Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox redirects while searching google, possibly remments from AV Security Suite?


  • This topic is locked This topic is locked
8 replies to this topic

#1 amtrak23

amtrak23

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 22 July 2010 - 03:35 PM

We had AV Security Suite a few weeks back and thought I knocked it out with rkill & Mbytes in safemode, along with superantispyware. Browser redirects in IE went away, and I set the user up with Firefox w/adblock+, and Microsoft Security Essentials. Also, immunized with Spybot and all seemed fine for a few weeks. Today she couldn't do some simple Google searches because random pages were getting returned (http://top.infomash.org). I looked at the MSE history and saw these in there as quarantined or removed: Alureon.H, Obfuscator.DO, FakeSpypro, TVmediaDisplay, MemoryMeter.

DDS below, others attached. Thanks for looking!


DDS (Ver_10-03-17.01) - NTFSx86
Run by Warehouse One at 13:58:47.09 on 07/22/10
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.220 [GMT -4:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Peach\MessageCenter\bin\Sage.MessageCenter.exe
C:\Program Files\Sage Software\Peachtree\peachw.exe
C:\Program Files\Common Files\Peach\V1700\OUPAW17.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: CitiUSBrowserHelper Class: {387edf53-1cf2-4523-bc2f-13462651be8c} - c:\windows\system32\BhoCitUS.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [PeachtreePrefetcher.exe] "c:\progra~1\sageso~1\peacht~1\PeachtreePrefetcher.exe" /configfile:peachtreeprefetcher.winstart.config
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mPolicies-explorer: <NO NAME> =
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resources/2.2.0.51g/cab/aolpPlugins.10.4.0.2.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B49C4597-8721-4789-9250-315DFBD9F525} - hxxp://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {739F48F6-A2DF-4794-AD8B-FC0CF049A9B6} = 192.168.1.150
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.1.10 HP0015604C00D0

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\wareho~1.war\applic~1\mozilla\firefox\profiles\7hry599r.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5577
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 151216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

=============== Created Last 30 ================

2010-07-12 17:32:24 0 d-----w- c:\docume~1\wareho~1.war\applic~1\SUPERAntiSpyware.com
2010-07-12 17:32:24 0 d-----w- c:\docume~1\alluse~1.win\applic~1\SUPERAntiSpyware.com
2010-07-12 17:32:08 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-12 17:27:16 0 d-----w- c:\docume~1\wareho~1.war\applic~1\Foxit Software
2010-07-12 17:25:41 0 d-----w- c:\program files\Ask.com
2010-07-12 17:25:33 0 d-----w- c:\program files\Foxit Software
2010-07-08 23:14:56 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-08 23:14:56 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-07-08 19:51:37 0 d-----w- c:\program files\Microsoft Security Essentials
2010-07-08 18:48:21 0 d-----w- c:\docume~1\wareho~1.war\applic~1\Malwarebytes
2010-07-08 18:48:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-08 18:48:09 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-08 18:48:09 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-08 18:48:09 0 d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes
2010-07-08 18:13:26 2724 ----a-w- c:\windows\apasupuka.dll.old

==================== Find3M ====================

2010-05-04 17:20:39 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20:34 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-05-04 17:20:32 17408 ----a-w- c:\windows\system32\corpol.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2006-06-27 20:35:16 56 --sh--r- c:\windows\system32\0A171B6F5D.sys
2008-03-25 12:52:55 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-10-22 01:17:05 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102120081022\index.dat

============= FINISH: 14:02:34.32 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 29 July 2010 - 06:19 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


In your reply, please post both OTL logs.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 amtrak23

amtrak23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 02 August 2010 - 10:17 AM

Thanks for the response. The PC seems ok for the last week or so, but I would obviously like to double check for anymore remaining bad guys. Tdsskiller is what seemed to finally clean it up. OTL logs are below.


OTL logfile created on: 08/02/10 11:09:07 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

511.00 Mb Total Physical Memory | 250.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 36.00 Gb Free Space | 64.48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 72.72 Gb Total Space | 66.44 Gb Free Space | 91.36% Space Free | Partition Type: NTFS

Computer Name: WAREHOUSE1
Current User Name: Warehouse One
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/02 11:07:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\OTL.exe
PRC - [2010/07/27 19:08:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/04/29 06:26:39 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2009/03/19 00:16:58 | 000,009,728 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\Common Files\Peach\MessageCenter\bin\Sage.MessageCenter.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2004/08/09 07:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/08/02 11:07:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/05/31 19:02:32 | 007,544,916 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -- (MSSQL$ACT7)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -- (SQLAgent$ACT7)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/03/14 14:59:00 | 001,223,562 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2002/08/30 12:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 14:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\irstusb.sys -- (STIrUsb)
DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {54BB9F3F-07E5-486c-9B39-C7398B99391C}:3.1.2009110201
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 5577
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/27 19:09:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 19:09:13 | 000,000,000 | ---D | M]

