDOWS\BW.ini
    [2002/09/20 08:45:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2002/09/18 17:08:07 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
    [2002/09/17 19:20:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2000/10/17 16:43:12 | 000,906,784 | ---- | C] () -- C:\WINDOWS\System32\Owl52f.dll
    [2000/09/13 18:15:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll
    [1999/01/04 12:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
    [1998/11/04 01:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

    ========== LOP Check ==========

    [2008/09/07 12:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\iolo
    [2008/07/06 00:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\TrojanHunter
    [2010/09/20 16:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2003/09/22 10:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America Online
    [2010/07/14 16:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/12/21 12:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/07/15 12:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
    [2008/09/07 12:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
    [2010/01/24 15:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\supiyiha
    [2010/02/01 14:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
    [2010/02/01 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vegapaye
    [2005/08/11 10:51:55 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1115658956.job
    [2011/01/13 22:09:44 | 000,032,594 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/10/10 14:02:42 | 000,000,011 | ---- | M] () -- C:\AuResult.ini
    [2002/09/18 11:33:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/12/19 12:28:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2011/01/13 13:03:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/01/13 15:10:55 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2002/09/18 11:33:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2007/08/31 13:06:34 | 000,000,907 | ---- | M] () -- C:\hpfr3420.xml
    [2007/08/31 13:06:34 | 000,394,917 | ---- | M] () -- C:\hpfr3425.log
    [2011/01/05 21:18:54 | 000,000,561 | ---- | M] () -- C:\hpfr5550.xml
    [2011/01/05 21:18:54 | 000,281,034 | ---- | M] () -- C:\hph7350.log
    [2002/09/18 11:33:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2002/11/07 08:24:01 | 000,241,664 | ---- | M] () -- C:\Daron Drywall, Inc.QBB
    [2002/09/18 11:33:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/10/15 08:22:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/08/11 12:11:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2002/11/07 08:22:16 | 001,086,976 | ---- | M] () -- C:\Pacific Rim Interiors, LLC.QBB
    [2011/01/14 12:55:50 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
    [2003/04/21 11:54:24 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
    [2003/01/30 15:33:24 | 012,396,032 | ---- | M] () -- C:\Pres.Homes2002.QBB
    [2004/03/26 10:32:31 | 000,124,416 | ---- | M] () -- C:\The Terraces Subdivision, LLC 03 26 04.QBB
    [2002/11/07 08:29:18 | 000,097,280 | ---- | M] () -- C:\The Terraces Subdivision, LLC.QBB

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2002/09/17 19:18:39 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2002/09/17 19:18:38 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2002/09/17 19:18:38 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-12 04:34:03
    < End of report >

    OTL Extras logfile created on: 1/14/2011 12:58:35 PM - Run 1
    OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    767.00 Mb Total Physical Memory | 607.00 Mb Available Physical Memory | 79.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.27 Gb Total Space | 21.72 Gb Free Space | 58.27% Space Free | Partition Type: NTFS
    Drive E: | 19.13 Gb Total Space | 16.09 Gb Free Space | 84.11% Space Free | Partition Type: FAT32

    Computer Name: ACCOUNTING1 | User Name: Admin | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" = C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe:*:Enabled:NetgearAG -- ()
    "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech Inc.)
    "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
    "C:\kav\kav7\setup.exe" = C:\kav\kav7\setup.exe:*:Disabled:Kaspersky Anti-Virus 7.0 Setup -- (Kaspersky Lab)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
    "{14374624-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Premier Edition 2005
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
    "{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
    "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{9077253B-FBE9-416A-8D7A-9A58C2E83B39}" = NETGEAR Wireless PCI Adapter
    "{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
    "{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
    "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
    "{99A12218-772D-44F6-9483-6CEC92223C1D}" = TurboProject Deluxe v.4
    "{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
    "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
    "{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype&#8482; 4.1
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
    "{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
    "Ad-aware 5.83" = Ad-aware 5.83
    "Adobe Acrobat 5.0" = Adobe Acrobat 5.0
    "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Autodesk Express Viewer" = Autodesk Express Viewer
    "CCleaner" = CCleaner
    "Duplicate Finder_is1" = Duplicate Finder
    "Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
    "ESET Online Scanner" = ESET Online Scanner v3
    "HijackThis" = HijackThis 2.0.2
    "hp instant support" = hp instant support
    "HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
    "hp psc 1200 series_Driver" = hp psc 1200 series
    "hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "IrfanView" = IrfanView (remove only)
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.4
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NTI CD-Maker 2000 Plus" = NTI CD-Maker 2000 Plus
    "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
    "Plaxo" = Plaxo
    "QcDrv" = Logitech® Camera Driver
    "RealPlayer 6.0" = RealPlayer
    "UDA Construction Office 2003" = UDA Construction Office 2003
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Webshots Desktop" = Webshots Desktop
    "WinASO Registry Optimizer 4.5.3_is1" = WinASO Registry Optimizer 4.5.3
    "Windows Media Format Runtime" = Windows Media Format Runtime
    "Windows Media Player" = Windows Media Player 10
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/15/2010 1:27:17 AM | Computer Name = ACCOUNTING1 | Source = MsiInstaller | ID = 11706
    Description = Product: HP Photo and Imaging 2.0 - All-in-One Drivers -- Error 1706.No
    valid source could be found for product HP Photo and Imaging 2.0 - All-in-One Drivers.
    The Windows Installer cannot continue.

    Error - 12/17/2010 5:18:10 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
    Description = Faulting application regopt.exe, version 4.5.3.0, faulting module
    kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

    Error - 12/19/2010 7:20:28 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
    module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    Error - 12/19/2010 7:20:32 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1001
    Description = Fault bucket -2081677592.

    Error - 12/27/2010 1:31:04 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
    Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
    module xul.dll, version 1.9.2.3989, fault address 0x0070b15a.

    Error - 12/27/2010 1:31:24 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1001
    Description = Fault bucket -2077656330.

    Error - 1/6/2011 2:17:08 AM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
    Description = Faulting application hpfiui.exe, version 4.2.41.0, faulting module
    ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

    Error - 1/6/2011 2:17:14 AM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1001
    Description = Fault bucket 1250658336.

    Error - 1/13/2011 6:06:18 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
    Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
    version 0.0.0.0, fault address 0x0008d560.

    Error - 1/13/2011 6:09:56 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
    Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
    version 0.0.0.0, fault address 0x0008d560.

    [ System Events ]
    Error - 1/14/2011 5:31:54 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 1/14/2011 5:36:22 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 1/14/2011 5:36:52 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 1/14/2011 5:36:54 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 1/14/2011 5:37:02 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 1/14/2011 5:44:51 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 1/14/2011 5:49:39 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service StiSvc with
    arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error - 1/14/2011 5:54:02 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 1/14/2011 5:57:17 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
    Description = DCOM got error "%1084" attempting to start the service EventSystem
    with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error - 1/14/2011 5:57:43 PM | Computer Name = ACCOUNTING1 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    a2injectiondriver cmdGuard Fips intelppm


    < End of report >
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/973878

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice