Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Infection Type Unknown


  • This topic is locked This topic is locked
11 replies to this topic

#1 Wendy K. Walker

Wendy K. Walker

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:07:23 PM

Posted 04 November 2010 - 05:03 PM

Hi All, As per instructions from boopme at, My link

I am opening a new topic in this forum

I ran OTL,exe and was expecting it generate two different logs, however it only produced s single log file :o . The log file that was supposed to have been minimized when the program had completed wasn't there, so I ran OTL.exe again and it still only generated a single log.

Anyway, here is the log file that it generated:


OTL logfile created on: 11/4/2010 2:40:00 PM - Run 3
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\ADMIN\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

126.00 Mb Total Physical Memory | 17.00 Mb Available Physical Memory | 13.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.05 Gb Total Space | 36.01 Gb Free Space | 70.55% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.92 Gb Free Space | 18.87% Space Free | Partition Type: FAT32
Drive E: | 678.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WENDYS-BOX | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/03 04:09:19 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
PRC - [2010/10/30 19:30:12 | 001,797,880 | ---- | M] () -- C:\Program Files\Comodo\Comodo Internet Security\cfp.exe
PRC - [2010/10/29 07:07:42 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/28 14:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\ABOMB\ABOMB2\AvastSvc.exe
PRC - [2010/09/07 15:11:44 | 000,119,200 | ---- | M] (AVAST Software) -- C:\ABOMB\ABOMB2\afwServ.exe
PRC - [2010/05/25 19:10:34 | 005,475,403 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2010/05/17 14:57:18 | 002,162,176 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
PRC - [2010/02/01 00:45:22 | 000,181,248 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
PRC - [2009/05/03 04:07:22 | 000,278,264 | ---- | M] (COMODO) -- C:\Program Files\Comodo\SafeSurf\cssurf.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/18 20:53:30 | 000,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/03/16 05:51:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\S3apphk.exe


========== Modules (SafeList) ==========

MOD - [2010/11/03 04:09:19 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/03/16 05:51:02 | 000,045,056 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\S3appdll.dll
MOD - [2001/11/11 15:41:07 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\ADMIN\LOCALS~1\Temp\ODETJ.exe -- (ODETJ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\ABOMB\ABOMB2\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\ABOMB\ABOMB2\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 15:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\ABOMB\ABOMB2\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/07 15:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Running] -- C:\ABOMB\ABOMB2\afwServ.exe -- (avast! Firewall)
SRV - [2009/05/03 04:03:00 | 000,614,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2006/01/18 20:53:30 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS -- (Freedom)
DRV - [2010/09/07 14:54:16 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010/09/07 14:53:58 | 000,340,048 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010/09/07 14:53:35 | 000,190,416 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010/09/07 14:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 14:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 14:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 14:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 14:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 14:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/09/07 14:24:46 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aswNdis.sys -- (aswNdis)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 18:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/06/09 02:29:49 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/06/03 05:45:18 | 000,217,536 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/05/03 04:03:10 | 000,099,856 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009/05/03 04:03:10 | 000,079,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2009/05/03 04:03:10 | 000,031,504 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2008/04/13 18:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 18:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/01/18 20:53:30 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2005/04/13 22:31:30 | 000,239,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/10/08 01:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 05:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 20:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/04/20 06:06:11 | 000,028,100 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2002/03/27 01:20:22 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/03/21 05:35:56 | 000,144,860 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\trid3dm.sys -- (trid3d)
DRV - [2002/03/19 09:18:26 | 000,187,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/03/14 17:25:00 | 000,094,679 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2002/03/14 17:25:00 | 000,088,758 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2002/03/14 17:25:00 | 000,052,758 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2002/03/14 17:25:00 | 000,034,743 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2002/03/14 17:25:00 | 000,023,607 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2002/03/14 17:25:00 | 000,013,847 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2002/03/14 17:25:00 | 000,006,327 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2002/03/14 17:25:00 | 000,004,119 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2002/03/14 17:25:00 | 000,002,203 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2002/03/09 23:53:00 | 000,909,501 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/02/15 17:21:00 | 000,078,048 | ---- | M] (VERITAS Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2002/02/12 16:56:00 | 000,040,096 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/01/29 07:04:04 | 000,005,589 | ---- | M] (VERITAS Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2002/01/29 07:03:18 | 000,022,963 | ---- | M] (VERITAS Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2001/12/27 10:52:58 | 000,027,136 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2001/12/08 04:26:00 | 000,013,502 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/18 04:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 19:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/08 20:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 20:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 20:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 20:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 20:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 20:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 20:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 20:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 20:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 20:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/19 14:20:14 | 000,037,408 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/06/04 20:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://my.att.net/"
FF - prefs.js..extensions.enabledItems: toolbar@duckduckgo.com:1.2.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/29 07:08:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 07:09:01 | 000,000,000 | ---D | M]

[2009/05/10 05:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions
[2009/05/03 04:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions
[2009/05/03 04:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/07/27 21:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions
[2009/06/06 20:14:18 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/05/10 07:47:22 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/05/21 00:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions\toolbar@duckduckgo.com
[2010/11/04 04:43:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions
[2009/11/02 09:57:58 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/02/24 00:26:11 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2010/11/01 04:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/08/04 14:58:35 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/07/22 06:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\toolbar@duckduckgo.com
[2010/11/04 04:43:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/22 05:35:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/05/03 05:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/06/17 13:11:43 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NpPopup.dll

O1 HOSTS File: ([2010/03/01 17:33:31 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [avast5] C:\ABOMB\ABOMB2\avastUI.exe File not found
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\Comodo Internet Security\cfp.exe ()
O4 - HKLM..\Run: [COMODO SafeSurf] C:\Program Files\COMODO\SafeSurf\cssurf.exe (COMODO)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [S3apphk] C:\WINDOWS\System32\S3apphk.exe ()
O4 - HKCU..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk = C:\Program Files\CallWave\IAM.exe (CallWave, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: ImTranslator - C:\Program Files\Smart Link\ImTranslator for IE\startup.html ()
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/04/20 04:16:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 06:24:46 | 000,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/03 07:43:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ADMIN\Recent
[2010/11/03 04:08:58 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2010/11/02 10:58:47 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\1748698.sys
[2010/11/02 10:58:47 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\17486981.sys
[2010/11/02 10:58:47 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\17486982.sys
[2010/11/02 10:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\Virus Removal Tool
[2010/11/01 05:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\QuickScan
[2010/10/31 06:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\DESKTOP DOWNLOAD FOLDER
[2010/10/30 23:46:25 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\87109712.sys
[2010/10/30 23:45:35 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\87109711.sys
[2010/10/30 23:44:26 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\8710971.sys
[2010/10/30 06:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\Downloads
[2010/10/30 06:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/10/28 01:15:54 | 000,000,000 | ---D | C] -- C:\VKBOMBirus Removal Tool
[2010/10/27 00:29:11 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/10/27 00:29:10 | 000,165,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/10/27 00:29:08 | 000,340,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2010/10/27 00:29:02 | 000,099,792 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFW.sys
[2010/10/27 00:28:09 | 000,190,416 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswNdis2.sys
[2010/10/27 00:28:08 | 000,023,376 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/10/27 00:28:06 | 000,046,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/10/27 00:28:04 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/10/27 00:28:04 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/10/27 00:28:02 | 000,028,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/10/27 00:21:03 | 000,012,112 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswNdis.sys
[2010/10/27 00:21:01 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/27 00:21:00 | 000,167,592 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/10/27 00:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/26 23:32:58 | 000,000,000 | ---D | C] -- C:\ABOMB
[2010/10/26 08:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/10/25 03:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/25 03:22:56 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware.exe
[2010/10/23 02:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\ATT&T EMAIL
[2010/10/22 05:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/22 05:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/17 06:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\MALWARE LOGS
[2010/10/16 01:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\MY SCANNED STUFF
[2010/10/07 07:40:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\JAIL BIRDS

========== Files - Modified Within 30 Days ==========

[2010/11/04 12:56:09 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/11/04 12:53:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/04 12:34:01 | 000,062,578 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG 5
[2010/11/04 03:52:32 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk
[2010/11/04 03:38:06 | 000,058,062 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG 4
[2010/11/04 03:15:17 | 000,000,284 | -HS- | M] () -- C:\BOOT.INI
[2010/11/03 04:09:19 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2010/11/03 01:22:24 | 000,059,646 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG 3
[2010/11/02 20:28:07 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\utmyndey.sys
[2010/11/02 11:03:16 | 000,313,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/02 11:03:16 | 000,040,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/02 10:43:34 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\VOTE POST.wps
[2010/11/02 08:37:02 | 000,031,752 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG2
[2010/11/01 05:21:32 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\QuickScan Folder.lnk
[2010/10/31 03:44:29 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\SPELL CHECK.wps
[2010/10/31 03:18:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ADMIN\defogger_reenable
[2010/10/30 19:15:03 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\COMODO Internet Security.lnk
[2010/10/30 01:46:51 | 000,072,699 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG
[2010/10/28 09:50:16 | 000,001,468 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\avast! Internet Security.lnk
[2010/10/28 01:21:22 | 000,002,165 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Start.lnk
[2010/10/27 00:28:05 | 000,002,614 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/10/25 22:42:16 | 000,016,558 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\EVIL LITTLE CREATURES.htm
[2010/10/25 03:31:30 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/25 03:25:54 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware.exe
[2010/10/13 05:31:17 | 000,162,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/10/11 04:56:50 | 000,000,216 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\HP Officejet 4300 series.lnk
[2010/10/11 04:38:19 | 000,109,976 | ---- | M] () -- C:\WINDOWS\hpoins08.dat