[2010/07/08 14:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla\Extensions
[2010/08/02 08:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla\Firefox\Profiles\7hry599r.default\extensions
[2010/07/12 13:22:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla\Firefox\Profiles\7hry599r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/08 15:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla\Firefox\Profiles\7hry599r.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}
[2010/07/12 13:22:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla\Firefox\Profiles\7hry599r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/08 15:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla\Firefox\Profiles\7hry599r.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/08/02 08:48:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/24 22:27:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/24 22:27:09 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 13:25:02 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/07/15 01:07:00 | 000,609,487 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16077 more lines...
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\SYSTEM32\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-329068152-1844823847-725345543-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKU\S-1-5-21-329068152-1844823847-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk = C:\Program Files\KODAK\KODAK Picture Transfer Software\PTS.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Willow Road Screen Saver.lnk = C:\Program Files\WillowRD\WillowRd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} http://o.aolcdn.com/pictures/ap/Resources/...ns.10.4.0.2.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\ActLink {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Warehouse One.WAREHOUSE1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Warehouse One.WAREHOUSE1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/02 13:09:48 | 000,000,140 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{096ba348-3b22-11de-af70-0007e978252a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{096ba348-3b22-11de-af70-0007e978252a}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{096ba348-3b22-11de-af70-0007e978252a}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{096ba348-3b22-11de-af70-0007e978252a}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{89014eb6-2669-11dd-ae9e-0007e978252a}\Shell - "" = AutoRun
O33 - MountPoints2\{89014eb6-2669-11dd-ae9e-0007e978252a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89014eb6-2669-11dd-ae9e-0007e978252a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ctmp3 - C:\WINDOWS\SYSTEM32\ctmp3.acm (Creative Technology Ltd.)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/02 11:07:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\OTL.exe
[2010/07/27 19:39:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Recent
[2010/07/24 22:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/07/24 22:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/24 22:27:42 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/24 22:27:42 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/24 22:27:41 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/24 22:27:41 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/24 22:27:41 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/24 21:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/24 20:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\GooredFix Backups
[2010/07/24 20:35:22 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/24 20:32:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/12 13:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\SUPERAntiSpyware.com
[2010/07/12 13:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2010/07/12 13:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/12 13:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Foxit Software
[2010/07/12 13:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/07/08 15:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/08 14:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Malwarebytes
[2010/07/08 14:48:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/08 14:48:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/08 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/08 14:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/07/08 14:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\Downloads
[2010/07/08 14:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Local Settings\Application Data\Mozilla
[2010/07/08 14:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla
[2010/07/08 14:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/08 14:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Local Settings\Application Data\gxeicmikg
[2006/06/26 11:41:51 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\Documents and Settings\Warehouse One.WAREHOUSE1\*.tmp files -> C:\Documents and Settings\Warehouse One.WAREHOUSE1\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/02 11:07:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\OTL.exe
[2010/08/02 08:37:18 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/02 08:34:22 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/08/02 08:34:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/02 08:32:03 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/02 08:31:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/02 08:28:54 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\ntuser.ini
[2010/08/02 08:28:52 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\NTUSER.DAT
[2010/07/30 17:17:55 | 005,358,000 | -H-- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Local Settings\Application Data\IconCache.db
[2010/07/27 19:42:28 | 000,247,196 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100727_194216.reg
[2010/07/26 09:24:36 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/07/24 22:27:05 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/24 22:27:04 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/24 22:27:04 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/24 22:27:04 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/24 22:27:03 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/24 20:35:22 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS.MVP
[2010/07/23 12:57:11 | 000,438,762 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100723_125706.reg
[2010/07/15 10:00:07 | 000,293,888 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\girl scouts.doc
[2010/07/15 09:59:01 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\Microsoft Office Word 2003.lnk
[2010/07/15 01:07:00 | 000,609,487 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/07/12 13:25:55 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/12 13:21:42 | 000,444,592 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100712_132132.reg
[2010/07/08 19:14:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/08 19:14:56 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/08 14:33:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/07/08 14:33:50 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/08 14:33:50 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/07/08 14:32:45 | 000,425,478 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100708_143235.reg
[2010/07/01 12:13:42 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\Ian Employment.doc
[2010/06/23 19:05:18 | 000,558,690 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 19:05:18 | 000,480,624 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 19:05:18 | 000,087,194 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/09 19:50:53 | 000,231,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 19:31:49 | 000,000,618 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/10 15:01:36 | 000,010,737 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\StorageCabinetL&D.jpg
[1 C:\Documents and Settings\Warehouse One.WAREHOUSE1\*.tmp files -> C:\Documents and Settings\Warehouse One.WAREHOUSE1\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/27 19:42:21 | 000,247,196 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100727_194216.reg
[2010/07/23 12:57:08 | 000,438,762 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100723_125706.reg
[2010/07/15 10:00:06 | 000,293,888 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\girl scouts.doc
[2010/07/12 13:25:55 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/12 13:21:38 | 000,444,592 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100712_132132.reg
[2010/07/08 19:14:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/08 19:14:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/08 15:58:36 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/08 14:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/08 14:33:50 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/08 14:33:50 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/07/08 14:32:37 | 000,425,478 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100708_143235.reg
[2010/07/01 12:13:42 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\Ian Employment.doc
[2010/05/10 18:00:20 | 000,010,737 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\StorageCabinetL&D.jpg
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/07 13:54:13 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/04/06 17:52:00 | 000,001,790 | ---- | C] () -- C:\WINDOWS\PPAD170.ini
[2009/03/10 16:50:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PC1099.INI
[2009/03/10 16:49:29 | 000,000,410 | ---- | C] () -- C:\WINDOWS\CNV1099.ini
[2008/06/12 16:38:14 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/11/22 10:31:34 | 000,006,207 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/09/22 09:24:59 | 000,000,068 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/08/07 07:45:51 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/05 09:45:37 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/08/05 09:45:37 | 000,000,299 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/08/05 09:45:12 | 000,000,704 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/06/27 13:02:10 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/27 13:02:10 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0A171B6F5D.sys
[2006/06/26 13:54:06 | 000,000,486 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/26 11:42:38 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/06/26 11:41:52 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2006/06/26 11:41:52 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/06/26 11:41:51 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2006/06/26 11:41:49 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2006/06/26 11:41:49 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2006/06/26 11:41:48 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2006/06/26 11:40:46 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/06/26 11:20:39 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/05/17 11:28:14 | 000,016,031 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2006/05/10 16:06:40 | 000,001,765 | ---- | C] () -- C:\WINDOWS\PPAD140.INI_upg2010
[2004/07/13 15:36:40 | 000,001,639 | ---- | C] () -- C:\WINDOWS\PPAD130.INI_upg2007
[2004/02/16 11:12:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2005/01/06 13:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/09/03 11:30:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Aatrix Software
[2006/12/14 12:59:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Best Software
[2008/05/28 09:50:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\COMMON FILES
[2009/09/03 11:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Pervasive Software
[2006/12/14 13:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sage Software SB, Inc
[2009/09/03 11:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Aatrix Software
[2006/12/14 13:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\ACT
[2008/03/21 12:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Earthlink
[2010/07/12 13:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Foxit Software
[2006/06/27 13:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\IsolatedStorage
[2008/03/21 12:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Leadertech
[2006/06/26 12:02:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Peachtree
[2010/08/02 08:37:18 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/08/02 08:34:22 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/06/26 05:58:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\default.sav
[2006/06/26 05:58:14 | 000,626,688 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\software.sav
[2006/06/26 05:58:14 | 000,421,888 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\system.sav

