Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

rootkit, printer and uploading files

5K views 41 replies 2 participants last post by  kevinf80 
#1 ·
Hello back in early December I was in process of removing something I got from a Avast download. There was something doing massive uploads. Then I believed I took care of it. Since then I have used many programs and downloaded a number of tools for reassurance that the machine was cleaned. Again, since running comodo I found a large number of uploading or I should say large amount of files in the cache folder. Then I've run another scan later and all the files disappear. Then the printer stopped working for my mother but will work fine under admin privilege. Two weeks ago, I had Combofix detect 2 items of NTDLL code modification: ZwClose, ZwOpenFile. Thought it was taken care of. I've used Malwarebytes', a-squared, SuperAntispyware, Spybot S&D, Comodo, Dsskiller, and maybe a few others to detect anything and remove it but nothing I did helped. Also, last month, Combofix found some strange files, c:\recycler\NPROTECT\00122198.Lee #2 B, and got rid of them. I'm quite convinced there is some type of rootkit or trojan that is sending info or providing access for an hacker. Could you help me solve this? Thank you in advance.
My OP: XP Pro w/ service pack 3

Here's a recent HJ log.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:42:15 PM, on 1/10/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPHipm11.exe
C:\Documents and Settings\Elsa\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215493224746
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5183/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F3269FD-46B5-4252-A9DA-58CF96C69347}: NameServer = 156.154.70.22,156.154.71.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{E26442D6-73FF-4322-A260-45EFC8BFC03F}: NameServer = 156.154.70.22,156.154.71.22
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\DOCUME~1\Elsa\LOCALS~1\APPLIC~1\Skype\Shared\SKYPE4~1.DLL
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5703 bytes
 
See less See more
#2 ·
Well, I either need a program that blocks uploading or to fix this issue. To give you an idea, this problem is turning into something major. Every day, the computer finds new files like this log finds. And I hope to put a stop to over 100 MB being uploaded on a regular basis.

ANALYSIS COMPLETE - (7.070 secs)
------------------------------------------------------------------------------------------
114.5 MB to be removed. (Approximate size)
------------------------------------------------------------------------------------------
Details of files to be deleted (Note: No files have been deleted yet)
------------------------------------------------------------------------------------------
Internet Explorer - Temporary Internet Files 1,617 KB 153 files
Internet Explorer - History 160 KB 5 files
Internet Explorer - Index.dat files 0 KB 3 files
Windows Explorer - Recent Documents 28 KB 44 files
System - Empty Recycle Bin 218 KB 1 files
System - Temporary Files 1,280 KB 43 files
System - Windows Log Files 65 KB 4 files
System - Start Menu Shortcuts 2 KB 2 files
Firefox/Mozilla - Cookies 0 KB 452 files
Firefox/Mozilla - Download History 2 KB 1 files
Firefox/Mozilla - Internet Cache 113,861 KB 281 files
Applications - Office XP 10 KB 13 files
Multimedia - Adobe Flash Player 41 KB 106 files
------------------------------------------------------------------------------------------
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\006601BFd01 65 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\024B0F66d01 21 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\02D571E9d01 28 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\03B713B6d01 19 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0574F3ECd01 33 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0673F652d01 25 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\07B89374d01 2,059 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\08B06265d01 59 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\08C7CA64d01 252 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0A87AF88d01 18 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0AAD139Cd01 36 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0ACD1C38d01 29 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0E473868d01 40 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\0FA52527d01 271 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\114D3E29d01 28 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\11B0FC23d01 17 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\135C67BCd01 76 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\18D441D5d01 32 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\18EE8369d01 172 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\19014B90d01 39 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\19E4238Cd01 21 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\1A677C7Ad01 21 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\1BD575B0d01 142 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\1CCCFBF6d01 33 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\1E7372D6d01 30 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\1FFCFC20d01 26 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\206DA9CBd01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\21A7DBBFd01 19 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\223DBF9Cd01 21 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\23236000d01 51 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2345160Dd01 882 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\245AD0C8d01 129 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\24766117d01 55 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\24F9C4D1d01 21 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\25CC923Bd01 85 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\25E0A3B5d01 27 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\26C91BEAd01 59 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\278052E8d01 74 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\278E3138d01 33 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\29788B88d01 1,637 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2AC566A9d01 335 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2B0DF62Dd01 25 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2CCE9783d01 17 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2DB7255Ad01 9,206 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2DE73497d01 1,621 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2FE8C3FBd01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\2FFD42FEd01 135 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\32B0EA89d01 33 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\32CAD3B0d01 113 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\33399782d01 25 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\33A68E23d01 20 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\33D1CCF1d01 39 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\348C1918d01 19 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\348E655Cd01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\349E99B3d01 32 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\34D02809d01 169 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\351ED87Ed01 1,479 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\36CEBF9Cd01 38 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\37EA8334d01 20 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3805D747d01 26 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\396C4619d01 314 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3B66755Dd01 109 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3BBE0069d01 428 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3BDDF7A4d01 35 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3C6D3EE5d01 9,206 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3D3407FCd01 26 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3DD1F669d01 29 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3F02EFE6d01 38 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\3F57BEF9d01 21 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\401065D5d01 534 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\4191A544d01 35 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\428A329Ad01 40 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\45EC34A6d01 1,565 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\46E8EDD8d01 20 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\47870182d01 26 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\49102C7Dd01 32 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\4984FAC4d01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\49DE886Ed01 26 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\4AD5A8FDd01 33 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\4B7ACADFd01 21 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\4C1CF33Cd01 71 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\4FEA11E3d01 34 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\52AFDE74d01 22 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\559874CFd01 20 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\56DA0E3Ed01 82 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\57FCFD74d01 31 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\58CA7A9Dd01 21 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\5F97DD87d01 25 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6117B8FEd01 32 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\631BB8A2d01 9,206 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\63381CDEd01 26 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\634BA6ABd01 20 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6425A1D1d01 25 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6479813Dd01 130 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\69BDEEF0d01 212 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6A939EAEd01 49 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6AF0DAC9d01 28 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6B588337d01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6B7B20B7d01 27 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6D301EA2d01 57 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6DD04606d01 45 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6E45453Dd01 89 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6E50ED3Ed01 38 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6F08BCF9d01 1,116 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\6F600CA3d01 39 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\709F43B6d01 66 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\74121A58d01 47 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\746D7F06d01 36 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\760BD790d01 75 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\76A1CF42d01 20 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\770EA65Dd01 25 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\775DF64Fd01 30 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\776C8102d01 37 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\7A445A93d01 24 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\7D097A2Bd01 35 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\7DC0F84Bd01 43 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\7E47DBE2d01 44 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\7FD820C6d01 49 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\80DF3199d01 17 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\825ACF3Fd01 68 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8392CA8Bd01 74 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\83F2BF89d01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\843E4639d01 38 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\85738751d01 74 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\85F7F4B0d01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\86C31AD7d01 138 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8769247Dd01 32 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\878206D2d01 32 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\87DB18EAd01 41 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\89F02F68d01 21 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8A8CD792d01 94 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8AA3314Cd01 32 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8B6D9D1Ed01 101 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8BAF22D8d01 59 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8C9059CDd01 17 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8C9CE845d01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8E1EA103d01 30 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\8EA099DFd01 9,206 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9165EA71d01 28 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\92BDD22Dd01 98 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9318F5CEd01 45 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9377EDC4d01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\937EAF98d01 19 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\945685D7d01 27 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\94B48BA2d01 19 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\95279401d01 112 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\962D6A12d01 652 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\96AA048Ed01 25 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\99326D35d01 85 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\99988FCAd01 49 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9AE554C4d01 73 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9AEAAFCBd01 29 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9AEBE407d01 21 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9AFC3668d01 20 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9B18ECEEd01 26 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9B24EAA1d01 56 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9B299BB9d01 35 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9B639779d01 56 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9C98DA80d01 29 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9D177907d01 40 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9D27399Dd01 29 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9DF88C5Dd01 31 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9EB9B8AFd01 29 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9EC04489d01 66 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\9FC5EE75d01 315 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A00FA659d01 24 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A17DD559d01 56 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A244416Ed01 46 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A4071B59d01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A4341F02d01 18 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A4F47A26d01 129 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A5D41050d01 236 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A6524752d01 72 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A661F649d01 40 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A71E9186d01 19 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A86D12AAd01 95 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A9871CD2d01 36 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\A9EC234Ad01 44 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AA491460d01 17 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AAB4A4B5d01 29 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AABDD832d01 37 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AB936624d01 26 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\ACEB4148d01 33 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AD2AE166d01 25 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AD550398d01 652 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\ADB63847d01 253 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AE2BD683d01 35 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AE8A3B1Bd01 35 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\AEDC20D2d01 218 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B15EE3B1d01 90 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B2369549d01 25 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B4D0A6C8d01 257 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B614799Dd01 256 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B6C7869Bd01 34 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B74A2DBAd01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B77C3386d01 21 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B7DEA722d01 43 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\B8AA1D37d01 40 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BA8B53A1d01 29 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BBA8FB71d01 40 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BBF3DD31d01 24 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BC64775Fd01 1,633 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BC879EADd01 265 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BD63BCF4d01 55 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\BE837DB4d01 29 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C0A2F8D3d01 20 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C1BE02B7d01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C2C31209d01 38 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C3AA3A21d01 40 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C4548221d01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C4ACD518d01 32 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C8FF8531d01 32 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\C99DA63Ed01 40 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CB650483d01 67 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CBC4022Dd01 652 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CBDA4A15d01 50 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CCB9C726d01 32 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CD3D396Dd01 20 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CD4D4441d01 728 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CD7C8EC2d01 136 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CE0FF505d01 29 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CE1F132Ed01 77 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\CEEF1936d01 29 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D1117B31d01 22 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D1BD432Ed01 30 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D1F21A18d01 42 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D218C851d01 129 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D26C3FB9d01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D2BDD127d01 25 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D30117F7d01 18 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\D670785Dd01 21 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DCFC2AB9d01 34 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DD1B3C64d01 33 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DD29DAB7d01 24 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DD955BB2d01 29 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DE36596Fd01 47 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DF96A63Fd01 25 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\DFD36564d01 644 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E0501CBEd01 9,206 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E1188EE8d01 40 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E1C1C7D3d01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E3F35C3Ad01 958 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E4147EAAd01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E538CCAEd01 20 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E53B50CAd01 18 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E6394991d01 31 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E672C518d01 9,206 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E8984DDDd01 38 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\E964E4E5d01 19 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EA19332Dd01 33 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EA9FD14Ed01 20 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EAEE0B68d01 33 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EBD01DF6d01 59 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EC5EDD69d01 85 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EC758B89d01 76 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\ED666544d01 43 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\EF30EE40d01 35 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F016EFEDd01 53 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F05728A6d01 24 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F087F11Dd01 25 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F319A556d01 549 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F3F906FDd01 20 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F4DBA8E5d01 19 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F5217707d01 24 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F578123Fd01 23 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F5F1E987d01 66 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F72E00EDd01 266 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F7690240d01 28 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F7BCC2E9d01 36 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F8E0FDD4d01 20 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\F8EE8FF1d01 24 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\FA6CB90Fd01 22 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\FA766F70d01 17 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\FB51F64Cd01 48 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\FC610564d01 38 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\FD5E44DEd01 424 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\FDC0CF9Fd01 30 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\_CACHE_001_ 5,819 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\_CACHE_002_ 6,834 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\_CACHE_003_ 14,372 KB
C:\Documents and Settings\Elsa\Local Settings\Application Data\Mozilla\Firefox\Profiles\1tzl8bb1.default\cache\_CACHE_MAP_ 129 KB
 
#3 ·
Here's my DDS log as instructed in the "everyone MUST read this..." post.