========== Files Created - No Company Name ==========

[2010/11/04 12:33:57 | 000,062,578 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG 5
[2010/11/04 03:52:25 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk
[2010/11/04 03:38:05 | 000,058,062 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG 4
[2010/11/03 01:22:23 | 000,059,646 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG 3
[2010/11/02 23:56:33 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
[2010/11/02 23:56:33 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk.disabled
[2010/11/02 23:56:31 | 000,002,180 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk.disabled
[2010/11/02 10:43:33 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\VOTE POST.wps
[2010/11/02 08:37:02 | 000,031,752 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG2
[2010/11/01 05:21:20 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\QuickScan Folder.lnk
[2010/10/31 03:18:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ADMIN\defogger_reenable
[2010/10/30 21:34:37 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\utmyndey.sys
[2010/10/30 19:36:55 | 000,002,165 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Start.lnk
[2010/10/30 01:46:45 | 000,072,699 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\CBOMB LOG
[2010/10/27 00:29:12 | 000,001,468 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\avast! Internet Security.lnk
[2010/10/25 22:42:15 | 000,016,558 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\EVIL LITTLE CREATURES.htm
[2010/10/25 03:31:30 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/11 04:56:50 | 000,000,216 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\HP Officejet 4300 series.lnk
[2010/10/11 04:09:56 | 000,109,976 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2010/10/11 04:09:55 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2010/10/11 00:27:45 | 000,110,056 | ---- | C] () -- C:\WINDOWS\hpoins08.dat.temp
[2010/10/11 00:27:45 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat.temp
[2009/11/02 05:39:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/08 02:55:20 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/06 01:35:17 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/06/06 00:40:36 | 000,003,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/06/03 04:30:05 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/05/25 01:55:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/05/25 01:50:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2009/05/09 05:09:23 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2009/05/09 05:06:40 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2009/05/09 05:05:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2009/05/03 03:28:22 | 000,143,096 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009/05/03 03:15:05 | 000,000,057 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2009/05/03 02:29:50 | 000,000,058 | ---- | C] () -- C:\WINDOWS\BGH 2005 SS 1.ini
[2006/05/29 13:47:31 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/05/29 13:47:29 | 000,000,055 | ---- | C] () -- C:\WINDOWS\KA.INI
[2006/02/21 15:22:46 | 008,940,869 | ---- | C] () -- C:\Program Files\Adobe.zip
[2006/02/02 15:04:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/02/01 23:06:51 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/01/18 20:45:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2006/01/18 20:45:09 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2006/01/18 20:45:09 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2006/01/18 20:45:09 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2005/12/30 21:10:01 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/12/30 03:02:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2002/04/26 03:23:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/21 00:24:15 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2002/04/21 00:24:15 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2002/04/21 00:16:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2002/04/21 00:16:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/04/20 06:28:06 | 000,004,478 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/04/20 06:19:46 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/04/20 05:26:01 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2002/04/20 05:26:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2002/04/20 05:25:32 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/04/20 04:20:31 | 000,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/20 04:04:05 | 000,000,666 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/19 21:08:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/03/30 01:49:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/03/27 21:37:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/03/12 10:25:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/09/01 05:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/08 20:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/06/19 14:20:14 | 000,037,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1997/06/18 06:00:00 | 001,672,976 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/18 06:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 06:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/06/22 00:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Auslogics
[2009/05/10 19:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\ieSpell
[2010/10/16 00:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Image Zone Express
[2002/04/20 06:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\InterTrust
[2009/06/09 02:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\NCH Swift Sound
[2009/11/03 01:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\OpenOffice.org
[2010/11/02 08:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\QuickScan
[2009/05/04 02:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Template
[2009/06/03 06:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\TrueCrypt
[2002/04/20 06:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\VERITAS
[2010/10/27 00:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/05/03 03:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2006/02/19 10:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2010/08/05 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/07/20 12:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2006/02/23 18:46:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/05/16 19:51:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006/02/23 18:46:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2009/05/16 19:51:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 06:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 06:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\AGP440.SYS
[2004/08/04 06:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2006/02/23 18:46:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/05/16 19:51:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006/02/23 18:46:43 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009/05/16 19:51:11 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\Comodo\Comodo Internet Security\cfp.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\ADMIN\Desktop\mbk622n2.exe:SummaryInformation

< End of report >

I'm not sure if that second log is just hiding where I can't find it, as I have no clue as to where to look for it, other than in the system tray, where it was supposed to have been. IF OTL,exe has a special hiding place where it stashes its logs tell me how to find it and I'll get it posted too.

Thanks for your time, and ANY help that you might be able to provide to help me get this problem resolver

Wendy K. Walker
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 12 November 2010 - 06:38 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.

PS> that log only pops up if you OTL has not been run before on this machine, or if you reset the options for Extra Registry to Use SafeList before scanning, so please do that here.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:07:23 PM

Posted 14 November 2010 - 06:15 AM

Hi etavares,Thanks for your reply.

As for this;

We apologize for the delay in responding to your request for help.

Thanks anyway, however, an apology isn't necessary, I know you guys get overloaded,from time to time, and it takes awhile to catch up. Besides I'm not one to complain about free help

I know it's not the normal thing to do once you open a topic here, however, things had gotten so bad that I had to do a lot of uninstalling, and defrag my C:\ drive since my original post.

I have now reinstalled Malwarebytes, and SUPERAntiSpyware, both of which I couldn't update until I had ran them in safe mode with networking. I was able to get them to update and run a scan the first time I did that.

But since I did that the first time I haven't been able to get them to update like that again. So whatever EVIL little creature is hiding in my machine is a quick learner.

I noticed in a couple of the MBAM logs that not only was I being blocked from updating, but that the program version and data base had been moved BACK to earlier versions.stopped.

I know the same thing is happening with my COMODO Anti-Virus program too. It will update in safe mode with networking BUT it won't run a scan there. Thwn when I boot back into normal mode my virus database has been reset to 5 Jan, 2010.

Malwarebytes, and SAS have both detected, quarantined, and removed at least one Trojan each, along with a tub full of tracking cookies.

Anyway here are the fresh logs that you asked for.


OTL logfile created on: 11/14/2010 6:10:59 AM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\ADMIN\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

126.00 Mb Total Physical Memory | 34.00 Mb Available Physical Memory | 27.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.05 Gb Total Space | 35.77 Gb Free Space | 70.08% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.92 Gb Free Space | 18.87% Space Free | Partition Type: FAT32
Drive E: | 678.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WENDYS-BOX | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 05:46:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
PRC - [2010/10/30 19:30:12 | 001,797,880 | ---- | M] () -- C:\Program Files\Comodo\Comodo Internet Security\cfp.exe
PRC - [2010/05/25 19:10:34 | 005,475,403 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2010/05/17 14:57:18 | 002,162,176 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
PRC - [2010/02/01 00:45:22 | 000,181,248 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
PRC - [2009/05/03 04:07:22 | 000,278,264 | ---- | M] (COMODO) -- C:\Program Files\Comodo\SafeSurf\cssurf.exe
PRC - [2009/05/03 04:03:00 | 000,614,136 | ---- | M] () -- C:\Program Files\Comodo\Comodo Internet Security\cmdagent.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/18 20:53:30 | 000,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/03/16 05:51:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\S3apphk.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 05:46:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/03/16 05:51:02 | 000,045,056 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\S3appdll.dll
MOD - [2001/11/11 15:41:07 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\SANDBOXIE\SbieSvc.exe -- (SbieSvc)
SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\ADMIN\LOCALS~1\Temp\ODETJ.exe -- (ODETJ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/05/03 04:03:00 | 000,614,136 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2006/01/18 20:53:30 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SANDBOXIE\SbieDrv.sys -- (SbieDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS -- (Freedom)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/09 02:29:49 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/06/03 05:45:18 | 000,217,536 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/05/03 04:03:10 | 000,099,856 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009/05/03 04:03:10 | 000,079,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2009/05/03 04:03:10 | 000,031,504 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2008/04/13 18:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 18:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/01/18 20:53:30 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2005/04/13 22:31:30 | 000,239,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/10/08 01:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 05:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 20:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/03/27 01:20:22 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/03/21 05:35:56 | 000,144,860 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\trid3dm.sys -- (trid3d)
DRV - [2002/03/19 09:18:26 | 000,187,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/03/14 17:25:00 | 000,094,679 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2002/03/14 17:25:00 | 000,088,758 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2002/03/14 17:25:00 | 000,052,758 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2002/03/14 17:25:00 | 000,034,743 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2002/03/14 17:25:00 | 000,023,607 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2002/03/14 17:25:00 | 000,013,847 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2002/03/14 17:25:00 | 000,006,327 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2002/03/14 17:25:00 | 000,004,119 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2002/03/14 17:25:00 | 000,002,203 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2002/03/09 23:53:00 | 000,909,501 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/02/15 17:21:00 | 000,078,048 | ---- | M] (VERITAS Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2002/02/12 16:56:00 | 000,040,096 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/01/29 07:04:04 | 000,005,589 | ---- | M] (VERITAS Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2002/01/29 07:03:18 | 000,022,963 | ---- | M] (VERITAS Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2001/12/27 10:52:58 | 000,027,136 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2001/12/08 04:26:00 | 000,013,502 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/18 04:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 19:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/08 20:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 20:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 20:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 20:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 20:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 20:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 20:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 20:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 20:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 20:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/19 14:20:14 | 000,037,408 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/06/04 20:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
IE - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://my.att.net/"
FF - prefs.js..extensions.enabledItems: toolbar@duckduckgo.com:1.2.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/08 10:53:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 07:09:01 | 000,000,000 | ---D | M]