< %SYSTEMDRIVE%\*.* >
[2004/06/02 13:09:48 | 000,000,140 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/06/30 12:32:32 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2002/09/03 14:13:28 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
[2004/09/14 17:12:04 | 000,094,208 | ---- | M] (ComponentOne LLC) -- C:\C1.C1Zip.dll
[2008/10/10 10:03:01 | 000,000,378 | ---- | M] () -- C:\Click.log
[2004/06/02 13:09:48 | 000,000,204 | ---- | M] () -- C:\CONFIG.SYS
[2003/07/16 20:23:54 | 000,005,432 | RH-- | M] () -- C:\DELL.SDR
[2006/06/26 09:36:19 | 535,891,968 | -HS- | M] () -- C:\hiberfil.sys
[2005/09/08 14:23:21 | 000,000,488 | ---- | M] () -- C:\hpfr5550.xml
[2004/08/01 15:31:41 | 000,000,790 | -H-- | M] () -- C:\hpothb07.dat
[2004/08/01 15:31:41 | 000,001,489 | -H-- | M] () -- C:\hpothb07.tif
[2002/09/03 14:36:02 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/06/21 09:35:41 | 000,010,119 | ---- | M] () -- C:\logfile
[2002/01/05 04:48:16 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\mfc70.dll
[2002/01/05 04:36:38 | 000,964,608 | ---- | M] (Microsoft Corporation) -- C:\mfc70u.dll
[2002/09/03 14:36:02 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2006/06/30 12:22:05 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/10/21 20:01:02 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2003/07/16 20:30:56 | 000,000,000 | ---- | M] () -- C:\nvlog.txt
[2006/12/13 13:15:16 | 000,041,473 | ---- | M] () -- C:\P9install.log
[2010/08/02 08:31:57 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2008/01/15 16:40:49 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2009/09/03 11:23:32 | 002,928,492 | ---- | M] () -- C:\PSQL_v10_Install.log
[2010/07/23 13:10:19 | 000,000,438 | ---- | M] () -- C:\rkill.log
[2009/09/03 11:31:56 | 000,885,306 | ---- | M] () -- C:\SageMessageCenter_Install.log
[2003/07/16 20:50:38 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2010/07/24 20:57:52 | 000,034,914 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_24.07.2010_20.56.46_log.txt
[2007/02/27 09:48:35 | 000,000,150 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\filterpipelineprintproc.dll
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\mdippr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2006/06/30 12:16:34 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/21 19:54:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/06/30 12:16:34 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/10/21 19:54:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2010/07/24 20:58:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2001/08/17 14:58:00 | 000,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/08/29 06:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\I386\sp1.cab:atapi.sys
[2002/09/03 15:56:52 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006/06/30 12:16:34 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/21 19:54:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006/06/30 12:16:34 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/10/21 19:54:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/01/31 16:43:30 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=3C33F5479520844A186C2D43ECFFD477 -- C:\I386\atapi.sys
[2002/09/03 15:33:39 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0021\DriverFiles\i386\atapi.sys
[2002/08/29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0025\DriverFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2002/08/29 06:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL
[2002/01/04 00:18:54 | 000,049,152 | ---- | M] (EarthLink, Inc.) MD5=CC5BD74A878581FC2322FA21BEB12CD8 -- C:\Program Files\EarthLink 5.0\Access\eventlog.dll
[2002/01/04 00:18:54 | 000,049,152 | ---- | M] (EarthLink, Inc.) MD5=CC5BD74A878581FC2322FA21BEB12CD8 -- C:\Program Files\EarthLink 5.0\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 06:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL

< MD5 for: SCECLI.DLL >
[2002/08/29 06:00:00 | 000,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< MD5 for: USER32.DLL >
[2005/03/02 14:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 11:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\SYSTEM32\user32.dll
[2002/08/29 06:00:00 | 000,560,128 | ---- | M] (Microsoft Corporation) MD5=DD9269230C21EE8FB7FD3FCCC3B1CFCB -- C:\I386\USER32.DLL
[2005/03/02 14:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll

< MD5 for: WS2_32.DLL >
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SYSTEM32\ws2_32.dll
[2002/08/29 06:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=8529C295DF59B564D37A73B5629162B1 -- C:\I386\WS2_32.DLL

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< End of report >





OTL Extras logfile created on: 08/02/10 11:09:07 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

511.00 Mb Total Physical Memory | 250.00 Mb Available Physical Memory | 49.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 36.00 Gb Free Space | 64.48% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 72.72 Gb Total Space | 66.44 Gb Free Space | 91.36% Space Free | Partition Type: NTFS

Computer Name: WAREHOUSE1
Current User Name: Warehouse One
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-329068152-1844823847-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9610:TCP" = 9610:TCP:*:Enabled:Remote Desktop
"1583:TCP" = 1583:TCP:*:Enabled:Pervasive DBEngine
"3351:TCP" = 3351:TCP:*:Enabled:Pervasive DBEngine

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ACT\ACT for Windows\Act8.exe" = C:\Program Files\ACT\ACT for Windows\Act8.exe:*:Enabled:ACT! 8.x/2006 -- (Sage Software SB, Inc)
"D:\Setup\HPZnet01.exe" = D:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:HP Digital Imaging Monitor -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:HP CUE-Scanning Flow Component -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:HP Fax Setup Wizard -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:HP All-in-One Launcher Utility -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:HP AiO Fax Manager -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\pvsw\bin\w3dbsmgr.exe" = C:\pvsw\bin\w3dbsmgr.exe:*:Enabled:Database Service Manager -- File not found
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:TaskPanl -- File not found
"C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe" = C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe:*:Enabled:Database Service Manager -- (Pervasive Software Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A3238D7-AB32-1010-B717-F3E3F18B4A8C}" = Pervasive PSQL v10.10 Workgroup (32-bit)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51EF69CF-70D3-4142-993D-AA97F36484CC}" = Peachtree Accounting 2010
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{54DD126C-E5F5-404C-B4B7-66DF7FD4F2FF}" = MSSoap
"{60C55062-CFC0-4F13-9FBD-6675175E3746}" = ACT! 2006
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6798DD4E-BD16-4735-87EB-D712637CCB8C}" = Sage Message Center
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCB844B-0814-4354-A413-1063DB4618E9}" = PeachTree Signature Ready Forms
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C484CC8D-03CF-4022-89C4-DB4F02E8A15B}" = Crystal Reports 2008 Runtime SP1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4CB7D44-6F2B-4AC4-9078-DFCA91A25F9E}" = ACT! Link for Peachtree
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F91E1833-2D7C-4725-B98A-C779FEC41946}" = EarthLink MDAC
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Belarc Advisor" = Belarc Advisor 7.2
"CCleaner" = CCleaner (remove only)
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Foxit Reader" = Foxit Reader
"ie7" = Windows Internet Explorer 7
"InstallShield_{51EF69CF-70D3-4142-993D-AA97F36484CC}" = Peachtree Premium Accounting for Distribution 2010
"InstallShield_{60C55062-CFC0-4F13-9FBD-6675175E3746}" = ACT! 2006
"Integration Services" = Sage Integration Services
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"Peachtree Premium Accounting for Distribution" = Peachtree Premium Accounting for Distribution 2010
"Pervasive Software PSQL v9.1 Workgroup_is1" = Pervasive Software PSQL v9.1 Client
"Pervasive System Analyzer_is1" = Pervasive System Analyzer v9.1
"PROSet" = Intel® PRO Network Adapters and Drivers
"TaxCut 2003" = TaxCut 2003
"TaxCut 2004" = TaxCut 2004
"VLC media player" = VLC media player 0.9.9
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/22/10 11:18:06 AM | Computer Name = WAREHOUSE1 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 07/22/10 3:59:56 PM | Computer Name = WAREHOUSE1 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 07/22/10 7:16:09 PM | Computer Name = WAREHOUSE1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 2.1.6805.0,
P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 07/22/10 7:16:16 PM | Computer Name = WAREHOUSE1 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 07/24/10 1:05:50 PM | Computer Name = WAREHOUSE1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8007043c, P2 beginsearch, P3 search, P4
2.1.6805.0, P5 mpsigdwn.dll, P6 2.1.6805.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 07/24/10 7:31:55 PM | Computer Name = WAREHOUSE1 | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 07/29/10 2:48:27 PM | Computer Name = WAREHOUSE1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6004.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 07/30/10 2:48:37 PM | Computer Name = WAREHOUSE1 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P2 2.1.6805.0, P3 timeout, P4 1.1.6004.0, P5 local, P6 unspecified, P7 unspecified,
P8 NIL, P9 NIL, P10 NIL.