DDS (Ver_10-12-12.01) - NTFSx86 NETWORK
Run by Admin at 16:18:07.84 on Tue 01/11/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.542 [GMT -9:00]
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\dds.pif
============== Pseudo HJT Report ===============
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil9f.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [HPHmon04] c:\windows\system32\hphmon04.exe
StartupFolder: c:\docume~1\admin~1.pre\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215493224746
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5183/mcfscan.cab
TCP: {9F3269FD-46B5-4252-A9DA-58CF96C69347} = 156.154.70.22,156.154.71.22
TCP: {E26442D6-73FF-4322-A260-45EFC8BFC03F} = 156.154.70.22,156.154.71.22
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = %I
mASetup: {622C3E8E-6F9A-4625-BE57-AE60FAF3040A} - rundll32 mvvy5.dll,laspi
Hosts: 127.0.0.1 www.spywareinfo.com
============= SERVICES / DRIVERS ===============
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-9-10 15592]
S1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2011-1-5 41928]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2011-1-5 11776]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 239240]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2011-1-5 2849784]
S2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1901056]
S2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [2003-9-22 51200]
S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2011-1-5 72808]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2003-10-6 16194]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\admin~1.pre\locals~1\temp\000004dd.nmc\nse\bin\ndiskio.sys --> c:\docume~1\admin~1.pre\locals~1\temp\000004dd.nmc\nse\bin\ndiskio.sys [?]
S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\drivers\wg311nd5.sys [2003-10-6 307904]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
=============== File Associations ===============
JSEFile=NOTEPAD.EXE %1
=============== Created Last 30 ================
2011-01-11 20:52:12 -------- d-----w- c:\program files\ESET
2010-12-18 06:13:05 98816 ----a-w- c:\windows\sed.exe
2010-12-18 06:13:05 229888 ----a-w- c:\windows\PEV.exe
2010-12-18 06:13:05 161792 ----a-w- c:\windows\SWREG.exe
==================== Find3M ====================
2010-12-11 02:35:55 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-11 02:35:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
============= FINISH: 16:19:16.27 ===============
 
#4 ·
Attach log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 9/18/2002 12:36:08 PM
System Uptime: 1/11/2011 10:59:57 AM (6 hours ago)
Motherboard: | | P4X266-8233
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | Socket 423 | 2019/100mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 21.669 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 19 GiB total, 16.087 GiB free.
F: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NETGEAR WG311 802.11g Wireless PCI Adapter
Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_49001385&REV_01\3&13C0B0C5&0&50
Manufacturer: NETGEAR, Inc.
Name: NETGEAR WG311 802.11g Wireless PCI Adapter
PNP Device ID: PCI\VEN_168C&DEV_0013&SUBSYS_49001385&REV_01\3&13C0B0C5&0&50
Service: NETGEAR_WG311_SERVICE
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Network Driver
Device ID: ROOT\NET\0000
Manufacturer: America Online, Inc.
Name: WAN Network Driver
PNP Device ID: ROOT\NET\0000
Service: wandrv
==== System Restore Points ===================
RP2: 12/21/2010 2:39:25 PM - System Checkpoint
RP3: 12/23/2010 9:41:04 AM - System Checkpoint
RP4: 12/24/2010 10:30:10 AM - System Checkpoint
RP5: 12/25/2010 1:49:24 PM - System Checkpoint
RP6: 12/26/2010 7:27:16 PM - System Checkpoint
RP7: 12/27/2010 8:22:16 PM - System Checkpoint
RP8: 12/28/2010 9:12:21 PM - System Checkpoint
RP9: 12/30/2010 9:26:50 AM - System Checkpoint
RP10: 12/31/2010 11:40:07 AM - System Checkpoint
RP11: 1/1/2011 2:01:23 PM - System Checkpoint
RP12: 1/2/2011 7:50:26 PM - System Checkpoint
RP13: 1/3/2011 9:38:12 PM - System Checkpoint
RP14: 1/5/2011 6:55:03 AM - System Checkpoint
RP15: 1/7/2011 7:57:17 PM - System Checkpoint
RP16: 1/8/2011 11:07:51 PM - System Checkpoint
RP17: 1/10/2011 10:06:28 PM - System Checkpoint
==== Installed Programs ======================
Ad-aware 5.83
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.7
Autodesk Express Viewer
Avance AC'97 Audio
CCleaner
COMODO Internet Security
DivX Plus Web Player
Duplicate Finder
Emsisoft Anti-Malware 5.1
ESET Online Scanner v3
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB981793)
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 22
K-Lite Mega Codec Pack 6.0.4
Logitech Desktop Messenger
Logitech QuickCam
Logitech® Camera Driver
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Outlook Personal Folders Backup
Microsoft Reader
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MVision
NETGEAR Wireless PCI Adapter
NTI CD-Maker 2000 Plus
NVIDIA Windows 2000/XP Display Drivers
OGA Notifier 2.0.0048.0
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Plaxo
QuickBooks Premier Edition 2005
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB981957)
Skype™ 4.1
Spybot - Search & Destroy
TurboProject Deluxe v.4
UDA Construction Office 2003
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
WebFldrs XP
Webshots Desktop
WinASO Registry Optimizer 4.5.3
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger Explorer Bar
==== Event Viewer Messages From Past Week ========
1/8/2011 11:53:18 PM, error: Print [6161] - The document Microsoft Word - New Microsoft Word Document.doc owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 153716. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
1/8/2011 11:53:02 PM, error: Print [6161] - The document Microsoft Word - New Microsoft Word Document.doc owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 154500. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
1/8/2011 11:49:20 PM, error: Print [6161] - The document FW: Confirmed Reservation Standard IT# 1682906 FRENCH - Outlook Web Access Light owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 1096736. Number of bytes printed: 0. Total number of pages in the document: 2. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
1/8/2011 11:47:54 PM, error: Print [6161] - The document FW: Confirmed Reservation Standard IT# 1682906 FRENCH - Outlook Web Access Light owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 589824. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
1/8/2011 11:09:59 AM, error: Print [6161] - The document Microsoft Word - 10 Amazing Little Heroes.doc owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 549364. Number of bytes printed: 0. Total number of pages in the document: 9. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
1/8/2011 11:06:28 AM, error: Print [6161] - The document Microsoft Word - 10 Amazing Little Heroes.doc owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 370104. Number of bytes printed: 0. Total number of pages in the document: 8. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
1/8/2011 11:03:54 AM, error: Print [6161] - The document Microsoft Word - 10 Amazing Little Heroes.doc owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 65536. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
1/5/2011 9:26:11 PM, error: Print [6161] - The document Microsoft Word - 10 Amazing Little Heroes.doc owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 131072. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
1/5/2011 8:15:04 PM, error: Print [6161] - The document Test Page owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 78048. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
1/5/2011 8:10:24 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The system cannot find the file specified.
1/5/2011 8:10:24 PM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
1/5/2011 7:11:40 AM, error: Print [6161] - The document Sallie Mae Manage Your Loans - Pay now: Payment confirmation owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 589824. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
1/5/2011 7:09:14 AM, error: Print [6161] - The document Sallie Mae Manage Your Loans - Pay now: Payment confirmation owned by Elsa failed to print on printer hp photosmart 7350 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 529264. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\ACCOUNTING1. Win32 error code returned by the print processor: 5 (0x5).
1/5/2011 6:58:40 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/5/2011 6:58:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
1/5/2011 6:53:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/5/2011 6:51:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.
1/5/2011 5:57:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/5/2011 5:54:11 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a2injectiondriver AFD cmdGuard Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
1/5/2011 5:54:11 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2011 5:54:11 PM, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2011 5:54:11 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2011 5:54:11 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/5/2011 5:54:11 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBT service which failed to start because of the following error: A device attached to the system is not functioning.
1/11/2011 11:01:58 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: a2injectiondriver cmdGuard Fips intelppm SASDIFSV SASKUTIL
==== End Of File ===========================
 
#5 ·
Hiya blu47,

I'm kevinf80 and I will be helping with any malware issues you may have with your system.
  • Please be aware that some of the logs I may ask for can be very complex and can take a long time to decipher. I am a volunteer here with a job and family so I ask that you be patient when waiting for replies.
  • Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.
  • Either print or Save to Notepad all instructions and please follow them carefully, if there's something you don't understand or that will not work please let me know and we will go through it together.
  • Malware is often buggy and can be very unstable, with that in mind it is advisable to backup any important data before we begin.
  • If you do not reply within 72 hours the thread will be closed, if you need more time let me know. Likewise if I do not respond within 48 hours feel free to PM me.

If you are using Spybots Teatimer please turn it off as it will definitely interfere with any tools we try to run:

1) Open Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

Then proceed as follows please :-

Step 1

Please download OTM by OldTimer.
Alternative Mirror
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------

    :Files
    ipconfig /flushdns /c
    :Commands
    [Purity]
    [EmptyFlash]
    [EmptyTemp]
    [ResetHosts]

    ---------------------------------------------------------------------
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red
    button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Step 2

Delete any versions of Combofix you have on your Desktop and download a fresh version from one of the following links:

Link 1
Link 2

Don`t forget Combofix must be saved to your desktop. <--Very important

Ensure you have disabledyour Firewall and all anti virus and anti malware programs so they do not interfere with the running of ComboFix. <---Very important

Double click on the Combofix icon to start the scan, Vista and Windows 7 users Right click and select "Run as Administrator" then follow the prompts.

Please include the C:\ComboFix.txt in your next reply for further review.

Examples of how to disable realtime protection available at the following link :-

Disable realtime protection

Note: Do not click combofix's window with your mouse while it's running. That action may cause it to stall.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Step 3

Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

What i`d like to see in your reply :-

  • Log from OTM
  • Log from Combofix
  • Log from Security Check

Kevin...
 
#6 ·
hi Kevin, thanks for the support. I've been running everything in safe mode because the computer froze 2 days ago and will feel better when it functions properly again. Also, I did 2 scans w/ the Combofix. I downloaded the recovery console and hope that is fine. Also, combofix said comodo was enabled but I could not find it running in the processes list. Another thing, I noticed is that 2 user accounts are showing up on the computer when they have been inactive for over 4 years. I even found a strange txt file that should not be on the computer labeled, "SUPERANTISPYWARE-11-4-2010( 13-47-38 ).LOG"

1st log requested w/ OTMoveIt3
All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Admin.PRESTIGE-SYS4
->Temp folder emptied: 2387782 bytes
->Temporary Internet Files folder emptied: 79240846 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 77426773 bytes
->Flash cache emptied: 2778 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 3444288 bytes
->Flash cache emptied: 1290 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Elsa
->Temp folder emptied: 1358116 bytes
->Temporary Internet Files folder emptied: 360582 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 97707146 bytes
->Flash cache emptied: 16065 bytes

User: Jason

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 43028882 bytes
->Flash cache emptied: 1030 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1197825 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50369856 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 94149960 bytes

Total Files Cleaned = 430.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.17.2 log created on 11262010_114618

1st scan using combofix.
ComboFix 09-09-25.01 - Admin 01/13/2011 12:34.16.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.608 [GMT -9:00]
Running from: c:\documents and settings\Admin.PRESTIGE-SYS4\My Documents\Downloads\ComboFix.exe
AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
.
2011-01-11 20:52 . 2011-01-11 20:52 -------- d-----w- c:\program files\ESET
2011-01-06 04:01 . 2011-01-06 04:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-12 02:52 . 2007-04-12 00:35 -------- d-----w- c:\program files\Bodog Poker
2011-01-11 20:02 . 2006-04-04 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-01-11 02:47 . 2010-12-11 03:43 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2011-01-06 02:24 . 2010-12-11 02:51 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2011-01-05 04:32 . 2010-07-15 00:59 -------- d-----w- c:\documents and settings\Elsa\Application Data\QuickScan
2011-01-04 00:47 . 2010-11-25 03:12 -------- d-----w- c:\program files\Lavasoft Ad-Aware
2011-01-04 00:05 . 2008-08-10 04:25 -------- d-----w- c:\documents and settings\Admin.PRESTIGE-SYS4\Application Data\SUPERAntiSpyware.com
2010-12-25 18:46 . 2008-02-04 05:29 67928 ----a-w- c:\documents and settings\Elsa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-12-21 21:39 . 2010-11-25 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-12-21 03:09 . 2010-11-17 20:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 03:08 . 2010-11-17 20:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-18 00:42 . 2005-03-03 20:25 -------- d-----w- c:\program files\Google
2010-12-11 03:44 . 2010-12-11 03:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-12-11 03:26 . 2010-12-11 03:26 -------- d-----w- c:\program files\COMODO
2010-12-11 02:36 . 2006-03-01 19:37 -------- d-----w- c:\program files\Common Files\Java
2010-12-11 02:35 . 2010-12-11 02:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-11 02:35 . 2006-03-01 19:39 -------- d-----w- c:\program files\Java
2010-12-09 06:31 . 2010-12-09 06:31 -------- d-----w- c:\program files\Panda Security
2010-12-09 06:22 . 2003-05-20 19:47 -------- d-----w- c:\program files\Radio Free Virgin Player
2010-12-02 17:42 . 2010-11-25 03:42 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-26 05:26 . 2010-06-28 01:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-26 05:00 . 2004-04-09 22:09 67928 ----a-w- c:\documents and settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-11-25 03:39 . 2010-11-25 03:39 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-11-18 15:46 . 2010-04-16 02:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-11-17 20:22 . 2010-11-17 20:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-11-13 03:54 . 2010-03-23 21:48 1324 ----a-w- c:\windows\system32\d3d9caps.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-11 2500552]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
c:\documents and settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-4-22 45056]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ %I
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\winlogon.exe"=
"c:\\Program Files\\NETGEAR\\Wireless Smart Configuration\\Utility\\NetgearAG.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\kav\\kav7\\setup.exe"=
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [9/10/2010 11:40 PM 15592]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [1/5/2011 9:09 AM 41928]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [1/5/2011 9:09 AM 11776]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 11:40 PM 239240]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/28/2008 9:33 AM 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 9:33 AM 55024]
S2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [9/22/2003 10:08 AM 51200]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [1/5/2011 9:09 AM 72808]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [10/6/2003 7:34 AM 16194]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\ADMIN~1.PRE\LOCALS~1\Temp\00000705.nmc\nse\bin\ndiskio.sys --> c:\docume~1\ADMIN~1.PRE\LOCALS~1\Temp\00000705.nmc\nse\bin\ndiskio.sys [?]
S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\drivers\wg311nd5.sys [10/6/2003 7:34 AM 307904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 9:33 AM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{622C3E8E-6F9A-4625-BE57-AE60FAF3040A}]
rundll32 mvvy5.dll,laspi
.
Contents of the 'Scheduled Tasks' folder
2005-08-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8115658956.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]
2010-11-25 c:\windows\Tasks\HP Usg Login.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2007-12-12 19:07]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {9F3269FD-46B5-4252-A9DA-58CF96C69347} = 156.154.70.22,156.154.71.22
TCP: {E26442D6-73FF-4322-A260-45EFC8BFC03F} = 156.154.70.22,156.154.71.22
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 12:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2016)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-01-13 12:40
ComboFix-quarantined-files.txt 2011-01-13 21:40
ComboFix2.txt 2011-01-06 03:55
ComboFix4.txt 2010-12-22 03:07
Pre-Run: 23,420,710,912 bytes free
Post-Run: 23,381,286,912 bytes free
140 --- E O F --- 2010-12-12 04:34