[2009/05/10 05:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions
[2009/05/03 04:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions
[2009/05/03 04:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/07/27 21:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions
[2009/06/06 20:14:18 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/05/10 07:47:22 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/05/21 00:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions\toolbar@duckduckgo.com
[2010/11/14 03:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions
[2010/11/11 04:36:19 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/11/02 09:57:58 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/02/24 00:26:11 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2010/11/08 01:44:44 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/11/11 04:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/11/01 04:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/11/07 23:58:27 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/11/11 04:36:23 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2009/07/22 06:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\toolbar@duckduckgo.com
[2010/11/14 03:36:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/22 05:35:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/05/03 05:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/06/17 13:11:43 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NpPopup.dll

O1 HOSTS File: ([2010/03/01 17:33:31 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll File not found
O3 - HKLM\..\Toolbar: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll File not found
O3 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\..\Toolbar\ShellBrowser: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\..\Toolbar\WebBrowser: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\Comodo Internet Security\cfp.exe ()
O4 - HKLM..\Run: [COMODO SafeSurf] C:\Program Files\COMODO\SafeSurf\cssurf.exe (COMODO)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [S3apphk] C:\WINDOWS\System32\S3apphk.exe ()
O4 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk = C:\Program Files\CallWave\IAM.exe (CallWave, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: ImTranslator - C:\Program Files\Smart Link\ImTranslator for IE\startup.html ()
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/04/20 04:16:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 06:24:46 | 000,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\...com [@ = comfile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^ADMIN^Start Menu^Programs^Startup^setup_9.0.0.722_02.11.2010_10-07.lnk - C:\Documents and Settings\ADMIN\Desktop\Virus Removal Tool\setup_9.0.0.722_02.11.2010_10-07\startup.exe - ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 05:46:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2010/11/14 05:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\BLEEPINCCOMPUTER FIX 13 NOV
[2010/11/14 03:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\MBAM LOGS QUARANTINE KEEP
[2010/11/13 10:50:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/11/13 09:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\GnuPG
[2010/11/13 08:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010/11/13 01:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\sams luck DELETE
[2010/11/12 01:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\PackageAware
[2010/11/10 20:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\SUPERAntiSpyware.com
[2010/11/10 20:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/10 10:32:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ADMIN\Recent
[2010/11/10 09:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\MSN Search Toolbar
[2010/11/07 23:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Tor
[2010/11/07 23:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Vidalia
[2010/11/07 23:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Vidalia Bundle
[2010/11/07 02:41:30 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage
[2010/11/02 10:58:47 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\1748698.sys
[2010/11/02 10:58:47 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\17486981.sys
[2010/11/02 10:58:47 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\17486982.sys
[2010/11/02 10:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\Virus Removal Tool
[2010/11/01 05:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\QuickScan
[2010/10/31 06:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\DESKTOP DOWNLOAD FOLDER
[2010/10/30 23:46:25 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\87109712.sys
[2010/10/30 23:44:26 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\8710971.sys
[2010/10/30 06:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\Downloads
[2010/10/28 01:15:54 | 000,000,000 | ---D | C] -- C:\VKBOMBirus Removal Tool
[2010/10/27 00:21:01 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/27 00:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/26 08:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/10/25 18:46:59 | 002,424,560 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware.exe
[2010/10/25 02:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\BC FIX 24 OCT 2010
[2010/10/23 02:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\ATT&T EMAIL
[2010/10/22 05:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/22 05:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/17 06:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\MALWARE LOGS
[2010/10/16 01:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\MY SCANNED STUFF

========== Files - Modified Within 30 Days ==========

[2010/11/14 05:53:50 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Defogger.exe
[2010/11/14 05:46:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2010/11/14 05:33:44 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\gmer.zip
[2010/11/13 10:55:29 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/11/13 10:46:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 01:17:36 | 000,027,163 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\COMODO LOG 8
[2010/11/12 07:12:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/11 10:25:39 | 000,000,284 | -HS- | M] () -- C:\BOOT.INI
[2010/11/11 07:48:36 | 000,033,583 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\COMODO LOG 7
[2010/11/11 00:05:44 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware.exe
[2010/11/07 07:02:51 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\LETTER.wps
[2010/11/07 00:14:39 | 000,001,476 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\CallWave.lnk
[2010/11/07 00:14:38 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk
[2010/11/06 06:01:58 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\cc_20101106_060149.reg
[2010/11/06 06:00:37 | 000,004,634 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\cc_20101106_055935.reg
[2010/11/04 20:48:25 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Paint (2).lnk
[2010/11/02 11:03:16 | 000,313,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/02 11:03:16 | 000,040,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/02 10:43:34 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\VOTE POST.wps
[2010/11/01 05:21:32 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\QuickScan Folder.lnk
[2010/10/31 03:44:29 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\SPELL CHECK.wps
[2010/10/31 03:18:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ADMIN\defogger_reenable
[2010/10/30 19:15:03 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\COMODO Internet Security.lnk
[2010/10/28 01:21:22 | 000,002,165 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Start.lnk
[2010/10/25 22:42:16 | 000,016,558 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\EVIL LITTLE CREATURES.htm

========== Files Created - No Company Name ==========

[2010/11/14 05:53:46 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Defogger.exe
[2010/11/14 05:33:13 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\gmer.zip
[2010/11/13 01:17:36 | 000,027,163 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\COMODO LOG 8
[2010/11/11 07:48:36 | 000,033,583 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\COMODO LOG 7
[2010/11/07 00:14:39 | 000,001,476 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\CallWave.lnk
[2010/11/07 00:14:36 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk
[2010/11/06 06:01:54 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\cc_20101106_060149.reg
[2010/11/06 05:59:51 | 000,004,634 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\cc_20101106_055935.reg
[2010/11/02 23:56:33 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/11/02 23:56:33 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk.disabled
[2010/11/02 23:56:31 | 000,002,180 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
[2010/11/02 10:43:33 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\VOTE POST.wps
[2010/11/01 05:21:20 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\QuickScan Folder.lnk
[2010/10/31 03:18:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ADMIN\defogger_reenable
[2010/10/30 19:36:55 | 000,002,165 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Start.lnk
[2010/10/25 22:42:15 | 000,016,558 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\EVIL LITTLE CREATURES.htm
[2009/11/02 05:39:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/08 02:55:20 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/06 01:35:17 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/06/06 00:40:36 | 000,003,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/06/03 04:30:05 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/05/25 01:55:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/05/25 01:50:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2009/05/09 05:09:23 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2009/05/09 05:06:40 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2009/05/09 05:05:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2009/05/03 03:28:22 | 000,143,096 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009/05/03 03:15:05 | 000,000,057 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2009/05/03 02:29:50 | 000,000,058 | ---- | C] () -- C:\WINDOWS\BGH 2005 SS 1.ini
[2006/05/29 13:47:31 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/05/29 13:47:29 | 000,000,055 | ---- | C] () -- C:\WINDOWS\KA.INI
[2006/02/21 15:22:46 | 008,940,869 | ---- | C] () -- C:\Program Files\Adobe.zip
[2006/02/02 15:04:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/02/01 23:06:51 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/01/18 20:45:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2006/01/18 20:45:09 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2006/01/18 20:45:09 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2006/01/18 20:45:09 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2005/12/30 21:10:01 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/12/30 03:02:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2002/04/26 03:23:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/21 00:24:15 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2002/04/21 00:24:15 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2002/04/21 00:16:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2002/04/21 00:16:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/04/20 06:28:06 | 000,004,478 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/04/20 06:19:46 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/04/20 05:26:01 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2002/04/20 05:26:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2002/04/20 05:25:32 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/04/20 04:20:31 | 000,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/20 04:04:05 | 000,000,666 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/19 21:08:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/03/30 01:49:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/03/27 21:37:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/03/12 10:25:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/09/01 05:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/08 20:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/06/19 14:20:14 | 000,037,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1997/06/18 06:00:00 | 001,672,976 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/18 06:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 06:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/06/22 00:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Auslogics
[2009/05/10 19:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\ieSpell
[2010/10/16 00:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Image Zone Express
[2002/04/20 06:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\InterTrust
[2010/11/10 09:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\MSN Search Toolbar
[2010/11/13 07:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\NCH Swift Sound
[2009/11/03 01:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\OpenOffice.org
[2010/11/02 08:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\QuickScan
[2009/05/04 02:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Template
[2009/06/03 06:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\TrueCrypt
[2002/04/20 06:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\VERITAS
[2002/04/20 06:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN WEB BROWSING\Application Data\InterTrust
[2010/11/10 00:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN WEB BROWSING\Application Data\MSN Search Toolbar
[2002/04/20 06:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN WEB BROWSING\Application Data\VERITAS
[2010/10/27 00:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/05/03 03:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2006/02/19 10:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2010/08/05 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/07/20 12:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/13 08:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2002/04/20 06:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2002/04/20 06:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\VERITAS