Error - 07/30/10 3:03:06 PM | Computer Name = WAREHOUSE1 | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3855, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0000100b.

Error - 07/30/10 3:09:09 PM | Computer Name = WAREHOUSE1 | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8325.0, stamp 4bf591af,
faulting module outlph.dll, version 11.0.8202.0, stamp 47420460, debug? 0, fault
address 0x000070d7.

[ System Events ]
Error - 07/27/10 7:23:45 PM | Computer Name = WAREHOUSE1 | Source = Service Control Manager | ID = 7022
Description = The MSSQL$ACT7 service hung on starting.

Error - 07/27/10 7:23:45 PM | Computer Name = WAREHOUSE1 | Source = Service Control Manager | ID = 7034
Description = The MSSQL$ACT7 service terminated unexpectedly. It has done this
1 time(s).

Error - 07/28/10 2:38:35 PM | Computer Name = WAREHOUSE1 | Source = Service Control Manager | ID = 7022
Description = The MSSQL$ACT7 service hung on starting.

Error - 07/28/10 4:14:46 PM | Computer Name = WAREHOUSE1 | Source = Service Control Manager | ID = 7034
Description = The MSSQL$ACT7 service terminated unexpectedly. It has done this
1 time(s).

Error - 07/30/10 3:14:48 PM | Computer Name = WAREHOUSE1 | Source = Service Control Manager | ID = 7022
Description = The MSSQL$ACT7 service hung on starting.

Error - 07/30/10 3:14:48 PM | Computer Name = WAREHOUSE1 | Source = Service Control Manager | ID = 7034
Description = The MSSQL$ACT7 service terminated unexpectedly. It has done this
1 time(s).

Error - 08/02/10 8:07:56 AM | Computer Name = WAREHOUSE1 | Source = Service Control Manager | ID = 7022
Description = The MSSQL$ACT7 service hung on starting.

Error - 08/02/10 8:11:40 AM | Computer Name = WAREHOUSE1 | Source = Service Control Manager | ID = 7034
Description = The MSSQL$ACT7 service terminated unexpectedly. It has done this
1 time(s).

Error - 08/02/10 8:34:18 AM | Computer Name = WAREHOUSE1 | Source = Service Control Manager | ID = 7022
Description = The MSSQL$ACT7 service hung on starting.

Error - 08/02/10 8:34:18 AM | Computer Name = WAREHOUSE1 | Source = Service Control Manager | ID = 7034
Description = The MSSQL$ACT7 service terminated unexpectedly. It has done this
1 time(s).


< End of report >





#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 02 August 2010 - 05:33 PM

Hello, amtrak23.

Ok, looks like only leftovers. Let's take a deeper look to be sure and fix a few remnants. Alueron/TDSS is a backdoor rootkit.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.




Registry Cleaner Warning


I also see that you have a Ccleaner installed. It is a great tool that I use. However, be careful of the registry cleaning functionality (versus file cleaning), Here at BC, we do not recommend using registry cleaners as they don't speed up your computer and they can do more harm than good if they remove a legitimate entry. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578










Step 1

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 2

Download and run HAMeb_check.exe
Post the contents of the resulting log.



Step 3

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
    IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 5577
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE File not found
    O18 - Protocol\Handler\ActLink {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} - Reg Error: Key error. File not found
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 4

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 amtrak23

amtrak23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 04 August 2010 - 11:21 AM

Still seems fine. Only odd thing is that the Windows security balloon pops up for a few mins saying that the firewall is turned off, then it turns on and the alert goes away.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000011d