2nd scan --
ComboFix 11-01-12.04 - Admin 01/13/2011 13:05:11.17.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.599 [GMT -9:00]
Running from: c:\documents and settings\Admin.PRESTIGE-SYS4\Desktop\FixCO.exe
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\fscd.txt
c:\windows\system32\idm.txt
c:\windows\system32\svae.jpg
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
.
2011-01-11 20:52 . 2011-01-11 20:52 -------- d-----w- c:\program files\ESET
2011-01-06 04:01 . 2011-01-06 04:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 03:09 . 2010-11-17 20:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 03:08 . 2010-11-17 20:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 02:35 . 2010-12-11 02:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-11 02:35 . 2010-12-11 02:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-02 17:42 . 2010-11-25 03:42 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-11 2500552]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
c:\documents and settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-4-22 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-26 01:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-26 01:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 20:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2008-05-28 18:33 1506544 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NETGEAR\\Wireless Smart Configuration\\Utility\\NetgearAG.exe"=
"c:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\kav\\kav7\\setup.exe"=
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [9/10/2010 11:40 PM 15592]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [1/5/2011 9:09 AM 41928]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [1/5/2011 9:09 AM 11776]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 11:40 PM 239240]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/28/2008 9:33 AM 8944]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/28/2008 9:33 AM 55024]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [1/5/2011 9:09 AM 2849784]
S2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [9/22/2003 10:08 AM 51200]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [1/5/2011 9:09 AM 72808]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [10/6/2003 7:34 AM 16194]
S3 NDISKIO;NDISKIO;\??\c:\docume~1\ADMIN~1.PRE\LOCALS~1\Temp\00000705.nmc\nse\bin\ndiskio.sys --> c:\docume~1\ADMIN~1.PRE\LOCALS~1\Temp\00000705.nmc\nse\bin\ndiskio.sys [?]
S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\drivers\wg311nd5.sys [10/6/2003 7:34 AM 307904]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/28/2008 9:33 AM 7408]
.
Contents of the 'Scheduled Tasks' folder
2005-08-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8115658956.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]
2010-11-25 c:\windows\Tasks\HP Usg Login.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2007-12-12 19:07]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {9F3269FD-46B5-4252-A9DA-58CF96C69347} = 156.154.70.22,156.154.71.22
TCP: {E26442D6-73FF-4322-A260-45EFC8BFC03F} = 156.154.70.22,156.154.71.22
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-HPHUPD04 - c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe
HKLM_ActiveSetup-{622C3E8E-6F9A-4625-BE57-AE60FAF3040A} - mvvy5.dll

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 13:15
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1752)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-01-13 13:22:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-13 22:22
ComboFix2.txt 2011-01-13 21:40
ComboFix3.txt 2011-01-06 03:55
ComboFix4.txt 2010-12-22 03:07
ComboFix5.txt 2011-01-13 22:01
Pre-Run: 23,366,660,096 bytes free
Post-Run: 23,289,241,600 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 0274731195209B616E2EFB74F5A18FE0
 
#7 ·
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
HijackThis 2.0.2
CCleaner
Java(TM) 6 Update 22
Adobe Flash Player 10.1.102.64
Adobe Reader 7.0.7
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````
 
#8 ·
Hiya blu47,

I see you`ve actually ran Combofix 17 times, and it is now re-named as FixCO.exe Why did you not just follow my instructions?

Proceed as follows :-

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
KillAll::

File::
c:\windows\system32\drivers\hitmanpro35.sys
c:\program files\SUPERAntiSpyware\SASENUM.SYS
c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
c:\program files\SUPERAntiSpyware\sasdifsv.sys
Folder::
c:\program files\SUPERAntiSpyware
Driver::
SASDIFSV
SASKUTIL
NDISKIO
SASENUM
Save this as CFScript.txt, in the same location as ComboFix.exe (you`ve re-named it)





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step2

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the
    button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on
    to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the
    icon on your desktop.
  • Check
  • Click the
    button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the
    button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your
system.

Let me see the new Combofix log and the log from ESET in reply please.

Kevin
 
#9 ·
ComboFix 11-01-12.04 - Admin 01/13/2011 15:10:58.18.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.575 [GMT -9:00]
Running from: c:\documents and settings\Admin.PRESTIGE-SYS4\Desktop\FixCO.exe
Command switches used :: c:\documents and settings\Admin.PRESTIGE-SYS4\Desktop\CFScript.txt
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FILE ::
"c:\program files\SUPERAntiSpyware\sasdifsv.sys"
"c:\program files\SUPERAntiSpyware\SASENUM.SYS"
"c:\program files\SUPERAntiSpyware\SASKUTIL.SYS"
"c:\windows\system32\drivers\hitmanpro35.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\SUPERAntiSpyware
c:\program files\SUPERAntiSpyware\BootSafe.exe
c:\program files\SUPERAntiSpyware\detect.wav
c:\program files\SUPERAntiSpyware\deupx.dll
c:\program files\SUPERAntiSpyware\msvcr71.dll
c:\program files\SUPERAntiSpyware\Plugins\sab_incr.dll
c:\program files\SUPERAntiSpyware\Plugins\sab_mapi.dll
c:\program files\SUPERAntiSpyware\Plugins\sab_wab.dll
c:\program files\SUPERAntiSpyware\PROCESSLIST.DB
c:\program files\SUPERAntiSpyware\PROCESSLISTRELATED.DB
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
c:\program files\SUPERAntiSpyware\sasdifsv.sys
c:\program files\SUPERAntiSpyware\SASENUM.SYS
c:\program files\SUPERAntiSpyware\SASINST.EXE
c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
c:\program files\SUPERAntiSpyware\SASREPAIRS.STG
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\SUPERAntiSpyware\SSUpdate.exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.chm
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\windows\system32\drivers\hitmanpro35.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NDISKIO
-------\Legacy_SASDIFSV
-------\Legacy_SASENUM
-------\Legacy_SASKUTIL
-------\Service_NDISKIO
-------\Service_SASDIFSV
-------\Service_SASENUM
-------\Service_SASKUTIL

((((((((((((((((((((((((( Files Created from 2010-12-14 to 2011-01-14 )))))))))))))))))))))))))))))))
.
2011-01-11 20:52 . 2011-01-11 20:52 -------- d-----w- c:\program files\ESET
2011-01-06 04:01 . 2011-01-06 04:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 03:09 . 2010-11-17 20:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 03:08 . 2010-11-17 20:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 02:35 . 2010-12-11 02:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-11 02:35 . 2010-12-11 02:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-11 2500552]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
c:\documents and settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-4-22 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-26 01:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-26 01:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 20:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NETGEAR\\Wireless Smart Configuration\\Utility\\NetgearAG.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\kav\\kav7\\setup.exe"=
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [9/10/2010 11:40 PM 15592]
S1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [1/5/2011 9:09 AM 41928]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [1/5/2011 9:09 AM 11776]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 11:40 PM 239240]
S2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [1/5/2011 9:09 AM 2849784]
S2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [9/22/2003 10:08 AM 51200]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [1/5/2011 9:09 AM 72808]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [10/6/2003 7:34 AM 16194]
S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\drivers\wg311nd5.sys [10/6/2003 7:34 AM 307904]
.
Contents of the 'Scheduled Tasks' folder
2005-08-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8115658956.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]
2010-11-25 c:\windows\Tasks\HP Usg Login.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2007-12-12 19:07]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {9F3269FD-46B5-4252-A9DA-58CF96C69347} = 156.154.70.22,156.154.71.22
TCP: {E26442D6-73FF-4322-A260-45EFC8BFC03F} = 156.154.70.22,156.154.71.22
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 15:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(192)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2011-01-13 15:30:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-14 00:30
ComboFix2.txt 2011-01-13 22:22
ComboFix3.txt 2011-01-13 21:40
ComboFix4.txt 2011-01-06 03:55
ComboFix5.txt 2011-01-14 00:09
Pre-Run: 23,294,963,712 bytes free
Post-Run: 23,279,099,904 bytes free
- - End Of File - - 9B10A5436D950F3E1E3222D925AA1015
 
#10 ·
Hello Kevin, the Combofix tried to report a suspicious file but had trouble sending to the server. It required manual upload.
Here's the file: C:\Qoobox\Quarantine\[4]-Submit_2011-01-13_15.10.38.zip

I do not know anything about 17 scans. I downloaded it back on the 17th of December. Downloaded again as per instructed. I even scanned Monday on day of posting in case asked for - like all the other asked for logs on this site. Also, I saw that when dealing w/ infected computer, you need to rename toolkits like GMER on download. Sorry, I did not ask nor should have assumed that was okay. I do not pretend to understand why these programs work best from the desktop instead elsewhere. Or why downloading a fresh copy (again) within 30 days timeframe is always required. But I thought I was doing all the required & unnecessary steps and did not think of stepping on any toes. Perhaps I was too impatient and assumed too much, but I never meant or intended to stray from any instructions given to me. Honestly, I can only count about 5-7 scans for last 6 weeks. I found a number of files from the scans placed in the folder, C:\QooBox. Besides the Combofix1-5 logs, I found Add-Remove Programs.txt, ComboFix-quarantined-files.txt, catchme.txt, CFScript_used_2011-01-13_15.10.38.txt

User: Jason, User: Tom
Again, these 2 users were removed from the computer. I do not understand why I am seeing them on here. If you wish me to show anything, I would appreciate anything you can do to correct this.

eset online scanner log
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=2fd3713169a26348afca2b1d2172f8cc
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-14 04:09:58
# local_time=2011-01-13 07:09:58 (-0900, Alaskan Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 9010908 9010908 0 0
# compatibility_mode=1024 16777215 100 0 28971907 28971907 0 0
# compatibility_mode=3073 16777190 80 92 0 9850547 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 104693 104693 0 0
# scanned=84923
# found=0
# cleaned=0
# scan_time=11583
 
#11 ·
Hiya blu47,

As long as Qoobox is still installed Combofix remembers how many times it has been run. However, it only keeps a maximum 5 logs and just deletes the oldest as a new one is saved. Regarding the suspicious file upload, that is not an automated action, CF only tries to send suspicious files if instructed by a certain command when a Scriptfix is run so I`m not sure what has happened there??

Have you received help elsewhere and Combofix was used?

Don`t worry you are not stepping on my toes, it is a bad experience when computers are infected. I know it is frustrating waiting for help and you want to try and get things moving. Sometimes uploading multiple tools and leaving them in place can have a negative effect and compound issues already there. eg Running two Anti-virus programs together, you would think this would be twice a safe, not so. Because of how AV`s work more than one installed with realtime protection and they clash with each other and can negate security altogether.

Regarding the regenerated accounts, have you used System Restore recently?

Ok lets continue, i`m just trying to see exactly what we are dealing with and what is present on your system

Can you let me see the following logs please :-

Add-Remove Programs.txt,
ComboFix-quarantined-files.txt,


Also run the following scan and let me see the two produced logs:

Download
OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Under the Custom Scan box paste this in
    Code:
          netsvcs
          drivers32
          %SYSTEMDRIVE%\*.*
          %systemroot%\*. /mp /s
          CREATERESTOREPOINT
          %systemroot%\System32\config\*.sav
          HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
          HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

What i`d like in your reply :-

  • Add-Remove Programs.txt from Qoobox
  • ComboFix-quarantined-files.txt from Qoobox
  • OTL Txt
  • Extras Txt

Kevin...
 
#12 ·
Hello thanks for replying back so soon. I thought I had shot myself in the foot and you were going to hold it against me. The question about the system restore is that I turned it off back when I found infected files on here. Then forgot to turn it back on. Then tried to create some. Last time I checked I was unable to do a system restore. That's all I can recall.

I will upload the files requested in the order asked. Also, I am not seeing an Extra log so do not know what happened.

Add-Remove Programs.txt log
Ad-aware 5.83
Adobe Acrobat 5.0
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.7
Autodesk Express Viewer
Avance AC'97 Audio
CCleaner
COMODO Internet Security
DivX Plus Web Player
Duplicate Finder
Emsisoft Anti-Malware 5.1
ESET Online Scanner v3
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB981793)
hp instant support
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
IrfanView (remove only)
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java Auto Updater
Java(TM) 6 Update 22
K-Lite Mega Codec Pack 6.0.4
Logitech Desktop Messenger
Logitech QuickCam
Logitech® Camera Driver
Macromedia Flash Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Media Content
Microsoft Office XP Small Business
Microsoft Outlook Personal Folders Backup
Microsoft Reader
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
MVision
NETGEAR Wireless PCI Adapter
NTI CD-Maker 2000 Plus
NVIDIA Windows 2000/XP Display Drivers
OGA Notifier 2.0.0048.0
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Plaxo
QuickBooks Premier Edition 2005
RealPlayer
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB981957)
Skype&#8482; 4.1
Spybot - Search & Destroy
TurboProject Deluxe v.4
UDA Construction Office 2003
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
WebFldrs XP
Webshots Desktop
WinASO Registry Optimizer 4.5.3
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR archiver
Yahoo! Messenger Explorer Bar
 
#13 ·
As far as the Combofix being run before. Back in January and July of last year I used it with assistance. I have not used it as you instructed w/ the CFScript file dropped on the icon. That is beyond me for now.