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >
[2010/08/31 13:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/04/19 21:07:21 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/04/19 21:07:21 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/04/19 21:07:21 | 000,376,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2002/04/20 04:16:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/05/09 05:14:20 | 019,624,680 | ---- | M] () -- C:\BellSouthIW.re~
[2009/06/10 01:53:35 | 000,000,200 | ---- | M] () -- C:\Boot.bak
[2010/11/11 10:25:39 | 000,000,284 | -HS- | M] () -- C:\BOOT.INI
[2009/06/28 07:34:25 | 000,000,700 | ---- | M] () -- C:\Bug.txt
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2002/04/20 04:16:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/11/28 03:55:54 | 000,000,000 | ---- | M] () -- C:\Documents
[2002/04/26 02:45:35 | 000,012,919 | ---- | M] () -- C:\FINIS_IT.TXT
[2002/04/20 04:16:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/28 01:41:45 | 002,854,351 | ---- | M] () -- C:\Microburner.log
[2002/04/20 04:16:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/23 18:55:46 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/05/16 20:24:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/13 10:46:22 | 2621,440,000 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2005/10/14 21:41:46 | 000,072,192 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\Comodo\Comodo Internet Security\cfp.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\ADMIN\Desktop\mbk622n2.exe:SummaryInformation

< End of report >

For the GMER log, I don't know if I had the program set right when I ran it. I understood the instructions to say UN check the little box for C:\ drive so that is what I did. Then while it was running I noticed in the picture in the preparation guide that is was shown ticked. Let me know if I need to tick that C:\ box and run it again.


OTL logfile created on: 11/14/2010 6:10:59 AM - Run 4
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\ADMIN\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

126.00 Mb Total Physical Memory | 34.00 Mb Available Physical Memory | 27.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 51.05 Gb Total Space | 35.77 Gb Free Space | 70.08% Space Free | Partition Type: NTFS
Drive D: | 4.87 Gb Total Space | 0.92 Gb Free Space | 18.87% Space Free | Partition Type: FAT32
Drive E: | 678.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WENDYS-BOX | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 05:46:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
PRC - [2010/10/30 19:30:12 | 001,797,880 | ---- | M] () -- C:\Program Files\Comodo\Comodo Internet Security\cfp.exe
PRC - [2010/05/25 19:10:34 | 005,475,403 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
PRC - [2010/05/17 14:57:18 | 002,162,176 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Tor\tor.exe
PRC - [2010/02/01 00:45:22 | 000,181,248 | ---- | M] () -- C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
PRC - [2009/05/03 04:07:22 | 000,278,264 | ---- | M] (COMODO) -- C:\Program Files\Comodo\SafeSurf\cssurf.exe
PRC - [2009/05/03 04:03:00 | 000,614,136 | ---- | M] () -- C:\Program Files\Comodo\Comodo Internet Security\cmdagent.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/01/18 20:53:30 | 000,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2002/03/16 05:51:02 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\S3apphk.exe


========== Modules (SafeList) ==========

MOD - [2010/11/14 05:46:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2002/03/16 05:51:02 | 000,045,056 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\S3appdll.dll
MOD - [2001/11/11 15:41:07 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\SANDBOXIE\SbieSvc.exe -- (SbieSvc)
SRV - File not found [On_Demand | Stopped] -- C:\DOCUME~1\ADMIN\LOCALS~1\Temp\ODETJ.exe -- (ODETJ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2009/05/03 04:03:00 | 000,614,136 | ---- | M] () [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2006/01/18 20:53:30 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\LxrJD31s.exe -- (LxrJD31s)
SRV - [2005/03/14 11:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\SANDBOXIE\SbieDrv.sys -- (SbieDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\FREEDOM.SYS -- (Freedom)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/09 02:29:49 | 000,027,136 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2009/06/03 05:45:18 | 000,217,536 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009/05/03 04:03:10 | 000,099,856 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009/05/03 04:03:10 | 000,079,504 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2009/05/03 04:03:10 | 000,031,504 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2008/04/13 18:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 18:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/01/18 20:53:30 | 000,069,824 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LxrJD31d.sys -- (LxrJD31d)
DRV - [2005/04/13 22:31:30 | 000,239,488 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)
DRV - [2004/10/08 01:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 05:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 20:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2002/03/27 01:20:22 | 000,013,780 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/03/21 05:35:56 | 000,144,860 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\trid3dm.sys -- (trid3d)
DRV - [2002/03/19 09:18:26 | 000,187,520 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/03/14 17:25:00 | 000,094,679 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2002/03/14 17:25:00 | 000,088,758 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2002/03/14 17:25:00 | 000,052,758 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2002/03/14 17:25:00 | 000,034,743 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2002/03/14 17:25:00 | 000,023,607 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2002/03/14 17:25:00 | 000,013,847 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2002/03/14 17:25:00 | 000,006,327 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2002/03/14 17:25:00 | 000,004,119 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2002/03/14 17:25:00 | 000,002,203 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2002/03/09 23:53:00 | 000,909,501 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/02/15 17:21:00 | 000,078,048 | ---- | M] (VERITAS Software, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2002/02/12 16:56:00 | 000,040,096 | ---- | M] (VERITAS Software, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2002/01/29 07:04:04 | 000,005,589 | ---- | M] (VERITAS Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2002/01/29 07:03:18 | 000,022,963 | ---- | M] (VERITAS Software, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2001/12/27 10:52:58 | 000,027,136 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGP.sys -- (SISAGP)
DRV - [2001/12/08 04:26:00 | 000,013,502 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/18 04:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 19:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4)
DRV - [2001/08/08 20:13:36 | 000,158,140 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001/08/08 20:13:30 | 000,012,479 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2001/08/08 20:13:30 | 000,012,031 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2001/08/08 20:13:30 | 000,011,679 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2001/08/08 20:13:28 | 000,019,359 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2001/08/08 20:13:28 | 000,011,999 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2001/08/08 20:13:26 | 000,033,503 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2001/08/08 20:13:24 | 000,029,215 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2001/08/08 20:13:24 | 000,023,519 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2001/08/08 20:13:24 | 000,019,199 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2001/06/19 14:20:14 | 000,037,408 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/06/04 20:00:00 | 000,014,112 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.att.net/
IE - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ftp=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://my.att.net/"
FF - prefs.js..extensions.enabledItems: toolbar@duckduckgo.com:1.2.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/08 10:53:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 07:09:01 | 000,000,000 | ---D | M]

[2009/05/10 05:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Extensions
[2009/05/03 04:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions
[2009/05/03 04:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/07/27 21:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions
[2009/06/06 20:14:18 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/05/10 07:47:22 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/05/21 00:29:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\6j74vj6s.default\extensions\toolbar@duckduckgo.com
[2010/11/14 03:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions
[2010/11/11 04:36:19 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2009/11/02 09:57:58 | 000,000,000 | ---D | M] (Dr.Web anti-virus link checker) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{6614d11d-d21d-b211-ae23-815234e1ebb5}
[2010/02/24 00:26:11 | 000,000,000 | ---D | M] (CookieCuller) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}
[2010/11/08 01:44:44 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010/11/11 04:36:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/11/01 04:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/11/07 23:58:27 | 000,000,000 | ---D | M] (Torbutton) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/11/11 04:36:23 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2009/07/22 06:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\toolbar@duckduckgo.com
[2010/11/14 03:36:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/22 05:35:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/05/03 05:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/06/17 13:11:43 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NpPopup.dll