Kernel Drivers (total 120):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8C36000 \WINDOWS\system32\KDCOM.DLL
0xF8B46000 \WINDOWS\system32\BOOTVID.dll
0xF86E7000 ACPI.sys
0xF8C38000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF86D6000 pci.sys
0xF8736000 isapnp.sys
0xF8CFE000 pciide.sys
0xF89B6000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF8746000 MountMgr.sys
0xF86B7000 ftdisk.sys
0xF8C3A000 dmload.sys
0xF8691000 dmio.sys
0xF89BE000 PartMgr.sys
0xF8756000 VolSnap.sys
0xF8679000 atapi.sys
0xF8766000 disk.sys
0xF8776000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF8659000 fltmgr.sys
0xF8647000 sr.sys
0xF8630000 KSecDD.sys
0xF85A3000 Ntfs.sys
0xF8576000 NDIS.sys
0xF855C000 Mup.sys
0xF8786000 agp440.sys
0xF8976000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF7B82000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF7B6E000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF8A36000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF7B4A000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8A3E000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7A0E000 \SystemRoot\system32\drivers\P16X.sys
0xF79EB000 \SystemRoot\system32\drivers\ks.sys
0xF79C7000 \SystemRoot\system32\drivers\portcls.sys
0xF8986000 \SystemRoot\system32\drivers\drmk.sys
0xF8BE6000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF78BA000 \SystemRoot\System32\DRIVERS\BCMSM.sys
0xF8A46000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7896000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF8A4E000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF8996000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8A56000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8A5E000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF89A6000 \SystemRoot\System32\DRIVERS\serial.sys
0xF8BF2000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF7882000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7D2F000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF7D1F000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7D0F000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF8D51000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8A66000 \SystemRoot\System32\DRIVERS\rasirda.sys
0xF8A6E000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF7CFF000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF8C02000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF786B000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7CEF000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7CDF000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF785A000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7CCF000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8A7E000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8A86000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF77B8000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7CBF000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8C54000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF775A000 \SystemRoot\System32\DRIVERS\update.sys
0xF8C1A000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7CAF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7C9F000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8C5C000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8A96000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF0FEE000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF8C82000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D41000 \SystemRoot\System32\Drivers\Null.SYS
0xF8C84000 \SystemRoot\System32\Drivers\Beep.SYS
0xF8AB6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF8ABE000 \SystemRoot\System32\drivers\vga.sys
0xF8C86000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8C88000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF8AC6000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8ACE000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF784E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF0FBB000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF0F62000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF0F3A000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF0F18000 \SystemRoot\System32\drivers\afd.sys
0xF87C6000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF0EF6000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF8AD6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF0ECB000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF783E000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xF0E33000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF87F6000 \SystemRoot\System32\Drivers\Fips.SYS
0xF0E0D000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF8D77000 \SystemRoot\System32\Drivers\BANTExt.sys
0xF8806000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF8846000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF0DF5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8C8E000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF851B000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8AEE000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8DA8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF0986000 \SystemRoot\system32\DRIVERS\irda.sys
0xF0A20000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xF89FE000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xF0733000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xF0706000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8C52000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF05BF000 \SystemRoot\System32\DRIVERS\srv.sys
0xF8C56000 \??\C:\WINDOWS\System32\PfModNT.sys
0xF0163000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xF0086000 \SystemRoot\system32\drivers\wdmaud.sys
0xF0836000 \SystemRoot\system32\drivers\sysaudio.sys
0xEFDBF000 \SystemRoot\System32\Drivers\HTTP.sys
0xEF27A000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 39):
0 System Idle Process
4 System
644 C:\WINDOWS\SYSTEM32\smss.exe
708 csrss.exe
732 C:\WINDOWS\SYSTEM32\winlogon.exe
776 C:\WINDOWS\SYSTEM32\services.exe
788 C:\WINDOWS\SYSTEM32\lsass.exe
948 C:\WINDOWS\SYSTEM32\svchost.exe
1024 svchost.exe
1112 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1148 C:\WINDOWS\SYSTEM32\svchost.exe
1232 svchost.exe
1416 svchost.exe
1608 C:\WINDOWS\SYSTEM32\spoolsv.exe
1712 svchost.exe
1744 C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
1784 C:\Program Files\Java\jre6\bin\jqs.exe
1864 C:\WINDOWS\SYSTEM32\nvsvc32.exe
1876 C:\WINDOWS\SYSTEM32\HPZipm12.exe
1900 C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
1996 C:\WINDOWS\SYSTEM32\svchost.exe
2044 wdfmgr.exe
208 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
2124 alg.exe
2616 C:\WINDOWS\explorer.exe
3008 C:\WINDOWS\SYSTEM32\wuauclt.exe
1224 C:\WINDOWS\BCMSMMSG.exe
2204 C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
2236 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
3428 C:\Program Files\Microsoft Security Essentials\msseces.exe
3488 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3596 C:\WINDOWS\SYSTEM32\ctfmon.exe
3636 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3844 C:\Program Files\Sage Software\Peachtree\peachw.exe
3644 C:\Program Files\Common Files\Peach\V1700\oupaw17.exe
904 C:\Program Files\Common Files\Peach\MessageCenter\bin\Sage.MessageCenter.exe
2464 C:\Program Files\Mozilla Firefox\firefox.exe
3880 C:\Program Files\Mozilla Firefox\plugin-container.exe
3308 C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: IC35L060AVV207-0, Rev: V22OA66A

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\HAMeb_check.exe
08/03/10 at 12:25:14.17

Account active No
Local Group Memberships

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

none found

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
kernel: MBR read successfully
user & kernel MBR OK

~~ Checking for termsrv32.dll ~~

termsrv32.dll was not found


HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\termsrv.dll

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9610:TCP"=9610:TCP:*:Enabled:Remote Desktop