ComboFix-quarantined-files.txt log
2011-01-14 00:28:25 . 2011-01-14 00:28:25 648 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-SUPERAntiSpyware.reg.dat
2011-01-14 00:15:39 . 2011-01-14 00:15:39 2,832 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SASKUTIL.reg.dat
2011-01-14 00:15:39 . 2011-01-14 00:15:39 2,662 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SASENUM.reg.dat
2011-01-14 00:15:39 . 2011-01-14 00:15:39 2,684 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_SASDIFSV.reg.dat
2011-01-14 00:15:39 . 2011-01-14 00:15:39 2,982 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_NDISKIO.reg.dat
2011-01-14 00:15:38 . 2011-01-14 00:15:38 1,334 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SASKUTIL.reg.dat
2011-01-14 00:15:38 . 2011-01-14 00:15:38 1,322 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SASENUM.reg.dat
2011-01-14 00:15:38 . 2011-01-14 00:15:38 1,334 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_SASDIFSV.reg.dat
2011-01-14 00:15:38 . 2011-01-14 00:15:38 1,322 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_NDISKIO.reg.dat
2011-01-14 00:10:53 . 2011-01-14 00:10:55 42,319 ----a-w- C:\Qoobox\Quarantine\[4]-Submit_2011-01-13_15.10.38.zip
2011-01-13 22:20:35 . 2011-01-13 22:20:35 261 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM_ActiveSetup-{622C3E8E-6F9A-4625-BE57-AE60FAF3040A}.reg.dat
2011-01-13 22:20:32 . 2011-01-13 22:20:32 652 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-HPHUPD04.reg.dat
2011-01-13 22:09:14 . 2011-01-14 00:15:31 13,412 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-12-22 02:56:26 . 2011-01-14 00:08:57 306 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-11-25 03:42:09 . 2010-12-02 17:42:55 15,944 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\hitmanpro35.sys.vir
2010-03-07 01:51:51 . 2010-03-07 01:51:51 5,120 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Thumbs.db.vir
2010-01-23 01:24:52 . 2010-01-23 01:24:52 1 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\fscd.txt.vir
2010-01-23 01:24:51 . 2010-01-23 01:24:51 1 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\idm.txt.vir
2010-01-15 01:22:23 . 2010-01-15 01:22:23 65,536 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\svae.jpg.vir
2008-05-28 18:33:38 . 2008-05-28 18:33:38 7,408 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASENUM.SYS.vir
2008-05-28 18:33:36 . 2008-05-28 18:33:36 8,944 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\sasdifsv.sys.vir
2008-05-28 18:33:36 . 2008-05-28 18:33:36 55,024 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASKUTIL.SYS.vir
2008-05-28 18:33:34 . 2008-05-28 18:33:34 1,506,544 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe.vir
2008-05-28 18:33:32 . 2008-05-28 18:33:32 158,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SSUpdate.exe.vir
2008-05-28 18:32:56 . 2008-05-28 18:32:56 10,307,355 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\PROCESSLIST.DB.vir
2008-05-28 18:32:46 . 2008-05-28 18:32:46 897,066 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\PROCESSLISTRELATED.DB.vir
2008-05-13 18:13:36 . 2008-05-13 18:13:36 77,824 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASSEH.DLL.vir
2008-03-12 19:29:50 . 2008-03-12 19:29:50 24,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASINST.EXE.vir
2007-11-27 21:12:26 . 2007-11-27 21:12:26 1,088,725 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm.vir
2007-10-18 21:32:34 . 2007-10-18 21:32:34 403,456 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASREPAIRS.STG.vir
2007-10-02 22:08:48 . 2007-10-02 22:08:48 122,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\BootSafe.exe.vir
2007-04-19 21:41:36 . 2007-04-19 21:41:36 294,912 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASWINLO.dll.vir
2007-02-27 20:39:26 . 2007-02-27 20:39:26 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\SASCTXMN.DLL.vir
2006-09-19 23:55:38 . 2006-09-19 23:55:38 360,448 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\deupx.dll.vir
2004-06-03 17:24:38 . 2004-06-03 17:24:38 69,632 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\Plugins\sab_incr.dll.vir
2004-05-20 21:28:44 . 2004-05-20 21:28:44 2,048 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\detect.wav.vir
2004-05-07 23:31:40 . 2004-05-07 23:31:40 348,160 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\msvcr71.dll.vir
2004-05-07 23:31:40 . 2004-05-07 23:31:40 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\Plugins\sab_mapi.dll.vir
2004-05-07 23:31:40 . 2004-05-07 23:31:40 61,440 ----a-w- C:\Qoobox\Quarantine\C\Program Files\SUPERAntiSpyware\Plugins\sab_wab.dll.vir
2001-08-18 12:00:00 . 2010-02-17 17:10:28 2,189,952 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\_000008_.tmp.dll.vir

Code:
OTS logfile created on: 1/14/2011 11:21:43 AM - Run 2
OTS by OldTimer - Version 3.1.33.0     Folder = C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\COMPFolder2\2t\clean
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
767.00 Mb Total Physical Memory | 608.00 Mb Available Physical Memory | 79.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 21.72 Gb Free Space | 58.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 19.13 Gb Total Space | 16.09 Gb Free Space | 84.11% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ACCOUNTING1
Current User Name: Admin
Logged in as Administrator.
 
Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\COMPFolder2\2t\clean\OTS.exe -> [2010/07/14 15:21:50 | 000,640,512 | ---- | M] (OldTimer Tools)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 15:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
 
[Modules - Safe List]
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 07:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
ots.exe -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\COMPFolder2\2t\clean\OTS.exe -> [2010/07/14 15:21:50 | 000,640,512 | ---- | M] (OldTimer Tools)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008/04/13 15:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(a2AntiMalware) Emsisoft Anti-Malware 5.0 - Service [Auto | Stopped] -> C:\Program Files\Emsisoft Anti-Malware\a2service.exe -> [2010/12/06 08:15:34 | 002,849,784 | ---- | M] (Emsi Software GmbH)
(cmdAgent) COMODO Internet Security Helper Service [Auto | Stopped] -> C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -> [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO)
(LVSrvLauncher) LVSrvLauncher [Auto | Stopped] -> C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -> [2007/07/20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.)
(LVPrcSrv) Process Monitor [Auto | Stopped] -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2007/07/20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.)
(LVCOMSer) LVCOMSer [Auto | Stopped] -> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -> [2007/07/20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.)
(Pml Driver HPH11) Pml Driver HPH11 [On_Demand | Stopped] -> C:\WINDOWS\system32\hphipm11.exe -> [2006/01/06 10:07:26 | 000,077,824 | ---- | M] (HP)
(Pml Driver HPZ12) Pml Driver HPZ12 [On_Demand | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2003/03/09 11:31:02 | 000,065,795 | R--- | M] (HP)
(PackethSvc) Virtual NIC Service [Auto | Stopped] -> C:\WINDOWS\system32\PackethSvc.exe -> [2000/12/07 15:51:56 | 000,051,200 | -H-- | M] (America Online, Inc.)
 
[Driver Services - Safe List]
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\FixCO\catchme.sys -> File not found
(a2acc) a2acc [File_System | On_Demand | Stopped] -> C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -> [2010/09/19 07:57:36 | 000,072,808 | ---- | M] (Emsi Software GmbH)
(cmdGuard) COMODO Internet Security Sandbox Driver [File_System | System | Stopped] -> C:\WINDOWS\system32\drivers\cmdGuard.sys -> [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO)
(cmderd) COMODO Internet Security Eradication Driver [File_System | System | Running] -> C:\WINDOWS\system32\drivers\cmderd.sys -> [2010/09/10 23:40:48 | 000,015,592 | ---- | M] (COMODO)
(a2injectiondriver) a2injectiondriver [File_System | System | Stopped] -> C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -> [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH)
(a2util) a-squared Malware-IDS utility driver [Kernel | System | Stopped] -> C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -> [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH)
(NwlnkIpx) NWLink IPX/SPX/NetBIOS Compatible Transport Protocol [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\nwlnkipx.sys -> [2008/04/13 09:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation)
(gameenum) Game Port Enumerator [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\gameenum.sys -> [2008/04/13 09:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbaudio.sys -> [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation)
(LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LVMVdrv.sys -> [2007/07/20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.)
(LVcKap) Logitech AEC Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Lvckap.sys -> [2007/07/20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.)
(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LVPr2Mon.sys -> [2007/07/18 17:42:42 | 000,025,624 | ---- | M] ()
(LVUSBSta) Logitech USB Monitor Filter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LVUSBSta.sys -> [2007/07/18 15:44:00 | 000,041,752 | R--- | M] (Logitech Inc.)
(PID_PEPI) Logitech QuickCam IM(PID_PEPI) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LV302V32.SYS -> [2007/07/18 15:39:15 | 001,278,104 | R--- | M] (Logitech Inc.)
(pepifilter) Volume Adapter [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lv302af.sys -> [2007/07/18 15:39:15 | 000,013,848 | R--- | M] (Logitech Inc.)
(motmodem) Motorola USB CDC ACM Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\motmodem.sys -> [2006/12/13 16:52:50 | 000,020,992 | ---- | M] (Motorola)
(symlcbrd) symlcbrd [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\symlcbrd.sys -> [2006/08/31 15:12:08 | 000,010,344 | ---- | M] (Symantec Corporation)
(Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\hphs2k11.sys -> [2006/01/06 10:07:27 | 000,050,276 | ---- | M] (Hewlett-Packard)
(Dot4Usb HPH11) Dot4Usb HPH11 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\hphius11.sys -> [2006/01/06 10:07:27 | 000,018,928 | ---- | M] (HP)
(Dot4Print HPH11) Print Class Driver for IEEE-1284.4 HPH11 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\hphipr11.sys -> [2006/01/06 10:07:27 | 000,016,112 | ---- | M] (HP)
(Dot4 HPH11) Dot4 HPH11 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\hphid411.sys -> [2006/01/06 10:07:26 | 000,050,896 | ---- | M] (HP)
(AFS2K) AFS2K [Kernel | System | Running] -> C:\WINDOWS\System32\drivers\AFS2K.SYS -> [2004/10/07 16:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.)
(ati2mtag) ati2mtag [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ati2mtag.sys -> [2004/08/03 20:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.)
(FVNETusb) Linksys Wireless-B USB Network Adapter v2.8 Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\vnet558x.sys -> [2003/06/12 00:56:44 | 000,098,304 | R--- | M] (ATMEL)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2003/05/02 14:19:00 | 001,312,555 | ---- | M] (NVIDIA Corporation)
(NETGEAR_WG311_SERVICE) NETGEAR WG311 Wireless PCI Adapter Service [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wg311nd5.sys -> [2003/03/17 19:27:50 | 000,307,904 | ---- | M] (Atheros Communications, Inc.)
(AN983) ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\an983.sys -> [2002/08/28 20:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.)
(AWINDIS5) AWINDIS5 Protocol Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\AWINDIS5.SYS -> [2002/04/11 16:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.)
(ALCXWDM) Service for Avance AC97 Audio (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ALCXWDM.SYS -> [2002/04/08 16:36:18 | 000,305,100 | ---- | M] (Avance Logic, Inc.)
(NTIDrvr) Upper Class Filter Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\NTIDrvr.sys -> [2002/03/28 02:05:00 | 000,006,016 | ---- | M] (NewTech Infosystems, Inc.)
(NwlnkNb) NWLink NetBIOS [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\nwlnknb.sys -> [2001/08/18 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation)
(NwlnkSpx) NWLink SPX/SPXII Protocol [Kernel | Auto | Stopped] -> C:\WINDOWS\system32\drivers\nwlnkspx.sys -> [2001/08/18 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation)
(HCF_MSFT) HCF_MSFT [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\HCF_MSFT.sys -> [2001/08/17 12:28:02 | 000,907,456 | ---- | M] (Conexant)
(nv4) nv4 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4.sys -> [2001/08/17 03:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation)
(wandrv) WAN Network Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\wandrv.sys -> [2000/12/03 09:35:58 | 000,022,640 | ---- | M] (America Online, Inc.)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> [URL]http://www.google.com/ie[/URL] -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> 
HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> [URL]http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8[/URL] -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> [URL]http://www.msn.com/[/URL] -> 
HKEY_CURRENT_USER\: SearchURL\\"" -> [URL]http://www.google.com/search?q=%s[/URL] -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> <local> -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\FireFox\Profiles\r87okycu.default\prefs.js -> 
browser.search.defaultenginename -> "Yahoo! Search" ->
browser.search.selectedEngine -> "Yahoo! Search" ->
browser.search.update -> false ->
browser.startup.homepage -> "[URL]http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official[/URL]" ->
extensions.enabledItems -> {CDD6DF24-B2F3-4780-B57C-C984430DAB3D}:1.9.1 ->
extensions.enabledItems -> {6BBB6066-4F46-4CCE-9540-25178C5ED123}:1.9.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 ->
extensions.enabledItems -> [EMAIL="jqs@sun.com:1.0"]jqs@sun.com:1.0[/EMAIL] ->
extensions.enabledItems -> {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9.3 ->
extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 ->
keyword.URL -> "[URL]http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p[/URL]=" ->
network.proxy.no_proxies_on -> "127.0.0.1" ->
network.proxy.type -> 4 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\FireFox\Profiles\r87okycu.default\user.js -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D} -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D} [C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D}] -> [2010/01/22 16:48:14 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{6BBB6066-4F46-4CCE-9540-25178C5ED123} -> C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{6BBB6066-4F46-4CCE-9540-25178C5ED123}\ [C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{6BBB6066-4F46-4CCE-9540-25178C5ED123}\] -> [2010/01/28 15:20:31 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/12/15 13:57:07 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/12/15 13:57:06 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions ->  -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Extensions -> [2008/08/29 11:50:40 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions -> [2011/01/03 12:30:18 | 000,000,000 | ---D | M]
Session Manager   -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} -> [2010/12/15 13:57:33 | 000,000,000 | ---D | M]
DownloadHelper   -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2010/12/16 18:01:45 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2011/01/03 12:30:18 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/12/10 17:36:13 | 000,000,000 | ---D | M]
< HOSTS File > ([2011/01/13 15:23:18 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2006/01/12 19:38:22 | 000,063,128 | ---- | M] (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
ShellBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key error. [Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"COMODO Internet Security" -> C:\Program Files\COMODO\COMODO Internet Security\cfp.exe ["C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h] -> [2010/09/10 23:41:20 | 002,500,552 | ---- | M] (COMODO)
"HPDJ Taskbar Utility" -> C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe] -> [2006/01/06 10:07:25 | 000,188,416 | ---- | M] (HP)
"HPHmon04" -> C:\WINDOWS\system32\hphmon04.exe [C:\WINDOWS\system32\hphmon04.exe] -> [2006/01/06 10:07:25 | 000,348,160 | ---- | M] (Hewlett-Packard)
< Admin.PRESTIGE-SYS4 Startup Folder > -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup -> 
C:\Documents and Settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup\Webshots.lnk -> C:\Program Files\Webshots\Launcher.exe -> [2003/10/30 12:50:22 | 000,045,056 | ---- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\\"DisableFirstRunCustomize" ->  [1] -> File not found
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDriveAutoRun"]\\"NoDriveAutoRun[/URL]" ->  [67108863] -> File not found
[URL="file://\\"NoDriveTypeAutoRun"]\\"NoDriveTypeAutoRun[/URL]" ->  [323] -> File not found
[URL="file://\\"HonorAutoRunSetting"]\\"HonorAutoRunSetting[/URL]" ->  [1] -> File not found
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoDriveTypeAutoRun"]\\"NoDriveTypeAutoRun[/URL]" ->  [323] -> File not found
[URL="file://\\"NoNetHood"]\\"NoNetHood[/URL]" ->  [0] -> File not found
[URL="file://\\"NoDriveAutoRun"]\\"NoDriveAutoRun[/URL]" ->  [67108863] -> File not found
[URL="file://\\"NoDrives"]\\"NoDrives[/URL]" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> [2010/04/15 18:32:54 | 009,361,232 | R--- | M] (Microsoft Corporation)
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html] -> File not found
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{4528BBE0-4E08-11D5-AD55-00010333D0AD}:{4C171D40-8277-11D5-AD55-00010333D0AD} [HKLM] -> Reg Error: Key error. [Button: Messenger] -> File not found
{4528BBE0-4E08-11D5-AD55-00010333D0AD}:{4C171D40-8277-11D5-AD55-00010333D0AD} [HKLM] -> Reg Error: Key error. [Menu: Yahoo! Messenger] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}:Exec [HKLM] -> C:\Program Files\Bodog Poker\BPGame.exe [Button: Bodog Poker] -> File not found
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{4528BBE0-4E08-11D5-AD55-00010333D0AD}" [HKLM] ->  [Messenger] -> File not found
CmdMapping\\"{9239E4EC-C9A6-11D2-A844-00C04F68D538}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}" [HKLM] -> C:\Program Files\Bodog Poker\BPGame.exe [Bodog Poker] -> File not found
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7595 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7582 domain(s) found. -> 
  .[msn] -> My Computer -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> [URL]http://go.microsoft.com/fwlink/?linkid=39204[/URL] [Windows Genuine Advantage Validation Tool] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> [URL]http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab[/URL] [BDSCANONLINE Control] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> [URL]http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215493224746[/URL] [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab[/URL] [Java Plug-in 1.6.0_22] -> 
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} [HKLM] -> [URL]http://ax.emsisoft.com/asquared.cab[/URL] [a-squared Scanner] -> 
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[/URL] [Java Plug-in 1.5.0_06] -> 
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab[/URL] [Java Plug-in 1.5.0_09] -> 
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab[/URL] [Java Plug-in 1.6.0_22] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> [URL]http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab[/URL] [Java Plug-in 1.6.0_22] -> 
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> [URL]http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/URL] [Shockwave Flash Object] -> 
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [HKLM] -> [URL]http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5183/mcfscan.cab[/URL] [McFreeScan Class] -> 
Microsoft XML Parser for Java [HKLM] -> Reg Error: Value error. [Reg Error: Key error.] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 209.165.131.12 209.165.131.13 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{9F3269FD-46B5-4252-A9DA-58CF96C69347}\\DhcpNameServer -> 209.165.131.12 209.165.131.13   (Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)) -> 
{9F3269FD-46B5-4252-A9DA-58CF96C69347}\\NameServer -> 156.154.70.22,156.154.71.22   (Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4)) -> 
{E26442D6-73FF-4322-A260-45EFC8BFC03F}\\NameServer -> 156.154.70.22,156.154.71.22   (NETGEAR WG311 802.11g Wireless PCI Adapter) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"Use My Stylesheet" -> Reg Error: Invalid data type.
"User Stylesheet" -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 15:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> [2008/02/29 22:19:59 | 000,067,128 | ---- | M] (Logitech Inc.)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\kav\kav7\setup.exe" -> C:\kav\kav7\setup.exe [C:\kav\kav7\setup.exe:*:Disabled:Kaspersky Anti-Virus 7.0 Setup] -> [2008/02/08 10:04:44 | 000,072,264 | ---- | M] (Kaspersky Lab)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger] -> [2008/02/29 22:19:59 | 000,067,128 | ---- | M] (Logitech Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" -> C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware] -> [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation)
"C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" -> C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe [C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe:*:Enabled:NetgearAG] -> [2003/05/16 12:59:24 | 000,389,120 | ---- | M] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2002/09/18 11:33:30 | 000,000,000 | ---- | M] ()
E:\AUTOEXEC.BAT [SET BLASTER=A220 I7 D1 H7 P330 T6 | SET SBPCI=C:\SBPCI |                                                                                                                                                                                            | ] -> E:\AUTOEXEC.BAT [ FAT32 ] -> [2002/09/18 13:43:36 | 000,000,243 | ---- | M] ()
E:\autoexec.nav [REM [Header] | @ECHO OFF |                                |                                                    |                                            |          |             |                                         |                    |         |                                    |                                |  | REM [CD-ROM Drive] |  | REM [Miscellaneous] |  | REM [Display] |  | ] -> E:\autoexec.nav [ FAT32 ] -> [2000/04/07 09:02:10 | 000,000,378 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 CFlogs -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\CFlogs -> [2011/01/13 16:41:06 | 000,000,000 | ---D | C]
 RECYCLER -> C:\RECYCLER -> [2011/01/13 15:50:24 | 000,000,000 | -HSD | C]
 Recent -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Recent -> [2011/01/13 15:50:22 | 000,000,000 | RH-D | C]
 temp -> C:\WINDOWS\temp -> [2011/01/13 15:17:23 | 000,000,000 | ---D | C]
 FixCO -> C:\FixCO -> [2011/01/13 15:08:55 | 000,000,000 | ---D | C]
 cmdcons -> C:\cmdcons -> [2011/01/13 13:03:41 | 000,000,000 | RHSD | C]
 ESET -> C:\Program Files\ESET -> [2011/01/11 11:52:12 | 000,000,000 | ---D | C]
 Anti-Malware -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\Anti-Malware -> [2011/01/05 09:09:09 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/12/17 21:13:05 | 000,161,792 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/12/17 21:13:05 | 000,031,232 | ---- | C] (NirSoft)
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/12/17 21:13:04 | 000,212,480 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/12/17 21:13:04 | 000,136,704 | ---- | C] (SteelWerX)
 