O1 HOSTS File: ([2010/03/01 17:33:31 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (MSN Search Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll File not found
O3 - HKLM\..\Toolbar: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll File not found
O3 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\..\Toolbar\ShellBrowser: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O3 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\..\Toolbar\WebBrowser: (&hp toolkit) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\hp\EXPLOREBAR\HPTOOLKT.DLL (Hewlett-Packard Company)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\Comodo\Comodo Internet Security\cfp.exe ()
O4 - HKLM..\Run: [COMODO SafeSurf] C:\Program Files\COMODO\SafeSurf\cssurf.exe (COMODO)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [S3apphk] C:\WINDOWS\System32\S3apphk.exe ()
O4 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe File not found
O4 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk = C:\Program Files\CallWave\IAM.exe (CallWave, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk.disabled ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-us\bin\WindowsSearch.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: ImTranslator - C:\Program Files\Smart Link\ImTranslator for IE\startup.html ()
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ADMIN\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/04/20 04:16:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 06:24:46 | 000,000,000 | ---D | M] - C:\AutoRuns -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2647865256-2038945071-357464061-1008\...com [@ = comfile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^ADMIN^Start Menu^Programs^Startup^setup_9.0.0.722_02.11.2010_10-07.lnk - C:\Documents and Settings\ADMIN\Desktop\Virus Removal Tool\setup_9.0.0.722_02.11.2010_10-07\startup.exe - ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 05:46:05 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2010/11/14 05:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\BLEEPINCCOMPUTER FIX 13 NOV
[2010/11/14 03:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\MBAM LOGS QUARANTINE KEEP
[2010/11/13 10:50:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/11/13 09:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\GnuPG
[2010/11/13 08:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2010/11/13 01:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\sams luck DELETE
[2010/11/12 01:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\PackageAware
[2010/11/10 20:59:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\SUPERAntiSpyware.com
[2010/11/10 20:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/11/10 10:32:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\ADMIN\Recent
[2010/11/10 09:32:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\MSN Search Toolbar
[2010/11/07 23:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Tor
[2010/11/07 23:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\Vidalia
[2010/11/07 23:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\Vidalia Bundle
[2010/11/07 02:41:30 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage
[2010/11/02 10:58:47 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\1748698.sys
[2010/11/02 10:58:47 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\17486981.sys
[2010/11/02 10:58:47 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\17486982.sys
[2010/11/02 10:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\Virus Removal Tool
[2010/11/01 05:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Application Data\QuickScan
[2010/10/31 06:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\DESKTOP DOWNLOAD FOLDER
[2010/10/30 23:46:25 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\87109712.sys
[2010/10/30 23:44:26 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\8710971.sys
[2010/10/30 06:28:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\Downloads
[2010/10/28 01:15:54 | 000,000,000 | ---D | C] -- C:\VKBOMBirus Removal Tool
[2010/10/27 00:21:01 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/10/27 00:20:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/26 08:05:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2010/10/25 18:46:59 | 002,424,560 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware.exe
[2010/10/25 02:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\BC FIX 24 OCT 2010
[2010/10/23 02:54:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\Desktop\ATT&T EMAIL
[2010/10/22 05:40:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/10/22 05:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/17 06:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\MALWARE LOGS
[2010/10/16 01:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ADMIN\My Documents\MY SCANNED STUFF

========== Files - Modified Within 30 Days ==========

[2010/11/14 05:53:50 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Defogger.exe
[2010/11/14 05:46:05 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ADMIN\Desktop\OTL.exe
[2010/11/14 05:33:44 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\gmer.zip
[2010/11/13 10:55:29 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2010/11/13 10:46:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/13 01:17:36 | 000,027,163 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\COMODO LOG 8
[2010/11/12 07:12:20 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/11 10:25:39 | 000,000,284 | -HS- | M] () -- C:\BOOT.INI
[2010/11/11 07:48:36 | 000,033,583 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\COMODO LOG 7
[2010/11/11 00:05:44 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware.exe
[2010/11/07 07:02:51 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\LETTER.wps
[2010/11/07 00:14:39 | 000,001,476 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\CallWave.lnk
[2010/11/07 00:14:38 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk
[2010/11/06 06:01:58 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\cc_20101106_060149.reg
[2010/11/06 06:00:37 | 000,004,634 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\cc_20101106_055935.reg
[2010/11/04 20:48:25 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Paint (2).lnk
[2010/11/02 11:03:16 | 000,313,276 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/02 11:03:16 | 000,040,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/02 10:43:34 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\VOTE POST.wps
[2010/11/01 05:21:32 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\QuickScan Folder.lnk
[2010/10/31 03:44:29 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\SPELL CHECK.wps
[2010/10/31 03:18:15 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\ADMIN\defogger_reenable
[2010/10/30 19:15:03 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\COMODO Internet Security.lnk
[2010/10/28 01:21:22 | 000,002,165 | ---- | M] () -- C:\Documents and Settings\ADMIN\Desktop\Start.lnk
[2010/10/25 22:42:16 | 000,016,558 | ---- | M] () -- C:\Documents and Settings\ADMIN\My Documents\EVIL LITTLE CREATURES.htm

========== Files Created - No Company Name ==========

[2010/11/14 05:53:46 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Defogger.exe
[2010/11/14 05:33:13 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\gmer.zip
[2010/11/13 01:17:36 | 000,027,163 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\COMODO LOG 8
[2010/11/11 07:48:36 | 000,033,583 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\COMODO LOG 7
[2010/11/07 00:14:39 | 000,001,476 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\CallWave.lnk
[2010/11/07 00:14:36 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk
[2010/11/06 06:01:54 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\cc_20101106_060149.reg
[2010/11/06 05:59:51 | 000,004,634 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\cc_20101106_055935.reg
[2010/11/02 23:56:33 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/11/02 23:56:33 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk.disabled
[2010/11/02 23:56:31 | 000,002,180 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
[2010/11/02 10:43:33 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\VOTE POST.wps
[2010/11/01 05:21:20 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\QuickScan Folder.lnk
[2010/10/31 03:18:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\ADMIN\defogger_reenable
[2010/10/30 19:36:55 | 000,002,165 | ---- | C] () -- C:\Documents and Settings\ADMIN\Desktop\Start.lnk
[2010/10/25 22:42:15 | 000,016,558 | ---- | C] () -- C:\Documents and Settings\ADMIN\My Documents\EVIL LITTLE CREATURES.htm
[2009/11/02 05:39:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/06/08 02:55:20 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\ADMIN\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/06 01:35:17 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/06/06 00:40:36 | 000,003,188 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/06/03 04:30:05 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/05/25 01:55:49 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009/05/25 01:50:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2009/05/09 05:09:23 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2009/05/09 05:06:40 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\BJAXSecurityManager.dll
[2009/05/09 05:05:39 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\BJInstaller.dll
[2009/05/03 03:28:22 | 000,143,096 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll
[2009/05/03 03:15:05 | 000,000,057 | ---- | C] () -- C:\WINDOWS\dcmvwr.INI
[2009/05/03 02:29:50 | 000,000,058 | ---- | C] () -- C:\WINDOWS\BGH 2005 SS 1.ini
[2006/05/29 13:47:31 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2006/05/29 13:47:29 | 000,000,055 | ---- | C] () -- C:\WINDOWS\KA.INI
[2006/02/21 15:22:46 | 008,940,869 | ---- | C] () -- C:\Program Files\Adobe.zip
[2006/02/02 15:04:29 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/02/01 23:06:51 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/01/18 20:45:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2006/01/18 20:45:09 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2006/01/18 20:45:09 | 000,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2006/01/18 20:45:09 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2005/12/30 21:10:01 | 000,000,024 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2005/12/30 03:02:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2002/04/26 03:23:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/04/21 00:24:15 | 000,377,600 | ---- | C] () -- C:\WINDOWS\System32\BOCOLE.DLL
[2002/04/21 00:24:15 | 000,167,456 | ---- | C] () -- C:\WINDOWS\System32\Bocof.dll
[2002/04/21 00:16:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpREG.DLL
[2002/04/21 00:16:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2002/04/20 06:28:06 | 000,004,478 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2002/04/20 06:19:46 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2002/04/20 05:26:01 | 000,249,921 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM15.dll
[2002/04/20 05:26:01 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes15.dll
[2002/04/20 05:25:32 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2002/04/20 04:20:31 | 000,000,799 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/04/20 04:04:05 | 000,000,666 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/04/19 21:08:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/03/30 01:49:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/03/27 21:37:52 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\shpshftr.dll
[2002/03/12 10:25:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\igfxdgps.dll
[2001/09/01 05:33:58 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\VxDMDcDlg.dll
[2001/08/08 20:13:22 | 000,012,351 | ---- | C] () -- C:\WINDOWS\System32\i81xcoin.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2001/06/19 14:20:14 | 000,037,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[1997/06/18 06:00:00 | 001,672,976 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997/06/18 06:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/06/18 06:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== LOP Check ==========

[2009/06/22 00:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Auslogics
[2009/05/10 19:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\ieSpell
[2010/10/16 00:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Image Zone Express
[2002/04/20 06:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\InterTrust
[2010/11/10 09:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\MSN Search Toolbar
[2010/11/13 07:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\NCH Swift Sound
[2009/11/03 01:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\OpenOffice.org
[2010/11/02 08:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\QuickScan
[2009/05/04 02:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\Template
[2009/06/03 06:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\TrueCrypt
[2002/04/20 06:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN\Application Data\VERITAS
[2002/04/20 06:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN WEB BROWSING\Application Data\InterTrust
[2010/11/10 00:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN WEB BROWSING\Application Data\MSN Search Toolbar
[2002/04/20 06:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ADMIN WEB BROWSING\Application Data\VERITAS
[2010/10/27 00:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/05/03 03:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2006/02/19 10:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2010/08/05 21:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2006/07/20 12:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/11/13 08:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2002/04/20 06:04:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\InterTrust
[2002/04/20 06:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\VERITAS