~~ EOF ~~



All processes killed
========== OTL ==========
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-329068152-1844823847-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-329068152-1844823847-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 5577 removed from network.proxy.http_port
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ActLink\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2A0C35F4-82A3-4C80-919D-7879FEE79DF6}\ not found.
File {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} - Reg Error: Key error. File not found not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dick Wright
->Temp folder emptied: 1467 bytes

User: Laura
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 45772 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Richard Wright
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Warehouse One
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Warehouse One.WAREHOUSE1
->Temp folder emptied: 402868 bytes
->Temporary Internet Files folder emptied: 1969789 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 93346439 bytes
->Flash cache emptied: 43407 bytes

User: WAREHO~1~WAR

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118331 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 573460 bytes

Total Files Cleaned = 92.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08032010_122951

Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\Dick Wright\Local Settings\Temp\mso82433.htm scheduled to be moved on reboot.

Registry entries deleted on Reboot...



OTL logfile created on: 08/03/10 12:39:35 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

511.00 Mb Total Physical Memory | 158.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 50.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 35.93 Gb Free Space | 64.35% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 72.72 Gb Total Space | 66.44 Gb Free Space | 91.36% Space Free | Partition Type: NTFS

Computer Name: WAREHOUSE1
Current User Name: Warehouse One
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/02 11:07:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\OTL.exe
PRC - [2010/07/27 19:08:14 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/04/29 06:26:39 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\SYSTEM32\HPZipm12.exe
PRC - [2004/08/09 07:03:38 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/08/02 11:07:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\OTL.exe
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/06 20:24:52 | 000,435,496 | R--- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\SYSTEM32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/05/31 19:02:32 | 007,544,916 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe -- (MSSQL$ACT7)
SRV - [2002/12/17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE -- (SQLAgent$ACT7)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MpFilter.sys -- (MpFilter)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/02/27 13:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2003/08/29 04:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys -- (BCMModem)
DRV - [2003/03/14 14:59:00 | 001,223,562 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2002/08/30 12:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 14:49:10 | 000,026,624 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\irstusb.sys -- (STIrUsb)
DRV - [2001/08/17 09:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTe...-8&fr=b1ie7
IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-329068152-1844823847-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {54BB9F3F-07E5-486c-9B39-C7398B99391C}:3.1.2009110201
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/27 19:09:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/27 19:09:13 | 000,000,000 | ---D | M]