[Files/Folders - Modified Within 30 Days]
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/01/14 11:04:59 | 000,002,422 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/01/14 11:04:13 | 000,002,048 | --S- | M] ()
 SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2011/01/13 22:09:43 | 000,000,006 | -H-- | M] ()
 ntuser.dat -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\ntuser.dat -> [2011/01/13 21:57:27 | 009,175,040 | ---- | M] ()
 ntuser.ini -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\ntuser.ini -> [2011/01/13 21:57:27 | 000,000,278 | -HS- | M] ()
 IconCache.db -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\IconCache.db -> [2011/01/13 21:57:21 | 004,768,744 | -H-- | M] ()
 system.ini -> C:\WINDOWS\system.ini -> [2011/01/13 15:23:33 | 000,000,227 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2011/01/13 15:23:18 | 000,000,027 | ---- | M] ()
 CF-Submit.htm -> C:\CF-Submit.htm -> [2011/01/13 15:10:55 | 000,001,224 | ---- | M] ()
 SecurityCheck.exe -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\SecurityCheck.exe -> [2011/01/13 13:41:25 | 000,879,028 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2011/01/13 13:03:50 | 000,000,327 | RHS- | M] ()
 ComboFix.exe -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\ComboFix.exe -> [2011/01/13 12:55:06 | 004,154,145 | R--- | M] ()
 esetonline.JPG -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\esetonline.JPG -> [2011/01/11 16:16:33 | 000,046,797 | ---- | M] ()
 dds.pif -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\dds.pif -> [2011/01/11 12:39:03 | 000,624,640 | ---- | M] ()
 Webshots for Admin.bmp -> C:\WINDOWS\Webshots for Admin.bmp -> [2011/01/10 19:01:35 | 002,359,350 | ---- | M] ()
 sfi.dat -> C:\WINDOWS\System32\drivers\sfi.dat -> [2011/01/10 17:47:37 | 001,474,832 | ---- | M] ()
 ntuser.dat.bak -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\ntuser.dat.bak -> [2011/01/08 14:09:01 | 009,437,184 | ---- | M] ()
 RegDefrag.ini -> C:\WINDOWS\RegDefrag.ini -> [2011/01/08 13:53:06 | 000,000,058 | ---- | M] ()
 hpfr5550.xml -> C:\hpfr5550.xml -> [2011/01/05 21:18:54 | 000,000,561 | ---- | M] ()
 hpfsched.ini -> C:\WINDOWS\hpfsched.ini -> [2011/01/05 21:16:56 | 000,000,034 | ---- | M] ()
 cc_20110105_194150.reg -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20110105_194150.reg -> [2011/01/05 19:41:54 | 000,005,292 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/01/05 17:24:53 | 000,012,800 | ---- | M] ()
 cc_20101223_161006.reg -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101223_161006.reg -> [2010/12/23 16:10:09 | 000,004,844 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/12/21 17:52:50 | 000,260,640 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation)
 Boot.bak -> C:\Boot.bak -> [2010/12/19 12:28:00 | 000,000,211 | ---- | M] ()
 win.ini -> C:\WINDOWS\win.ini -> [2010/12/19 12:28:00 | 000,000,173 | ---- | M] ()
 Shortcut to ComboFix.exe.lnk -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\Shortcut to ComboFix.exe.lnk -> [2010/12/18 14:25:58 | 000,000,985 | ---- | M] ()
 hosts.20110111-110448.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20110111-110448.backup -> [2010/12/17 21:24:17 | 000,000,027 | ---- | M] ()
 cc_20101217_161606.reg -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101217_161606.reg -> [2010/12/17 16:16:12 | 000,012,788 | ---- | M] ()
 
[Files - No Company Name]
 CF-Submit.htm -> C:\CF-Submit.htm -> [2011/01/13 15:10:55 | 000,001,224 | ---- | C] ()
 SecurityCheck.exe -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\SecurityCheck.exe -> [2011/01/13 13:41:21 | 000,879,028 | ---- | C] ()
 Boot.bak -> C:\Boot.bak -> [2011/01/13 13:03:50 | 000,000,211 | ---- | C] ()
 cmldr -> C:\cmldr -> [2011/01/13 13:03:45 | 000,260,272 | RHS- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2011/01/13 13:00:46 | 000,089,088 | ---- | C] ()
 ComboFix.exe -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\ComboFix.exe -> [2011/01/13 12:54:55 | 004,154,145 | R--- | C] ()
 esetonline.JPG -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\esetonline.JPG -> [2011/01/11 12:42:48 | 000,046,797 | ---- | C] ()
 dds.pif -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\dds.pif -> [2011/01/11 12:39:01 | 000,624,640 | ---- | C] ()
 hpfsched.ini -> C:\WINDOWS\hpfsched.ini -> [2011/01/05 21:16:56 | 000,000,034 | ---- | C] ()
 cc_20110105_194150.reg -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20110105_194150.reg -> [2011/01/05 19:41:52 | 000,005,292 | ---- | C] ()
 cc_20101223_161006.reg -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101223_161006.reg -> [2010/12/23 16:10:08 | 000,004,844 | ---- | C] ()
 Shortcut to ComboFix.exe.lnk -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\Shortcut to ComboFix.exe.lnk -> [2010/12/18 13:04:07 | 000,000,985 | ---- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/12/17 21:13:05 | 000,256,512 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2010/12/17 21:13:05 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2010/12/17 21:13:05 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2010/12/17 21:13:05 | 000,068,096 | ---- | C] ()
 cc_20101217_161606.reg -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101217_161606.reg -> [2010/12/17 16:16:09 | 000,012,788 | ---- | C] ()
 unrar.dll -> C:\WINDOWS\System32\unrar.dll -> [2010/06/24 10:44:22 | 000,165,376 | ---- | C] ()
 avisplitter.ini -> C:\WINDOWS\avisplitter.ini -> [2010/06/24 10:44:22 | 000,000,038 | ---- | C] ()
 xvidcore.dll -> C:\WINDOWS\System32\xvidcore.dll -> [2010/06/24 10:44:19 | 000,881,664 | ---- | C] ()
 xvidvfw.dll -> C:\WINDOWS\System32\xvidvfw.dll -> [2010/06/24 10:44:19 | 000,205,824 | ---- | C] ()
 ff_vfw.dll.manifest -> C:\WINDOWS\System32\ff_vfw.dll.manifest -> [2010/06/24 10:44:19 | 000,000,547 | ---- | C] ()
 ff_vfw.dll -> C:\WINDOWS\System32\ff_vfw.dll -> [2010/06/24 10:44:18 | 000,108,032 | ---- | C] ()
 RegDefrag.ini -> C:\WINDOWS\RegDefrag.ini -> [2010/01/31 17:07:07 | 000,000,058 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2009/10/08 12:09:06 | 000,000,306 | ---- | C] ()
 OGACheckControl.dll -> C:\WINDOWS\System32\OGACheckControl.dll -> [2009/08/03 15:07:42 | 000,403,816 | ---- | C] ()
 mfc45.dll -> C:\WINDOWS\System32\mfc45.dll -> [2008/09/07 12:52:43 | 000,074,703 | ---- | C] ()
 thxcfg.ini -> C:\WINDOWS\System32\thxcfg.ini -> [2008/08/04 20:13:44 | 000,000,032 | ---- | C] ()
 streamhlp.dll -> C:\WINDOWS\System32\streamhlp.dll -> [2008/07/05 20:07:24 | 000,059,392 | R--- | C] ()
 lvcoinst.ini -> C:\WINDOWS\System32\lvcoinst.ini -> [2008/02/29 22:21:02 | 000,058,163 | R--- | C] ()
 bdoscandellang.ini -> C:\WINDOWS\bdoscandellang.ini -> [2008/01/09 14:01:48 | 000,000,453 | ---- | C] ()
 hpodinet.dll -> C:\WINDOWS\System32\hpodinet.dll -> [2007/12/11 20:24:58 | 000,069,632 | ---- | C] ()
 LVPr2Mon.sys -> C:\WINDOWS\System32\drivers\LVPr2Mon.sys -> [2007/07/18 17:42:42 | 000,025,624 | ---- | C] ()
 hpqEmlsz.INI -> C:\WINDOWS\hpqEmlsz.INI -> [2006/05/19 10:12:29 | 000,000,000 | ---- | C] ()
 kodakpcd.Admin.ini -> C:\WINDOWS\kodakpcd.Admin.ini -> [2005/09/02 14:57:21 | 000,000,022 | ---- | C] ()
 hpotscl.dll -> C:\WINDOWS\System32\hpotscl.dll -> [2003/03/09 11:31:04 | 000,561,152 | ---- | C] ()
 Teneron.ini -> C:\WINDOWS\Teneron.ini -> [2003/02/18 16:17:23 | 000,000,186 | ---- | C] ()
 hpgt42.dll -> C:\WINDOWS\System32\hpgt42.dll -> [2002/10/10 16:32:20 | 000,093,696 | ---- | C] ()
 BW.ini -> C:\WINDOWS\BW.ini -> [2002/10/03 11:40:51 | 000,000,187 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2002/09/20 08:45:17 | 000,000,376 | ---- | C] ()
 avrack.ini -> C:\WINDOWS\avrack.ini -> [2002/09/18 17:08:07 | 000,000,164 | ---- | C] ()
 Owl52f.dll -> C:\WINDOWS\System32\Owl52f.dll -> [2000/10/17 16:43:12 | 000,906,784 | ---- | C] ()
 pagesync.dll -> C:\WINDOWS\System32\pagesync.dll -> [2000/09/13 18:15:38 | 000,053,248 | ---- | C] ()
 tx32.dll -> C:\WINDOWS\System32\tx32.dll -> [1999/01/04 12:25:00 | 000,375,296 | ---- | C] ()
 Ic32.ini -> C:\WINDOWS\System32\Ic32.ini -> [1998/11/04 01:20:00 | 000,000,202 | ---- | C] ()
 