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\*.sys /90 >
[2010/08/31 13:42:52 | 001,852,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2002/04/19 21:07:21 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2002/04/19 21:07:21 | 000,606,208 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2002/04/19 21:07:21 | 000,376,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2002/04/20 04:16:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/05/09 05:14:20 | 019,624,680 | ---- | M] () -- C:\BellSouthIW.re~
[2009/06/10 01:53:35 | 000,000,200 | ---- | M] () -- C:\Boot.bak
[2010/11/11 10:25:39 | 000,000,284 | -HS- | M] () -- C:\BOOT.INI
[2009/06/28 07:34:25 | 000,000,700 | ---- | M] () -- C:\Bug.txt
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2002/04/20 04:16:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/11/28 03:55:54 | 000,000,000 | ---- | M] () -- C:\Documents
[2002/04/26 02:45:35 | 000,012,919 | ---- | M] () -- C:\FINIS_IT.TXT
[2002/04/20 04:16:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/01/28 01:41:45 | 002,854,351 | ---- | M] () -- C:\Microburner.log
[2002/04/20 04:16:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/23 18:55:46 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/05/16 20:24:39 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/13 10:46:22 | 2621,440,000 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2005/10/14 21:41:46 | 000,072,192 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp43a.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Program Files\Comodo\Comodo Internet Security\cfp.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\ADMIN\Desktop\SUPERAntiSpyware.exe:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\ADMIN\Desktop\mbk622n2.exe:SummaryInformation

< End of report >
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-14 10:25:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SV6003H rev.QQ100-07
Running: gmer.exe; Driver: C:\DOCUME~1\ADMIN\LOCALS~1\Temp\fwdiqkog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF7FB97B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF7FB8D16]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF7FB9372]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xF7FB9F80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xF7FB8A70]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF7FBAC70]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF7FB999C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xF7FB8646]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xF7FB9BEA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xF7FB9D9A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xF7FB84F8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF7FBA8F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF7FB8F5C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF7FB95AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xF7FB8228]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF7FB91EC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xF7FB83A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xF7FBA346]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF7FB8B8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xF7FBA6AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF7FBAAA0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xF7FBA146]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF7FB8EF6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF7FB90E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xF7FB893A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF7FB8808]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 148 804E27B4 4 Bytes JMP 27F7FB9B

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1060] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----


See anything that looks EVIL in any of that stuff?

Thanks for your time.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 14 November 2010 - 07:23 AM

Hello, Wendy K. Walker.

OK, definitely sounds like malware. No worries about the changes, that's why I asked for a new log. :) Now that we're working together, please don't do that, but it's perfectly understandable when your log isn't picked up.

Yes, that graphic is supposed to say to uncheck everything except C:\. Please run GMER again, with C:\ checked. Sorry for the confusion.

Also, one user has a proxy set up. Do you know anything about this? It can be legit which is why I am asking:

"ProxyServer" = ftp=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050



In your reply, please post the new GMER log and the answer about the proxy.

etavares

Edited by etavares, 14 November 2010 - 07:23 AM.
fix BBCode


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:07:23 PM

Posted 14 November 2010 - 09:39 PM

Hi etavares, Thanks for your prompt reply, and understanding the error I had made running GMER the first time around.

I notice that you have a three day window for me to reply to your replies, so I need to tell you, that due to some health problems that I have, that there may be times that I can't respond to you that quick, and ask that you give me a little leeway in that respect.

However, if I know ahead of time that I won't be able to respond to you for longer than four days I'll post that info so that you can put my topic on hold till I can get back to you.

This Tutorial by Grinler is EXCELLENT, however, that one item could definitely stand some clarification to prevent similar problems in the future.

In my last reply I had failed to include the error messages that I had gotten while running that application. I got three of them this time around. They were all three the same and all three seem to connected to ...\system32\ntdll.dll. anyway here it is;

ERROR C:\WINDOWS\system32\comfig\system: The process cannot access the file because it is being used by another process, to which I clicked OK to continue.

As to your question,

Also, one user has a proxy set up. Do you know anything about this? It can be legit which is why I am asking:

The answer is "Yes". I am running TOR, so it is a legit Proxy server.

Here is new the log:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-14 23:56:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SV6003H rev.QQ100-07
Running: gmer.exe; Driver: C:\DOCUME~1\ADMIN\LOCALS~1\Temp\fwdiqkog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF7FB97B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF7FB8D16]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF7FB9372]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xF7FB9F80]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xF7FB8A70]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF7FBAC70]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF7FB999C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xF7FB8646]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xF7FB9BEA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xF7FB9D9A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xF7FB84F8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF7FBA8F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF7FB8F5C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF7FB95AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xF7FB8228]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF7FB91EC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xF7FB83A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xF7FBA346]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF7FB8B8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xF7FBA6AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF7FBAAA0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xF7FBA146]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF7FB8EF6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF7FB90E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xF7FB893A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF7FB8808]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 148 804E27B4 4 Bytes JMP 27F7FB9B

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior; copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- EOF - GMER 1.0.15 ----

Do you see anything that looks EVIL, other that those last two entries, and would looking at the last few scan logs from SAS and MBAM help you pin down what ever it is that is currently TORMENTING me?

Also, is there ANY WAY that I can backtrack a "Tracking Cookie" to find out what web site set the EVIL little rascal an my machine, and black list that site?

Thanks for your help, and any info that you might have on those cookies.


Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 15 November 2010 - 07:06 PM

Hello, Wendy K. Walker.

Yeah, I saw you had the Vidalia package installed, but had to ask. :) We'll leave that alone.

Those are suspicious entries, so we'll move onto Combofix. The GMER log didn't show a MBR infection (it would be in sector 0), but those other entries can be symptoms of infection. Let's move onto Combofix.



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares

Edited by etavares, 15 November 2010 - 07:07 PM.
wrong paste


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:07:23 PM

Posted 16 November 2010 - 02:39 AM

Hi etavares, Thanks for the prompt reply.

You said;

Yeah, I saw you had the Vidalia package installed, but had to ask.

Are you up to date with the workings of TOR, and if not could you tell me the right Forum to post questions about it in?

I tried to do the COMBOFIX thing, however, I couldn't get it to run, even after three tries at it.

I kept getting an ERROR message saying that it couldn't create, or access, some files, then it just stalled out. So I switched to Safe Mode With Networking and gave it another go.

That didn't work either, but this time I got a different ERROR message. I did a screen capture of this one and if I can figure out how to do it I will stick it on this reply.

Then I remembered that COMBOFIX never has worked, for me, on this machine, in normal or safe mode either one.

Anyway, I just ran BitDefender, as it seems to be the only thing that wants to stay updated and run, on this machine right now, and I'm posting the log that it made so that you can see if it turned up anything that looks odd to you.

QuickScan Beta 32-bit v0.9.9.52
-------------------------------
Scan date: Tue Nov 16 07:17:56 2010
Machine ID: 68D1D0A5



No infection found.
-------------------



Processes
---------
(unsigned) polipo.exe 236 C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
(unsigned) tor.exe 220 C:\Program Files\Vidalia Bundle\Tor\tor.exe
(unsigned) vidalia.exe 192 C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe

(verified) CBOMBcfp.exe 1428 C:\Program Files\Comodo\Comodo Internet Security\CBOMBcfp.exe
(verified) Firefox 656 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Microsoft® Windows® Operating System 1756 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 420 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 500 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 488 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 364 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 648 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 736 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 828 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 856 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 964 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 280 C:\WINDOWS\system32\taskmgr.exe
(verified) Microsoft® Windows® Operating System 444 C:\WINDOWS\system32\winlogon.exe


Network activity
----------------
Process tor.exe (220) connected on port 9001 --> 69.71.222.187
Process tor.exe (220) connected on port 443 (HTTP over SSL) --> 194.109.206.212
Process tor.exe (220) connected on port 9001 --> 85.17.254.135
Process tor.exe (220) connected on port 9001 --> 213.163.65.50

Process svchost.exe (736) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
(unsigned) Direct Access Component C:\WINDOWS\system32\dla\tfswctrl.exe
(unsigned) hp digital imaging C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(unsigned) vidalia.exe C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe

(verified) CallWave Service C:\Program Files\CallWave\IAM.exe
(verified) cfp.exe C:\Program Files\Comodo\Comodo Internet Security\cfp.exe
(verified) COMODO SafeSurf C:\Program Files\COMODO\SafeSurf\cssurf.exe
(verified) Hewlett-Packard Company KBD EXE C:\HP\KBD\KBD.EXE
(verified) Hewlett-Packard Company PS2 EXE C:\WINDOWS\system32\ps2.exe
(verified) hp digital imaging C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(verified) hphprld.exe c:\hp\drivers\printers\photosmart\hphprld.exe
(verified) hpsysdrv c:\windows\system\hpsysdrv.exe
(verified) Intel® Common User Interface C:\WINDOWS\System32\hkcmd.exe
(verified) Intel® Common User Interface C:\WINDOWS\system32\igfxsrvc.dll
(verified) Intel® Common User Interface C:\WINDOWS\System32\igfxtray.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
(verified) NVIDIA nView Control Panel, Version 28. C:\WINDOWS\system32\nwiz.exe
(verified) Recguard Application C:\WINDOWS\SMINST\RECGUARD.EXE
(verified) S3apphk.exe C:\WINDOWS\system32\S3apphk.exe
(verified) SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
(verified) SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
(verified) Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll


Browser plugins
---------------
(unsigned) InterTrust Redemption Wizard C:\Program Files\Internet Explorer\plugins\NPDocBox.dll
(unsigned) Java™ Platform SE 6 U22 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) NpPopup.dll C:\Program Files\Mozilla Firefox\plugins\NpPopup.dll