[2010/07/08 14:34:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla\Extensions
[2010/08/03 08:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla\Firefox\Profiles\7hry599r.default\extensions
[2010/07/12 13:22:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla\Firefox\Profiles\7hry599r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/08 15:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla\Firefox\Profiles\7hry599r.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}
[2010/07/12 13:22:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla\Firefox\Profiles\7hry599r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/07/08 15:57:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla\Firefox\Profiles\7hry599r.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/08/03 08:56:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/24 22:27:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/24 22:27:09 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/07/12 13:25:02 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/07/15 01:07:00 | 000,609,487 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16077 more lines...
O2 - BHO: (CitiUSBrowserHelper Class) - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\SYSTEM32\BhoCitUS.dll (Orbiscom Ltd. All rights reserved.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-329068152-1844823847-725345543-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files\Sage Software\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKU\S-1-5-21-329068152-1844823847-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk = C:\Program Files\KODAK\KODAK Picture Transfer Software\PTS.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Willow Road Screen Saver.lnk = C:\Program Files\WillowRD\WillowRd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1844823847-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} http://o.aolcdn.com/pictures/ap/Resources/...ns.10.4.0.2.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} http://cdn.digitalcity.com/radio/ampx/ampx2.6.1.11_en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Warehouse One.WAREHOUSE1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Warehouse One.WAREHOUSE1\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/06/02 13:09:48 | 000,000,140 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{096ba348-3b22-11de-af70-0007e978252a}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{096ba348-3b22-11de-af70-0007e978252a}\Shell\Shell00\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{096ba348-3b22-11de-af70-0007e978252a}\Shell\Shell01\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{096ba348-3b22-11de-af70-0007e978252a}\Shell\Shell02\Command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{89014eb6-2669-11dd-ae9e-0007e978252a}\Shell - "" = AutoRun
O33 - MountPoints2\{89014eb6-2669-11dd-ae9e-0007e978252a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{89014eb6-2669-11dd-ae9e-0007e978252a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/03 12:29:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/02 11:07:45 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\OTL.exe
[2010/07/27 19:39:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Recent
[2010/07/25 01:57:33 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/24 22:28:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Sun
[2010/07/24 22:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/24 22:27:42 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/24 22:27:42 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/24 22:27:41 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/24 22:27:41 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/24 22:27:41 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/24 21:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/24 20:35:22 | 000,000,000 | ---D | C] -- C:\_OTM
[2010/07/24 20:32:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/23 13:02:24 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/07/12 13:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\SUPERAntiSpyware.com
[2010/07/12 13:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
[2010/07/12 13:32:08 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/12 13:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Foxit Software
[2010/07/12 13:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/07/08 15:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/08 14:48:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Malwarebytes
[2010/07/08 14:48:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/08 14:48:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/08 14:48:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/08 14:48:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2010/07/08 14:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\Downloads
[2010/07/08 14:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Local Settings\Application Data\Mozilla
[2010/07/08 14:33:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Mozilla
[2010/07/08 14:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/08 14:11:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Local Settings\Application Data\gxeicmikg
[2006/06/26 11:41:51 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1 C:\Documents and Settings\Warehouse One.WAREHOUSE1\*.tmp files -> C:\Documents and Settings\Warehouse One.WAREHOUSE1\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/03 12:38:10 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/03 12:34:57 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/03 12:33:16 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2010/08/03 12:32:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/03 12:32:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/03 12:31:33 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\NTUSER.DAT
[2010/08/03 12:31:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\ntuser.ini
[2010/08/03 12:24:51 | 000,485,896 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\HAMeb_check.exe
[2010/08/03 12:22:26 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\MBRCheck.exe
[2010/08/02 18:12:37 | 005,363,086 | -H-- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Local Settings\Application Data\IconCache.db
[2010/08/02 11:07:58 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\OTL.exe
[2010/07/27 19:42:28 | 000,247,196 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100727_194216.reg
[2010/07/26 09:24:36 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/07/24 22:27:05 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/24 22:27:04 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/24 22:27:04 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/24 22:27:04 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/24 22:27:03 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/24 20:35:22 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS.MVP
[2010/07/23 12:57:11 | 000,438,762 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100723_125706.reg
[2010/07/15 10:00:07 | 000,293,888 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\girl scouts.doc
[2010/07/15 09:59:01 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\Microsoft Office Word 2003.lnk
[2010/07/15 01:07:00 | 000,609,487 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\HOSTS
[2010/07/12 13:25:55 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/12 13:21:42 | 000,444,592 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100712_132132.reg
[2010/07/08 19:14:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/08 19:14:56 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/08 14:33:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/07/08 14:33:50 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/08 14:33:50 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/07/08 14:32:45 | 000,425,478 | ---- | M] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100708_143235.reg
[1 C:\Documents and Settings\Warehouse One.WAREHOUSE1\*.tmp files -> C:\Documents and Settings\Warehouse One.WAREHOUSE1\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/03 12:25:00 | 000,485,896 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\HAMeb_check.exe
[2010/08/03 12:23:20 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Desktop\MBRCheck.exe
[2010/07/27 19:42:21 | 000,247,196 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100727_194216.reg
[2010/07/23 12:57:08 | 000,438,762 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100723_125706.reg
[2010/07/15 10:00:06 | 000,293,888 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\girl scouts.doc
[2010/07/12 13:25:55 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2010/07/12 13:21:38 | 000,444,592 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100712_132132.reg
[2010/07/08 19:14:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/08 19:14:56 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/07/08 15:58:36 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/07/08 14:33:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/07/08 14:33:50 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/08 14:33:50 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Mozilla Firefox.lnk
[2010/07/08 14:32:37 | 000,425,478 | ---- | C] () -- C:\Documents and Settings\Warehouse One.WAREHOUSE1\My Documents\cc_20100708_143235.reg
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/07 13:54:13 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/04/06 17:52:00 | 000,001,790 | ---- | C] () -- C:\WINDOWS\PPAD170.ini
[2009/03/10 16:50:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PC1099.INI
[2009/03/10 16:49:29 | 000,000,410 | ---- | C] () -- C:\WINDOWS\CNV1099.ini
[2008/06/12 16:38:14 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2006/11/22 10:31:34 | 000,006,207 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/09/22 09:24:59 | 000,000,068 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/08/07 07:45:51 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/05 09:45:37 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/08/05 09:45:37 | 000,000,299 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/08/05 09:45:12 | 000,000,704 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2006/06/27 13:02:10 | 000,001,682 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/27 13:02:10 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\0A171B6F5D.sys
[2006/06/26 13:54:06 | 000,000,486 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/26 11:42:38 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/06/26 11:41:52 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2006/06/26 11:41:52 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/06/26 11:41:51 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2006/06/26 11:41:49 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2006/06/26 11:41:49 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2006/06/26 11:41:48 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2006/06/26 11:40:46 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/06/26 11:20:39 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2006/05/17 11:28:14 | 000,016,031 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2006/05/10 16:06:40 | 000,001,765 | ---- | C] () -- C:\WINDOWS\PPAD140.INI_upg2010
[2004/07/13 15:36:40 | 000,001,639 | ---- | C] () -- C:\WINDOWS\PPAD130.INI_upg2007
[2004/02/16 11:12:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\wh2robo.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >


ESET didn't find anything

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 04 August 2010 - 08:25 PM

EDIT; misspost

do you still have firefox redirects?

Edited by etavares, 04 August 2010 - 08:25 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 amtrak23

amtrak23
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:45 AM

Posted 04 August 2010 - 08:38 PM

No redirects anymore.

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 05 August 2010 - 06:05 PM

Hello, amtrak23.

Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1

Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:

Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • If that link doesn't work, try this one.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:45 AM

Posted 11 August 2010 - 06:25 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you are the topic starter, and need this topic reopened, please contact me via PM with the address of this thread.

Everyone else please begin a new topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users