[File - Lop Check]
 iolo -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\iolo -> [2008/09/07 12:54:05 | 000,000,000 | ---D | M]
 TrojanHunter -> C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\TrojanHunter -> [2008/07/06 00:23:31 | 000,000,000 | ---D | M]
 Alwil Software -> C:\Documents and Settings\All Users\Application Data\Alwil Software -> [2010/09/20 16:55:17 | 000,000,000 | ---D | M]
 America Online -> C:\Documents and Settings\All Users\Application Data\America Online -> [2003/09/22 10:08:01 | 000,000,000 | ---D | M]
 avg9 -> C:\Documents and Settings\All Users\Application Data\avg9 -> [2010/07/14 16:26:57 | 000,000,000 | ---D | M]
 Hitman Pro -> C:\Documents and Settings\All Users\Application Data\Hitman Pro -> [2010/12/21 12:39:37 | 000,000,000 | ---D | M]
 IObit -> C:\Documents and Settings\All Users\Application Data\IObit -> [2010/07/15 12:24:23 | 000,000,000 | ---D | M]
 iolo -> C:\Documents and Settings\All Users\Application Data\iolo -> [2008/09/07 12:54:06 | 000,000,000 | ---D | M]
 supiyiha -> C:\Documents and Settings\All Users\Application Data\supiyiha -> [2010/01/24 15:22:54 | 000,000,000 | ---D | M]
 Temp -> C:\Documents and Settings\All Users\Application Data\Temp -> [2010/02/01 14:40:53 | 000,000,000 | ---D | M]
 vegapaye -> C:\Documents and Settings\All Users\Application Data\vegapaye -> [2010/02/01 17:58:02 | 000,000,000 | ---D | M]
 FRU Task #Hewlett-Packard#hp psc 1200 series#1115658956.job -> C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1115658956.job -> [2005/08/11 10:51:55 | 000,000,342 | ---- | M] ()
 SCHEDLGU.TXT -> C:\WINDOWS\Tasks\SCHEDLGU.TXT -> [2011/01/13 22:09:44 | 000,032,594 | ---- | M] ()
 
[File - Purity Scan]
 
[Custom Scans]
< netsvcs >
<       drivers32 >
<       %SYSTEMDRIVE%\*.* >
 AuResult.ini -> C:\AuResult.ini -> [2010/10/10 14:02:42 | 000,000,011 | ---- | M] ()
 AUTOEXEC.BAT -> C:\AUTOEXEC.BAT -> [2002/09/18 11:33:30 | 000,000,000 | ---- | M] ()
 Boot.bak -> C:\Boot.bak -> [2010/12/19 12:28:00 | 000,000,211 | ---- | M] ()
 boot.ini -> C:\boot.ini -> [2011/01/13 13:03:50 | 000,000,327 | RHS- | M] ()
 CF-Submit.htm -> C:\CF-Submit.htm -> [2011/01/13 15:10:55 | 000,001,224 | ---- | M] ()
 cmldr -> C:\cmldr -> [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] ()
 CONFIG.SYS -> C:\CONFIG.SYS -> [2002/09/18 11:33:30 | 000,000,000 | ---- | M] ()
 hpfr3420.xml -> C:\hpfr3420.xml -> [2007/08/31 13:06:34 | 000,000,907 | ---- | M] ()
 hpfr3425.log -> C:\hpfr3425.log -> [2007/08/31 13:06:34 | 000,394,917 | ---- | M] ()
 hpfr5550.xml -> C:\hpfr5550.xml -> [2011/01/05 21:18:54 | 000,000,561 | ---- | M] ()
 hph7350.log -> C:\hph7350.log -> [2011/01/05 21:18:54 | 000,281,034 | ---- | M] ()
 IO.SYS -> C:\IO.SYS -> [2002/09/18 11:33:30 | 000,000,000 | RHS- | M] ()
 Daron Drywall, Inc.QBB -> C:\Daron Drywall, Inc.QBB -> [2002/11/07 08:24:01 | 000,241,664 | ---- | M] ()
 MSDOS.SYS -> C:\MSDOS.SYS -> [2002/09/18 11:33:30 | 000,000,000 | RHS- | M] ()
 NTDETECT.COM -> C:\NTDETECT.COM -> [2004/10/15 08:22:58 | 000,047,564 | RHS- | M] ()
 ntldr -> C:\ntldr -> [2008/08/11 12:11:30 | 000,250,048 | RHS- | M] ()
 Pacific Rim Interiors, LLC.QBB -> C:\Pacific Rim Interiors, LLC.QBB -> [2002/11/07 08:22:16 | 001,086,976 | ---- | M] ()
 pagefile.sys -> C:\pagefile.sys -> [2011/01/14 11:03:50 | 402,653,184 | -HS- | M] ()
 PDOXUSRS.NET -> C:\PDOXUSRS.NET -> [2003/04/21 11:54:24 | 000,013,030 | ---- | M] ()
 Pres.Homes2002.QBB -> C:\Pres.Homes2002.QBB -> [2003/01/30 15:33:24 | 012,396,032 | ---- | M] ()
 TDSSKiller.2.4.12.0_23.12.2010_15.58.30_log.txt -> C:\TDSSKiller.2.4.12.0_23.12.2010_15.58.30_log.txt -> [2010/12/23 16:02:43 | 000,078,136 | ---- | M] ()
 TDSSKiller.2.4.12.0_23.12.2010_16.04.37_log.txt -> C:\TDSSKiller.2.4.12.0_23.12.2010_16.04.37_log.txt -> [2010/12/23 16:05:21 | 000,040,056 | ---- | M] ()
 TDSSKiller.2.4.12.0_31.12.2010_18.28.10_log.txt -> C:\TDSSKiller.2.4.12.0_31.12.2010_18.28.10_log.txt -> [2010/12/31 18:29:03 | 000,039,822 | ---- | M] ()
 The Terraces Subdivision, LLC 03 26 04.QBB -> C:\The Terraces Subdivision, LLC 03 26 04.QBB -> [2004/03/26 10:32:31 | 000,124,416 | ---- | M] ()
 The Terraces Subdivision, LLC.QBB -> C:\The Terraces Subdivision, LLC.QBB -> [2002/11/07 08:29:18 | 000,097,280 | ---- | M] ()
<       %systemroot%\*. /mp /s >
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
<       %systemroot%\System32\config\*.sav >
 default.sav -> C:\WINDOWS\system32\config\default.sav -> [2002/09/17 19:18:39 | 000,090,112 | ---- | M] ()
 software.sav -> C:\WINDOWS\system32\config\software.sav -> [2002/09/17 19:18:38 | 000,630,784 | ---- | M] ()
 system.sav -> C:\WINDOWS\system32\config\system.sav -> [2002/09/17 19:18:38 | 000,385,024 | ---- | M] ()
<       HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
<       HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install ->  -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime -> 2010-12-12 04:34:03 -> 
< End of report >
 
#14 ·
Hiya blu47,

If you want me to help you must follow my instructions, I asked you to run OTL and gave the relevant instructions, you actually ran OTS and it was the second run, so that tool was used previously.
Please only do what I ask, also do not post logs in code boxes, it makes it very hard to analyze them.....

Kevin
 
#15 ·
sorry about all that. found an older version on here. so got rid of it now. now, that i'm on the same page - is it possible to get rid of any traces of anything else run on here w/ out feeling like an idiot?

Here's the logs requested.
OTL logfile created on: 1/14/2011 12:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 607.00 Mb Available Physical Memory | 79.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 21.72 Gb Free Space | 58.27% Space Free | Partition Type: NTFS
Drive E: | 19.13 Gb Total Space | 16.09 Gb Free Space | 84.11% Space Free | Partition Type: FAT32

Computer Name: ACCOUNTING1 | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/14 12:49:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
PRC - [2008/04/13 15:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/01/14 12:49:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
MOD - [2010/08/23 07:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/12/06 08:15:34 | 002,849,784 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2007/07/20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/07/20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/01/06 10:07:26 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)
SRV - [2003/03/09 11:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2000/12/07 15:51:56 | 000,051,200 | -H-- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\PackethSvc.exe -- (PackethSvc)

========== Driver Services (SafeList) ==========

DRV - [2010/09/19 07:57:36 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/09/10 23:40:48 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2008/04/13 09:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 09:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/07/20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/07/18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/07/18 15:44:00 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/18 15:39:15 | 001,278,104 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/07/18 15:39:15 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/12/13 16:52:50 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/08/31 15:12:08 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/01/06 10:07:27 | 000,050,276 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11)
DRV - [2006/01/06 10:07:27 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2006/01/06 10:07:27 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2006/01/06 10:07:26 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2004/10/07 16:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 20:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/06/12 00:56:44 | 000,098,304 | R--- | M] (ATMEL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vnet558x.sys -- (FVNETusb)
DRV - [2003/05/02 14:19:00 | 001,312,555 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/03/17 19:27:50 | 000,307,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg311nd5.sys -- (NETGEAR_WG311_SERVICE)
DRV - [2002/08/28 20:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2002/04/11 16:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2002/04/08 16:36:18 | 000,305,100 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2002/03/28 02:05:00 | 000,006,016 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2001/08/18 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/18 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 03:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2000/12/03 09:35:58 | 000,022,640 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CDD6DF24-B2F3-4780-B57C-C984430DAB3D}:1.9.1
FF - prefs.js..extensions.enabledItems: {6BBB6066-4F46-4CCE-9540-25178C5ED123}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D}: C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D} [2010/01/22 16:48:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6BBB6066-4F46-4CCE-9540-25178C5ED123}: C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\{6BBB6066-4F46-4CCE-9540-25178C5ED123}\ [2010/01/28 15:20:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 13:57:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/15 13:57:06 | 000,000,000 | ---D | M]

[2008/08/29 11:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Extensions
[2011/01/03 12:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions
[2010/12/15 13:57:33 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/12/16 18:01:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/03 12:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/10 17:36:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/01/28 15:20:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{6BBB6066-4F46-4CCE-9540-25178C5ED123}
[2010/01/22 16:48:14 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D}
[2010/12/10 17:35:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/10 17:35:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/06/30 21:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2011/01/13 15:23:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215493224746 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5183/mcfscan.cab (McFreeScan Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.165.131.12 209.165.131.13
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://p.webshots.com/img/mdocs/star_12x12.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/18 11:33:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/09/18 13:43:36 | 000,000,243 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000/04/07 09:02:10 | 000,000,378 | ---- | M] () - E:\autoexec.nav -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/01/14 12:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTMlogs
[2011/01/14 12:49:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
[2011/01/13 16:41:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\CFlogs
[2011/01/13 15:50:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/13 15:50:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Recent
[2011/01/13 15:17:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/13 15:08:55 | 000,000,000 | ---D | C] -- C:\FixCO
[2011/01/13 13:03:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/11 11:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/05 09:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2011/01/05 09:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\Anti-Malware
[2010/12/17 21:13:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/17 21:13:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/17 21:13:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/17 21:13:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