(verified) AcroIEHelper Module c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) ECOM Loader C:\WINDOWS\Downloaded Program Files\ecmldr32.dll
(verified) ECOM Server C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll
(verified) hp toolkit c:\hp\explorebar\hptoolkt.dll
(verified) Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java™ Platform SE 6 U22 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java™ Platform SE 6 U22 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
(verified) Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
(verified) NAVAPI C:\WINDOWS\Downloaded Program Files\navapi32.dll
(verified) Panda ActiveScan 2.0 C:\WINDOWS\Downloaded Program Files\as2stubie.dll
(verified) Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\naveng32.dll
(verified) Symantec Antivirus Engine C:\WINDOWS\Downloaded Program Files\navex32a.dll
(verified) Symantec Security Check C:\WINDOWS\Downloaded Program Files\avsniff.dll
(verified) Symantec Security Check C:\WINDOWS\Downloaded Program Files\rufsi.dll
(verified) TODO: <Product name> C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


Missing files
-------------
File not found: C:\DOCUME~1\ADMIN\LOCALS~1\Temp\ODETJ.exe
--> HKLM\System\ControlSet001\services\ODETJ\"ImagePath"

File not found: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"SUPERAntiSpyware"

File not found: C:\SANDBOXIE\SbieDrv.sys
--> HKLM\System\ControlSet001\services\SbieDrv\"ImagePath"

File not found: C:\SANDBOXIE\SbieSvc.exe
--> HKLM\System\ControlSet001\services\SbieSvc\"ImagePath"

File not found: C:\WINDOWS\System32\appmgmts.dll
--> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

File not found: NvQTwk
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"NvCplDaemon"

File not found: System32\DRIVERS\FREEDOM.SYS
--> HKLM\System\ControlSet001\services\Freedom\"ImagePath"

File not found: c:\Program Files\Microsoft Works\WkDetect.exe
--> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"Microsoft Works Update Detection"

File not found: c:\program files\msn toolbar suite\tb\02.05.0001.1119\en-us\msntb.dll
--> HKCR\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32\"(default)"
--> HKCR\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\InprocServer32\"(default)"


Scan
----
(unsigned) MD5: 4c6468bdc7485502c21f0c12d9c1f1d5 C:\Documents and Settings\ADMIN\Application Data\Mozilla\Firefox\Profiles\udeoiorw.ADMIN\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
(unsigned) MD5: 98640b68533abe58b8d46f2bbe296e3e C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe
(unsigned) MD5: 65ed174c0b836d4cfa489712278cef7b C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(unsigned) MD5: 0cbe3e4166a08fc379eabf532b4efe18 C:\Program Files\Internet Explorer\plugins\NPDocBox.dll
(unsigned) MD5: 3ed8e561044723c6039a8a20a3ae60cc C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) MD5: c45acc127f6f735f2dab67ef0df763da C:\Program Files\Mozilla Firefox\freebl3.dll
(unsigned) MD5: 4e9609521fc1e0687daf47541b2c0da1 C:\Program Files\Mozilla Firefox\nssdbm3.dll
(unsigned) MD5: 2173ab2506553884c183b40e064f4dbd C:\Program Files\Mozilla Firefox\plugins\NpPopup.dll
(unsigned) MD5: e776d886684937a140b1b68077760441 C:\Program Files\Mozilla Firefox\softokn3.dll
(unsigned) MD5: 3ef2a4bd267ac889cf90d0ec80cc9a11 C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
(unsigned) MD5: cc3005ad22cdb2981396cbc9a63fd349 C:\Program Files\Vidalia Bundle\Polipo\libgnurx-0.dll
(unsigned) MD5: 96c2f6a9c036d7d3ace1666fae287e49 C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
(unsigned) MD5: eb692e98e15253ce90f92792bbf860a4 C:\Program Files\Vidalia Bundle\Tor\tor.exe
(unsigned) MD5: 1fbc15bc79fb4a3613f022d3abed0752 C:\Program Files\Vidalia Bundle\Vidalia\libeay32.dll
(unsigned) MD5: c4b4409f186da70fcf2bcc60d5f05489 C:\Program Files\Vidalia Bundle\Vidalia\libgcc_s_dw2-1.dll
(unsigned) MD5: dbda60d92e774b4acb3b1cd71f909426 C:\Program Files\Vidalia Bundle\Vidalia\mingwm10.dll
(unsigned) MD5: d0f6161d6d46ba4b4e305c928e8a12b5 C:\Program Files\Vidalia Bundle\Vidalia\QtCore4.dll
(unsigned) MD5: 277c3c9c246c038282c1b08e4f029baf C:\Program Files\Vidalia Bundle\Vidalia\QtGui4.dll
(unsigned) MD5: 7f2fa54bd8f390f7bf75fad2367e5f6a C:\Program Files\Vidalia Bundle\Vidalia\QtNetwork4.dll
(unsigned) MD5: c77714e2e55fcd43bff7df3b2bbf654c C:\Program Files\Vidalia Bundle\Vidalia\QtXml4.dll
(unsigned) MD5: 8fa61a87f6bf7447f13df97d9072cc6f C:\Program Files\Vidalia Bundle\Vidalia\ssleay32.dll
(unsigned) MD5: 702b66cb9c2fa0a3bb286ee807f75060 C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
(unsigned) MD5: 7f975769ab303c2432b31ba55e4569c7 C:\WINDOWS\system32\dla\tfsnboio.sys
(unsigned) MD5: 90cfd937019cf62c7e9c656c01e0e6ad C:\WINDOWS\system32\dla\tfsnopio.sys
(unsigned) MD5: 1cb0df2775be778819e8b53cd71250c5 C:\WINDOWS\system32\dla\tfsnudf.sys
(unsigned) MD5: 946bab1251f68c29d60162ad45121862 C:\WINDOWS\system32\dla\tfswctrl.exe
(unsigned) MD5: ffc29800582d81df841385cd850cb05e C:\WINDOWS\system32\drivers\DRVNDDM.sys
(unsigned) MD5: 3f6f7993ae46aded2db2886ed3080c80 C:\WINDOWS\system32\drivers\LXRJD31D.sys
(unsigned) MD5: 79e924e9126bc541d6e1c76e9b077bb7 C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
(unsigned) MD5: 54bc894d4af6468f0c54f867f816a2e8 C:\WINDOWS\system32\drivers\SBCPHID.sys
(unsigned) MD5: fdf219e0b6a5cbba34424ac361030aed C:\WINDOWS\system32\drivers\SSRTLN.sys
(unsigned) MD5: 1e6e7740db439f639142f4acab41f906 C:\WINDOWS\system32\LxrJD31s.exe


No file uploaded.

Scan finished - communication took 6 sec
Total traffic - 0.03 MB sent, 0.59 KB recvd
Scanned 757 files and modules - 176 seconds

==============================================================================

Thanks again for your help with this.


Wendy

Attached Files


TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 17 November 2010 - 08:03 PM

Hello, Wendy K. Walker.

Ok, that could be the malware interfering with the download. To confirm, did you rename Combofix.exe to etavares.exe while downloading it? (E.g. not downloading, then renaming it). If not, please try that.

If you did try that, then please move on to these steps below.

As for Tor, I don't have a good forum to direct you to..I'm not sure which are good or not. I only played around with it once a while back.



Step 1

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • extract RKUnhooker to your desktop
    Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file
    you can get a free one from here - http://www.7-zip.org/
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".



Step 2

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.



Step 3


You mentioned in your first thread that your a/v kept detecting and cleaning something. Can you post the last round of entries? You should be able to export a log. If you're not sure how, just let me know.



etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 Wendy K. Walker

Wendy K. Walker
  • Topic Starter

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:In The Treeline 300 Yards Behind You, Tracking Your Every Move Through A Sniper Scope
  • Local time:07:23 PM

Posted 18 November 2010 - 06:12 AM

Hi etavares, Thanks for your prompt reply.

First off I want to say that whatever it is that is pulling on my chain has now managed to be able to prevent me from accesing my proxie server in Normal Mode. So I'm trying to do this in Safe Mode.

You said;

Ok, that could be the malware interfering with the download. To confirm, did you rename Combofix.exe to etavares.exe while downloading it? (E.g. not downloading, then renaming it). If not, please try that.

That is what I figure too, but if it is it should be listed in the Genius [SP?] Book of World Records as the longest living, and SMARTEST piece of fricking Malware in history.

I remember having tried to download COMBOFIX at least a dozen times, doing like you said to do, and changing its name to several other names,WITHOUT any success, when I had someone helping me with a HJT log on another site. That sucker would just NEVER work. And, Yes, I renamed it before saving it this time too.

You asked;

You mentioned in your first thread that your a/v kept detecting and cleaning something. Can you post the last round of entries? You should be able to export a log. If you're not sure how, just let me know.

If I can figure out how to get those suckers copied I'll add them to the bottom of this reply.

I tried once before but nothing I did wanted to work, and I couldn't find an Export button anywhere either, so you might have to tell me how to do it.

I just downloaded all of the tools that you have recommended and am going to run them now. Here is the RKUnhookerLE.exe log.

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xFC406000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xFBFD3000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xFC287000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xFC106000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xFBB80000 C:\WINDOWS\System32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xFC537000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xFC3C7000 C:\WINDOWS\System32\DRIVERS\NDIS.SYS 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xFC06B000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xFC0B8000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xFC0E0000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xFBFAF000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xFC30D000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xFC331000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xFC096000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xFC4CF000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xFC507000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xFC3AD000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xFC4EF000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xFBF97000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xFC493000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xFC2F6000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xFC192000 C:\WINDOWS\System32\drivers\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xFC4AA000 drvmcdb.sys 77824 bytes (VERITAS Software, Inc., Device Driver)
0xFC15F000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xFC3F4000 inspect.sys 73728 bytes (COMODO, COMODO Internet Security Firewall Driver)
0xFC4BD000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xFC526000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xFC2E5000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xFC766000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xFC646000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xFC656000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xFC6D6000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xFC5D6000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xFC616000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xFC666000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBFF50000 C:\WINDOWS\System32\vga256.dll 53248 bytes (Microsoft Corporation, 256 Color VGA\SVGA Display Driver)
0xFC5B6000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xFC686000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xFC5F6000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xFC626000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xFC5A6000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xFC676000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xFC5E6000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xFC596000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xFC6C6000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xFC6A6000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xFC636000 C:\WINDOWS\System32\Drivers\AFS2K.SYS 36864 bytes (Oak Technology Inc., Audio File System)
0xFC5C6000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xFC756000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xFC696000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xFC716000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xFC586000 Normandy.sys 36864 bytes (RKU Driver)
0xFC90E000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xFC93E000 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xFC91E000 C:\WINDOWS\System32\DRIVERS\cmdhlp.sys 28672 bytes (COMODO, COMODO Internet Security Helper Driver)
0xFC85E000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xFC94E000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xFC806000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xFC81E000 SISAGP.sys 28672 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xFC986000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xFC846000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xFC8AE000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xFC84E000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xFC83E000 C:\WINDOWS\System32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver)
0xFC8E6000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (VERITAS Software, Inc., Shared Driver Component)
0xFC876000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xFC8EE000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xFC8C6000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xFC8FE000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xFC80E000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xFC896000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xFC8A6000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xFC816000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xFC886000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xFC26A000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xFCA42000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xFBE23000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xFC99A000 PxHelp20.sys 16384 bytes (VERITAS Software, Inc., PxHelper Device Driver for Windows 2000)
0xFC996000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xFCA4E000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xFCA3E000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xFC262000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xFCA32000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xFC99E000 nv_agp.sys 12288 bytes (NVIDIA Corporation, NVIDIA nForce AGP Filter)
0xFCA22000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xFC378000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xFC36C000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xFCAA4000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xFCABA000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xFCAA0000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xFCA8C000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xFCA86000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xFCAA8000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xFCA90000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (VERITAS Software, Inc., Shared Driver Component)
0xFCA96000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xFCA9C000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xFCA8A000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xFCA88000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xFCBC7000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xFCC66000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xFCB4E000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

Now for step two. OK here is the MBR Log.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 106):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xFCA86000 \WINDOWS\system32\KDCOM.DLL
0xFC996000 \WINDOWS\system32\BOOTVID.dll
0xFC586000 Normandy.sys
0xFC537000 ACPI.sys
0xFCA88000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xFC526000 pci.sys
0xFC596000 isapnp.sys
0xFCB4E000 pciide.sys
0xFC806000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xFCA8A000 viaide.sys
0xFCA8C000 intelide.sys
0xFC5A6000 MountMgr.sys
0xFC507000 ftdisk.sys
0xFC80E000 PartMgr.sys
0xFC5B6000 VolSnap.sys
0xFC4EF000 atapi.sys
0xFC5C6000 disk.sys
0xFC5D6000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xFC4CF000 fltmgr.sys
0xFC4BD000 sr.sys
0xFC99A000 PxHelp20.sys
0xFC4AA000 drvmcdb.sys
0xFC493000 KSecDD.sys
0xFC406000 Ntfs.sys
0xFC3F4000 inspect.sys
0xFC3C7000 \WINDOWS\System32\DRIVERS\NDIS.SYS
0xFC816000 \WINDOWS\System32\DRIVERS\TDI.SYS
0xFC99E000 nv_agp.sys
0xFC81E000 SISAGP.sys
0xFC5E6000 viaagp.sys
0xFC3AD000 Mup.sys
0xFC5F6000 agp440.sys
0xFC83E000 \SystemRoot\System32\DRIVERS\RTL8139.SYS
0xFC616000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xFC84E000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xFC85E000 \SystemRoot\System32\DRIVERS\fdc.sys
0xFC626000 \SystemRoot\System32\DRIVERS\imapi.sys
0xFCA90000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xFC636000 \SystemRoot\System32\Drivers\AFS2K.SYS
0xFCA22000 \SystemRoot\system32\drivers\pfc.sys
0xFC646000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xFC656000 \SystemRoot\System32\DRIVERS\redbook.sys
0xFC331000 \SystemRoot\System32\DRIVERS\ks.sys
0xFC876000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xFC30D000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xFC666000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xFCA32000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xFC2F6000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xFC676000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xFC686000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xFC2E5000 \SystemRoot\System32\DRIVERS\psched.sys
0xFC696000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xFC896000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xFC8A6000 \SystemRoot\System32\DRIVERS\raspti.sys
0xFC6A6000 \SystemRoot\System32\DRIVERS\termdd.sys
0xFC8AE000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xFCA96000 \SystemRoot\System32\DRIVERS\swenum.sys
0xFC287000 \SystemRoot\System32\DRIVERS\update.sys
0xFCA42000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xFC6C6000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xFC6D6000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xFCA9C000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xFC8C6000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xFCAA0000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xFCC66000 \SystemRoot\System32\Drivers\Null.SYS
0xFCAA4000 \SystemRoot\System32\Drivers\Beep.SYS
0xFC8E6000 \SystemRoot\system32\drivers\ssrtln.sys
0xFC8EE000 \SystemRoot\System32\drivers\vga.sys
0xFC192000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xFCAA8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xFC8FE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xFC90E000 \SystemRoot\System32\Drivers\Npfs.SYS
0xFC378000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xFC15F000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xFC106000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xFC91E000 \SystemRoot\System32\DRIVERS\cmdhlp.sys
0xFC0E0000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xFC0B8000 \SystemRoot\System32\DRIVERS\netbt.sys
0xFC36C000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xFC096000 \SystemRoot\System32\drivers\afd.sys
0xFC716000 \SystemRoot\System32\DRIVERS\netbios.sys
0xFC06B000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xFBFD3000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xFC93E000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xFBFAF000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xFCA3E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xFC756000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xFC94E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xFC986000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xFC846000 \SystemRoot\system32\DRIVERS\HPZius12.sys
0xFC26A000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xFC262000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xFC766000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xFBF97000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xFCABA000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xFCA4E000 \SystemRoot\System32\drivers\Dxapi.sys
0xFC886000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xFCBC7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\vga256.dll
0xFBE23000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xFBB80000 \SystemRoot\System32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 21):
0 System Idle Process
4 System
388 C:\WINDOWS\system32\smss.exe
444 csrss.exe
468 C:\WINDOWS\system32\winlogon.exe
512 C:\WINDOWS\system32\services.exe
524 C:\WINDOWS\system32\lsass.exe
676 C:\WINDOWS\system32\svchost.exe
760 svchost.exe
868 C:\WINDOWS\system32\svchost.exe
884 svchost.exe
996 svchost.exe
1780 C:\WINDOWS\explorer.exe
160 C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
196 C:\Program Files\Vidalia Bundle\Tor\tor.exe
184 C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
240 C:\Program Files\Internet Explorer\iexplore.exe
264 C:\WINDOWS\system32\ctfmon.exe
980 C:\WINDOWS\system32\notepad.exe
1288 C:\WINDOWS\system32\notepad.exe
1328 C:\Documents and Settings\ADMIN\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`3862a000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

PhysicalDrive0 Model Number: SAMSUNGSV6003H, Rev: QQ100-07

Size Device Name MBR Status
--------------------------------------------
55 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 7D48A7E764A5D83438A39192BFF3677448B54B84


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Allright..., now let me see if I can find those other logs that you asked for and stick them on here.

RATS...! This log is something I had made before I had uninstalled MBAM.

TrojWare.Win32.Agent.NVP@651429 C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoPlay.exe
TrojWare.Win32.Agent.NVP@651429 C:\hp\bin\AUTOPLAY.EXE

It shows one of the things that COMODO had been finding, that was repeating itself up tp eighteen times a second. But I can't figure out how to get to COMODO's logs.

I can find one log in COMODO but it isn't compleate and I can't figure out how to copy it. I thought I had found an export button, but that feature might not work in Safe Mode.

I got to get to bed, so I'll give that another go tomorrow.

Thanks for your help.

Wendy
TRUST NO ONE...! EXCEPT For The Beloved Computer Geek Helping You In The MALWARE FORUMS.

Do Unto Others Before They Have A Chance To Do Unto You.

HP Pavilion 512n [Rescued from a pile of trash on the side of the road] 128 MB SDRAM, 60 GB Hard Drive, Windows XP, Home Edition, SP3, COMODO Anti Vitus and Firewall.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 18 November 2010 - 06:50 PM

Hello, Wendy K. Walker.

Nothing too crazy visible in the logs, although the MBR is 'unknown'. Not bad, just not in the database. Let's run TDSS Killer just in case.

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 21 November 2010 - 12:00 PM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:23 PM

Posted 28 November 2010 - 09:05 AM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users