========== Files - Modified Within 30 Days ==========

[2011/01/14 12:57:05 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/14 12:56:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/14 12:49:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
[2011/01/13 15:23:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/13 15:10:55 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2011/01/13 13:41:25 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\SecurityCheck.exe
[2011/01/13 13:03:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/13 12:55:06 | 004,154,145 | R--- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\FixCO.exe
[2011/01/11 16:16:33 | 000,046,797 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\esetonline.JPG
[2011/01/10 19:01:35 | 002,359,350 | ---- | M] () -- C:\WINDOWS\Webshots for Admin.bmp
[2011/01/10 17:47:37 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/01/08 13:53:06 | 000,000,058 | ---- | M] () -- C:\WINDOWS\RegDefrag.ini
[2011/01/05 21:18:54 | 000,000,561 | ---- | M] () -- C:\hpfr5550.xml
[2011/01/05 21:16:56 | 000,000,034 | ---- | M] () -- C:\WINDOWS\hpfsched.ini
[2011/01/05 19:41:54 | 000,005,292 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20110105_194150.reg
[2011/01/05 17:24:53 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/23 16:10:09 | 000,004,844 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101223_161006.reg
[2010/12/21 17:52:50 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 12:28:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/17 21:24:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110111-110448.backup
[2010/12/17 16:16:12 | 000,012,788 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101217_161606.reg

========== Files Created - No Company Name ==========

[2011/01/13 15:10:55 | 000,001,224 | ---- | C] () -- C:\CF-Submit.htm
[2011/01/13 13:41:21 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\SecurityCheck.exe
[2011/01/13 13:03:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/01/13 13:03:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/13 13:00:46 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/13 12:54:55 | 004,154,145 | R--- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\FixCO.exe
[2011/01/11 12:42:48 | 000,046,797 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\esetonline.JPG
[2011/01/05 21:16:56 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2011/01/05 19:41:52 | 000,005,292 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20110105_194150.reg
[2010/12/23 16:10:08 | 000,004,844 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101223_161006.reg
[2010/12/17 21:13:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/17 21:13:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/17 21:13:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/17 21:13:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/17 16:16:09 | 000,012,788 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101217_161606.reg
[2010/06/24 10:44:22 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/24 10:44:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/06/24 10:44:19 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/24 10:44:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/24 10:44:18 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/27 17:24:46 | 000,004,940 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/01/31 17:07:07 | 000,000,058 | ---- | C] () -- C:\WINDOWS\RegDefrag.ini
[2010/01/20 20:15:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\housecall.guid.cache
[2009/10/08 12:09:06 | 000,000,306 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/07 12:52:43 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/08/04 20:13:44 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2008/07/05 20:07:24 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/02/29 22:21:02 | 000,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/02/16 16:21:29 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/09 14:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/11 20:24:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2007/09/30 17:14:20 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/05/19 10:12:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2006/04/11 08:19:56 | 000,001,398 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\AdobeDLM.log
[2006/04/11 08:19:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\dm.ini
[2005/09/02 14:57:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Admin.ini
[2005/05/09 08:05:54 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/04/19 10:12:46 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\fusioncache.dat
[2003/03/09 11:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/02/18 16:17:23 | 000,000,186 | ---- | C] () -- C:\WINDOWS\Teneron.ini
[2002/10/10 16:32:20 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2002/10/03 11:40:51 | 000,000,187 | ---- | C] () -- C:\WINDOWS\BW.ini
[2002/09/20 08:45:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/09/18 17:08:07 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2002/09/17 19:20:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2000/10/17 16:43:12 | 000,906,784 | ---- | C] () -- C:\WINDOWS\System32\Owl52f.dll
[2000/09/13 18:15:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll
[1999/01/04 12:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 01:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== LOP Check ==========

[2008/09/07 12:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\iolo
[2008/07/06 00:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\TrojanHunter
[2010/09/20 16:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2003/09/22 10:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America Online
[2010/07/14 16:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/12/21 12:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/15 12:24:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2008/09/07 12:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/01/24 15:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\supiyiha
[2010/02/01 14:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2010/02/01 17:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vegapaye
[2005/08/11 10:51:55 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1115658956.job
[2011/01/13 22:09:44 | 000,032,594 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2010/10/10 14:02:42 | 000,000,011 | ---- | M] () -- C:\AuResult.ini
[2002/09/18 11:33:30 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/12/19 12:28:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/01/13 13:03:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/13 15:10:55 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2002/09/18 11:33:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/08/31 13:06:34 | 000,000,907 | ---- | M] () -- C:\hpfr3420.xml
[2007/08/31 13:06:34 | 000,394,917 | ---- | M] () -- C:\hpfr3425.log
[2011/01/05 21:18:54 | 000,000,561 | ---- | M] () -- C:\hpfr5550.xml
[2011/01/05 21:18:54 | 000,281,034 | ---- | M] () -- C:\hph7350.log
[2002/09/18 11:33:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/11/07 08:24:01 | 000,241,664 | ---- | M] () -- C:\Daron Drywall, Inc.QBB
[2002/09/18 11:33:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/10/15 08:22:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/11 12:11:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2002/11/07 08:22:16 | 001,086,976 | ---- | M] () -- C:\Pacific Rim Interiors, LLC.QBB
[2011/01/14 12:55:50 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
[2003/04/21 11:54:24 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2003/01/30 15:33:24 | 012,396,032 | ---- | M] () -- C:\Pres.Homes2002.QBB
[2004/03/26 10:32:31 | 000,124,416 | ---- | M] () -- C:\The Terraces Subdivision, LLC 03 26 04.QBB
[2002/11/07 08:29:18 | 000,097,280 | ---- | M] () -- C:\The Terraces Subdivision, LLC.QBB

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2002/09/17 19:18:39 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/09/17 19:18:38 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/09/17 19:18:38 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-12 04:34:03
< End of report >

OTL Extras logfile created on: 1/14/2011 12:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 607.00 Mb Available Physical Memory | 79.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 21.72 Gb Free Space | 58.27% Space Free | Partition Type: NTFS
Drive E: | 19.13 Gb Total Space | 16.09 Gb Free Space | 84.11% Space Free | Partition Type: FAT32

Computer Name: ACCOUNTING1 | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe" = C:\Program Files\NETGEAR\Wireless Smart Configuration\Utility\NetgearAG.exe:*:Enabled:NetgearAG -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" = C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware -- (Malwarebytes Corporation)
"C:\kav\kav7\setup.exe" = C:\kav\kav7\setup.exe:*:Disabled:Kaspersky Anti-Virus 7.0 Setup -- (Kaspersky Lab)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{14374624-0900-4056-BA06-C87C900AF9E6}" = QuickBooks Premier Edition 2005
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9077253B-FBE9-416A-8D7A-9A58C2E83B39}" = NETGEAR Wireless PCI Adapter
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{99A12218-772D-44F6-9483-6CEC92223C1D}" = TurboProject Deluxe v.4
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Avance AC'97 Audio
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Ad-aware 5.83" = Ad-aware 5.83
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk Express Viewer" = Autodesk Express Viewer
"CCleaner" = CCleaner
"Duplicate Finder_is1" = Duplicate Finder
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.1
"ESET Online Scanner" = ESET Online Scanner v3
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"HP PSC 1200 Series" = HP Photo and Imaging 2.0 - hp psc 1200 series
"hp psc 1200 series_Driver" = hp psc 1200 series
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NTI CD-Maker 2000 Plus" = NTI CD-Maker 2000 Plus
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Plaxo" = Plaxo
"QcDrv" = Logitech® Camera Driver
"RealPlayer 6.0" = RealPlayer
"UDA Construction Office 2003" = UDA Construction Office 2003
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Webshots Desktop" = Webshots Desktop
"WinASO Registry Optimizer 4.5.3_is1" = WinASO Registry Optimizer 4.5.3
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/15/2010 1:27:17 AM | Computer Name = ACCOUNTING1 | Source = MsiInstaller | ID = 11706
Description = Product: HP Photo and Imaging 2.0 - All-in-One Drivers -- Error 1706.No
valid source could be found for product HP Photo and Imaging 2.0 - All-in-One Drivers.
The Windows Installer cannot continue.

Error - 12/17/2010 5:18:10 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
Description = Faulting application regopt.exe, version 4.5.3.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 12/19/2010 7:20:28 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 12/19/2010 7:20:32 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1001
Description = Fault bucket -2081677592.

Error - 12/27/2010 1:31:04 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
module xul.dll, version 1.9.2.3989, fault address 0x0070b15a.

Error - 12/27/2010 1:31:24 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1001
Description = Fault bucket -2077656330.

Error - 1/6/2011 2:17:08 AM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
Description = Faulting application hpfiui.exe, version 4.2.41.0, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 1/6/2011 2:17:14 AM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1001
Description = Fault bucket 1250658336.

Error - 1/13/2011 6:06:18 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d560.

Error - 1/13/2011 6:09:56 PM | Computer Name = ACCOUNTING1 | Source = Application Error | ID = 1000
Description = Faulting application pev.exe, version 0.0.0.0, faulting module pev.exe,
version 0.0.0.0, fault address 0x0008d560.

[ System Events ]
Error - 1/14/2011 5:31:54 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/14/2011 5:36:22 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/14/2011 5:36:52 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/14/2011 5:36:54 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/14/2011 5:37:02 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/14/2011 5:44:51 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/14/2011 5:49:39 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/14/2011 5:54:02 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/14/2011 5:57:17 PM | Computer Name = ACCOUNTING1 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/14/2011 5:57:43 PM | Computer Name = ACCOUNTING1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
a2injectiondriver cmdGuard Fips intelppm

< End of report >
 
#16 ·
Hiya blu47

Don`t feel like an idiot, its very eaasy to make a mistake. We`ve all been there before.......

Continue as follows:-

Step 1

Re-Run
by double left click, Vista and Widows 7 users right click and select Run as Administrator.
  • Under the
    box at the bottom, paste in the following

    Code:
    :OTL
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - Reg Error: Key error. File not found
    O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - File not found
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab  (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jin...ndows-i586.cab (Java Plug-in 1.5.0_09)
    O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\TrojanHunter
    C:\Documents and Settings\All Users\Application Data\avg9
    C:\Documents and Settings\All Users\Application Data\Hitman Pro
    C:\Documents and Settings\All Users\Application Data\IObit
    C:\Documents and Settings\All Users\Application Data\supiyiha
    C:\Documents and Settings\All Users\Application Data\vegapaye
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
  • Then click
    button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

  • Re-open Malwarebytes and check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

What i`d like in your reply :-

  • Log from OTL fix
  • Log from OTL Quick scan
  • Log from Malwarebytes
  • Give system review. Any improvements, any specific issues.

Kevin...
 
#17 ·
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F47C1DB5-ED21-4dc1-853E-D1495792D4C5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control Microsoft XML Parser for Java Reg Error: Value error.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java Reg Error: Value error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java Reg Error: Value error.\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\TrojanHunter folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Hitman Pro folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IObit\IObit Security 360 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\IObit folder moved successfully.
C:\Documents and Settings\All Users\Application Data\supiyiha folder moved successfully.
C:\Documents and Settings\All Users\Application Data\vegapaye folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Admin.PRESTIGE-SYS4
->Temp folder emptied: 14210 bytes
->Temporary Internet Files folder emptied: 29974581 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5331275 bytes
->Flash cache emptied: 1359 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Elsa
->Temp folder emptied: 4760 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 3982025 bytes
->Flash cache emptied: 434 bytes

User: Jason

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 848 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 6375996 bytes

Total Files Cleaned = 44.00 mb

[EMPTYFLASH]

User: Admin

User: Admin.PRESTIGE-SYS4
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Elsa
->Flash cache emptied: 0 bytes

User: Jason

User: LocalService

User: NetworkService

User: Tom
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

OTL by OldTimer - Version 3.2.20.2 log created on 01142011_145759
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

2nd log
OTL logfile created on: 1/14/2011 3:13:04 PM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 611.00 Mb Available Physical Memory | 80.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.27 Gb Total Space | 21.75 Gb Free Space | 58.36% Space Free | Partition Type: NTFS
Drive E: | 19.13 Gb Total Space | 16.09 Gb Free Space | 84.11% Space Free | Partition Type: FAT32

Computer Name: ACCOUNTING1 | User Name: Admin | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/14 12:49:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
PRC - [2008/04/13 15:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/01/14 12:49:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
MOD - [2010/08/23 07:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/12/06 08:15:34 | 002,849,784 | ---- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/09/10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2007/07/20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/07/20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/07/20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2006/01/06 10:07:26 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)
SRV - [2003/03/09 11:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2000/12/07 15:51:56 | 000,051,200 | -H-- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\PackethSvc.exe -- (PackethSvc)

========== Driver Services (SafeList) ==========

DRV - [2010/09/19 07:57:36 | 000,072,808 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/09/10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010/09/10 23:40:48 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010/09/05 11:25:22 | 000,041,928 | ---- | M] (Emsi Software GmbH) [File_System | System | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/05/05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2008/04/13 09:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 09:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/07/20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/07/20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/07/18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/07/18 15:44:00 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/07/18 15:39:15 | 001,278,104 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/07/18 15:39:15 | 000,013,848 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/12/13 16:52:50 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/08/31 15:12:08 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/01/06 10:07:27 | 000,050,276 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11)
DRV - [2006/01/06 10:07:27 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2006/01/06 10:07:27 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2006/01/06 10:07:26 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2004/10/07 16:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 20:29:26 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/06/12 00:56:44 | 000,098,304 | R--- | M] (ATMEL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vnet558x.sys -- (FVNETusb)
DRV - [2003/05/02 14:19:00 | 001,312,555 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/03/17 19:27:50 | 000,307,904 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg311nd5.sys -- (NETGEAR_WG311_SERVICE)
DRV - [2002/08/28 20:59:12 | 000,036,224 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2002/04/11 16:43:44 | 000,016,194 | ---- | M] (AMBIT Microsystems Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AWINDIS5.SYS -- (AWINDIS5)
DRV - [2002/04/08 16:36:18 | 000,305,100 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2002/03/28 02:05:00 | 000,006,016 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2001/08/18 03:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/18 03:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 12:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001/08/17 03:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2000/12/03 09:35:58 | 000,022,640 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wandrv.sys -- (wandrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {CDD6DF24-B2F3-4780-B57C-C984430DAB3D}:1.9.1
FF - prefs.js..extensions.enabledItems: {6BBB6066-4F46-4CCE-9540-25178C5ED123}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D}: C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D} [2010/01/22 16:48:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6BBB6066-4F46-4CCE-9540-25178C5ED123}: C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\{6BBB6066-4F46-4CCE-9540-25178C5ED123}\ [2010/01/28 15:20:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/15 13:57:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/15 13:57:06 | 000,000,000 | ---D | M]

[2008/08/29 11:50:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Extensions
[2011/01/03 12:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions
[2010/12/15 13:57:33 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/12/16 18:01:45 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\Mozilla\Firefox\Profiles\r87okycu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/03 12:30:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/10 17:36:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/01/28 15:20:31 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{6BBB6066-4F46-4CCE-9540-25178C5ED123}
[2010/01/22 16:48:14 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMIN.PRESTIGE-SYS4\LOCAL SETTINGS\APPLICATION DATA\{CDD6DF24-B2F3-4780-B57C-C984430DAB3D}
[2010/12/10 17:35:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/10 17:35:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/06/30 21:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2011/01/14 14:58:15 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup\Webshots.lnk = C:\Program Files\Webshots\Launcher.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1215493224746 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5183/mcfscan.cab (McFreeScan Class)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.165.131.12 209.165.131.13
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://p.webshots.com/img/mdocs/star_12x12.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/18 11:33:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/09/18 13:43:36 | 000,000,243 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2000/04/07 09:02:10 | 000,000,378 | ---- | M] () - E:\autoexec.nav -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/14 14:57:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/01/14 12:49:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
[2011/01/13 15:50:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/13 15:50:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Recent
[2011/01/13 15:17:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/01/13 15:08:55 | 000,000,000 | ---D | C] -- C:\FixCO
[2011/01/13 13:03:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/11 11:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/05 09:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Emsisoft Anti-Malware
[2011/01/05 09:09:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\Anti-Malware
[2010/12/17 21:13:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/17 21:13:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/17 21:13:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/17 21:13:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

========== Files - Modified Within 30 Days ==========

[2011/01/14 15:08:52 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/14 14:59:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/14 14:58:15 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/01/14 12:49:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\OTL.com
[2011/01/13 15:10:55 | 000,001,224 | ---- | M] () -- C:\CF-Submit.htm
[2011/01/13 13:41:25 | 000,879,028 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\SecurityCheck.exe
[2011/01/13 13:03:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/13 12:55:06 | 004,154,145 | R--- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\FixCO.exe
[2011/01/11 16:16:33 | 000,046,797 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\esetonline.JPG
[2011/01/10 19:01:35 | 002,359,350 | ---- | M] () -- C:\WINDOWS\Webshots for Admin.bmp
[2011/01/10 17:47:37 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/01/08 13:53:06 | 000,000,058 | ---- | M] () -- C:\WINDOWS\RegDefrag.ini
[2011/01/05 21:18:54 | 000,000,561 | ---- | M] () -- C:\hpfr5550.xml
[2011/01/05 21:16:56 | 000,000,034 | ---- | M] () -- C:\WINDOWS\hpfsched.ini
[2011/01/05 19:41:54 | 000,005,292 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20110105_194150.reg
[2011/01/05 17:24:53 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/23 16:10:09 | 000,004,844 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101223_161006.reg
[2010/12/21 17:52:50 | 000,260,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/19 12:28:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/17 21:24:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110111-110448.backup
[2010/12/17 16:16:12 | 000,012,788 | ---- | M] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101217_161606.reg

========== Files Created - No Company Name ==========

[2011/01/13 15:10:55 | 000,001,224 | ---- | C] () -- C:\CF-Submit.htm
[2011/01/13 13:41:21 | 000,879,028 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\SecurityCheck.exe
[2011/01/13 13:03:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/01/13 13:03:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/13 12:54:55 | 004,154,145 | R--- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\FixCO.exe
[2011/01/11 12:42:48 | 000,046,797 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Desktop\esetonline.JPG
[2011/01/05 21:16:56 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2011/01/05 19:41:52 | 000,005,292 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20110105_194150.reg
[2010/12/23 16:10:08 | 000,004,844 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101223_161006.reg
[2010/12/17 21:13:05 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/17 21:13:05 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/17 21:13:05 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/17 21:13:05 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/17 16:16:09 | 000,012,788 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\My Documents\cc_20101217_161606.reg
[2010/06/24 10:44:22 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/06/24 10:44:22 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/06/24 10:44:19 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/24 10:44:19 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/24 10:44:18 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/27 17:24:46 | 000,004,940 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mtbjfghn.xbe
[2010/01/31 17:07:07 | 000,000,058 | ---- | C] () -- C:\WINDOWS\RegDefrag.ini
[2010/01/20 20:15:26 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\housecall.guid.cache
[2009/10/08 12:09:06 | 000,000,306 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/07 12:52:43 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/08/04 20:13:44 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\thxcfg.ini
[2008/07/05 20:07:24 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/02/29 22:21:02 | 000,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/02/16 16:21:29 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2008/01/09 14:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/11 20:24:58 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2007/09/30 17:14:20 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/05/19 10:12:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2006/04/11 08:19:56 | 000,001,398 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\AdobeDLM.log
[2006/04/11 08:19:56 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\dm.ini
[2005/09/02 14:57:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Admin.ini
[2005/05/09 08:05:54 | 000,000,191 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2005/04/19 10:12:46 | 000,000,142 | ---- | C] () -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Local Settings\Application Data\fusioncache.dat
[2003/03/09 11:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/02/18 16:17:23 | 000,000,186 | ---- | C] () -- C:\WINDOWS\Teneron.ini
[2002/10/10 16:32:20 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\hpgt42.dll
[2002/10/03 11:40:51 | 000,000,187 | ---- | C] () -- C:\WINDOWS\BW.ini
[2002/09/20 08:45:17 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/09/18 17:08:07 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2002/09/17 19:20:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2000/10/17 16:43:12 | 000,906,784 | ---- | C] () -- C:\WINDOWS\System32\Owl52f.dll
[2000/09/13 18:15:38 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pagesync.dll
[1999/01/04 12:25:00 | 000,375,296 | ---- | C] () -- C:\WINDOWS\System32\tx32.dll
[1998/11/04 01:20:00 | 000,000,202 | ---- | C] () -- C:\WINDOWS\System32\Ic32.ini

========== LOP Check ==========

[2008/09/07 12:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin.PRESTIGE-SYS4\Application Data\iolo
[2010/09/20 16:55:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2003/09/22 10:08:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\America Online
[2008/09/07 12:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2010/02/01 14:40:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2005/08/11 10:51:55 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1115658956.job
[2011/01/13 22:09:44 | 000,032,594 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >
 
#18 ·
no infections found. problem is that I downloaded twice before to update this week. just now it asked for an update saying it was 25 days out of date. so I restarted to check on whether it would ask for an update on third try. the program said update is okay so I did Quick Scan.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5521
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
1/14/2011 3:47:37 PM
mbam-log-2011-01-14 (15-47-37).txt
Scan type: Quick scan
Objects scanned: 177827
Time elapsed: 6 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 
#20 ·
Hello Kevin, I am seeing an unresponsive and delayed behavior. When at startup it seems slower. Although it was always a tad slow at booting up. Then logging in, the mouse does not respond or move as usual. It is verry slooow. Then opening a browser. It takes a little longer. But the main issue is that sometimes get hanged up or takes its time loading. It seems to operate in stages. Slow start, then works, and either keeps functioning properly or will remain unresponsive for a short time. That is all I can tell you at the moment.
 
#22 ·
MBAM is still requiring the 5.74Mb file for update. Its like it is broken & downloaded it over and over again. The database says latest file is today.

here's the log requested.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5521
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/14/2011 4:50:27 PM
mbam-log-2011-01-14 (16-50-27).txt
Scan type: Quick scan
Objects scanned: 178859
Time elapsed: 22 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
 
#23 ·
The current Database version is 5522, I have just checked my own version of Malwarebytes. Can you update and run quick scan again in Normal mode. Next,

Delete your version of Combofix from your Desktop, download a fresh version from either of the following links and run a scan in Normal mode:

Link 1
Link 2

Post relevant logs....

Kevin
 
#26 ·
My browser froze up on me. I was moving the mouse around trying to get it to work when going to MBAM and accidentally deleted all my logs (2 1/2 years worth). Umm..not sure what happened with the version. It told 5522 before closing it. Here's the 2 logs.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5522
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/14/2011 6:34:46 PM
mbam-log-2011-01-14 (18-34-46).txt
Scan type: Quick scan
Objects scanned: 178987
Time elapsed: 13 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)

ComboFix 11-01-10.04 - Admin 01/14/2011 18:41:02.19.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.470 [GMT -9:00]
Running from: c:\documents and settings\Admin.PRESTIGE-SYS4\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\SUPERAntiSpyware\BootSafe.exe
c:\program files\SUPERAntiSpyware\detect.wav
c:\program files\SUPERAntiSpyware\deupx.dll
c:\program files\SUPERAntiSpyware\msvcr71.dll
c:\program files\SUPERAntiSpyware\Plugins\sab_incr.dll
c:\program files\SUPERAntiSpyware\Plugins\sab_mapi.dll
c:\program files\SUPERAntiSpyware\Plugins\sab_wab.dll
c:\program files\SUPERAntiSpyware\PROCESSLIST.DB
c:\program files\SUPERAntiSpyware\PROCESSLISTRELATED.DB
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
c:\program files\SUPERAntiSpyware\sasdifsv.sys
c:\program files\SUPERAntiSpyware\SASENUM.SYS
c:\program files\SUPERAntiSpyware\SASINST.EXE
c:\program files\SUPERAntiSpyware\SASKUTIL.SYS
c:\program files\SUPERAntiSpyware\SASREPAIRS.STG
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\SUPERAntiSpyware\SSUpdate.exe
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.chm
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
c:\windows\system32\drivers\hitmanpro35.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NDISKIO
-------\Legacy_SASDIFSV
-------\Legacy_SASENUM
-------\Legacy_SASKUTIL
-------\Service_NDISKIO
-------\Service_SASDIFSV
-------\Service_SASENUM
-------\Service_SASKUTIL

((((((((((((((((((((((((( Files Created from 2010-12-15 to 2011-01-15 )))))))))))))))))))))))))))))))
.
2011-01-14 23:57 . 2011-01-14 23:57 -------- d-----w- C:\_OTL
2011-01-11 20:52 . 2011-01-11 20:52 -------- d-----w- c:\program files\ESET
2011-01-06 04:01 . 2011-01-06 04:01 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 03:09 . 2010-11-17 20:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 03:08 . 2010-11-17 20:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 02:35 . 2010-12-11 02:36 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-11 02:35 . 2010-12-11 02:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-13_21.35.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-15 03:19 . 2011-01-15 03:19 16384 c:\windows\temp\Perflib_Perfdata_7ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-11 2500552]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
c:\documents and settings\Admin.PRESTIGE-SYS4\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2004-4-22 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-26 01:02 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-26 01:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 20:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [BU]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NETGEAR\\Wireless Smart Configuration\\Utility\\NetgearAG.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Elsa\\Local Settings\\Application Data\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\kav\\kav7\\setup.exe"=
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [1/5/2011 9:09 AM 41928]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [1/5/2011 9:09 AM 11776]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [9/10/2010 11:40 PM 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [9/10/2010 11:40 PM 239240]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [1/5/2011 9:09 AM 2849784]
R2 PackethSvc;Virtual NIC Service;c:\windows\system32\PackethSvc.exe [9/22/2003 10:08 AM 51200]
S3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [1/5/2011 9:09 AM 72808]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [10/6/2003 7:34 AM 16194]
S3 NETGEAR_WG311_SERVICE;NETGEAR WG311 Wireless PCI Adapter Service;c:\windows\system32\drivers\wg311nd5.sys [10/6/2003 7:34 AM 307904]
.
Contents of the 'Scheduled Tasks' folder
2005-08-11 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8115658956.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 08:52]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: {9F3269FD-46B5-4252-A9DA-58CF96C69347} = 156.154.70.22,156.154.71.22
TCP: {E26442D6-73FF-4322-A260-45EFC8BFC03F} = 156.154.70.22,156.154.71.22
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-14 18:51
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\guard32.dll
- - - - - - - > 'explorer.exe'(2224)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\program files\Emsisoft Anti-Malware\a2hooks32.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WS2_32.dll
c:\windows\system32\WS2HELP.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\mswsock.dll
c:\windows\System32\wshtcpip.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-01-14 18:57:59
ComboFix-quarantined-files.txt 2011-01-15 03:57
Pre-Run: 22,536,802,304 bytes free
Post-Run: 22,514,745,344 bytes free
- - End Of File - - AB8929C4BF78A6D9B7B010D5DBC48690
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top