Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cmd.exe pops up a dark window after logging in to Windows Vista; does

Started by boomsheika , Feb 05 2011 09:22 PM

  • Please log in to reply

#1
boomsheika
Posted 05 February 2011 - 09:22 PM

boomsheika

    New Member

  • Member
  • Pip
  • 2 posts
Hello,

Friend's little brother "borrowed" my computer while I was logged on Windows Vista (as administrator), installed and downloaded some game. I suspect I have a trojan of some sort on my computer's command prompt: after logging in, a window for cmd.exe pops up but the window is all black, along with the screen behind it. Sometimes it goes away on its own and Vista loads; other times I have to close the window box for the GUI to load. I have rebooted it numerous times before figuring that it might be a trojan - oops.

Now in Safe Mode, tried to run ComboFix but was unable to disable Windows Security Essentials beforehand (it was renamed in Program Files to Windows Security Client also, and even though it says Real Time protection is off, nevertheless ComboFix couldn't run and I don't know how to make it so).

I cannot swap out my cmd.exe file: access denied, and command prompt is what I need to replace (I think?). Even though Malwarebytes says I am clean, SuperAntiSpyware doesn't load, and Windows Security Essentials has been renamed to Windows Security Client where it also shows that real time protection is off -- ComboFix doesn't run. Zounds!

I notice that I have 4 NTUSER.DAT files in my administrator User Files: 1 BLF, 2 REGTRANS-MS file, and a regular DAT file (file types). I need help on fixing this, please. (I also need to change my password screensaver down to 1 minute instead of 2 when leaving in the living room). Thank you for reading.

OLDTIMER:

OTL logfile created on: 2/5/2011 8:56:12 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = E:\downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.78 Gb Total Space | 20.47 Gb Free Space | 29.34% Space Free | Partition Type: NTFS
Drive D: | 7.59 Gb Total Space | 1.78 Gb Free Space | 23.40% Space Free | Partition Type: NTFS
Drive E: | 59.22 Gb Total Space | 11.09 Gb Free Space | 18.72% Space Free | Partition Type: NTFS
Drive G: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.77 Gb Total Space | 0.00 Gb Free Space | 0.05% Space Free | Partition Type: FAT32
Drive I: | 17.59 Mb Total Space | 17.24 Mb Free Space | 98.00% Space Free | Partition Type: FAT
Drive J: | 465.73 Gb Total Space | 286.97 Gb Free Space | 61.62% Space Free | Partition Type: NTFS

Computer Name: FUNKYJUNK | User Name: LaZy SpiCe | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/05 20:55:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- E:\downloads\OTL.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/12/11 20:30:09 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/11 20:30:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/05/23 00:39:34 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 02:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe


========== Modules (SafeList) ==========

MOD - [2011/02/05 20:55:44 | 000,602,624 | ---- | M] (OldTimer Tools) -- E:\downloads\OTL.exe
MOD - [2010/08/31 10:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WDSC)
SRV - File not found [Auto | Stopped] -- -- (WDFME)
SRV - File not found [Auto | Stopped] -- -- (AWService)
SRV - [2010/11/11 12:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/07/28 10:36:12 | 000,005,120 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Prio\prio_svc.exe -- (prio_svc)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/22 18:21:52 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)


========== Driver Services (SafeList) ==========

DRV - [2010/10/24 21:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010/10/24 21:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/07/28 10:36:28 | 000,051,408 | ---- | M] (Xeno) [Kernel | System | Running] -- C:\Windows\System32\drivers\prio.sys -- (prio)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/06/16 17:14:18 | 002,375,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/02/11 18:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/19 00:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/12/22 10:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/22 10:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/22 10:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/12/19 11:18:28 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/11/25 01:17:42 | 000,792,368 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2006/11/03 03:29:00 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 02:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/10/25 20:36:48 | 000,042,240 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2006/10/25 20:36:44 | 000,076,928 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2006/10/25 20:36:36 | 000,062,208 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2006/10/23 17:17:32 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/10/15 17:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/13 14:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/06/30 15:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\osaio.sys -- (osaio)
DRV - [2005/05/02 11:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/01/14 14:57:16 | 000,004,010 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\osanbm.sys -- (osanbm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.gmail.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...nampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.gmail.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.95.20100933
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {e411bb40-b04c-11d8-92e7-00d09e0179f2}:1.8.0
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: {B9C8BE50-7105-4ec6-8FB4-4935C0671648}:0.5.995
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {ec268e28-22c6-4a6c-ac22-635cabee283c}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.1.14019
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {62760FD6-B943-48C9-AB09-F99C6FE96088}:2.1.6
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.72.0
FF - prefs.js..extensions.enabledItems: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.5.1
FF - prefs.js..keyword.URL: "http://slirsredirect...inampab&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/06 19:42:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 20:30:15 | 000,000,000 | ---D | M]

[2010/03/13 20:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Extensions
[2011/02/05 20:55:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions
[2010/09/24 16:41:12 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/12/14 18:27:46 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2011/01/05 16:55:58 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/09/22 20:35:47 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010/11/26 16:49:23 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010/03/13 20:15:16 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2011/01/23 22:55:40 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}
[2010/07/25 17:57:06 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/03/13 19:56:21 | 000,000,000 | ---D | M] ("Gmail Space") -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2011/01/03 16:40:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/19 18:56:37 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/07/14 20:22:05 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/03/13 20:33:03 | 000,000,000 | ---D | M] (Firesomething) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{e411bb40-b04c-11d8-92e7-00d09e0179f2}
[2010/10/22 19:29:24 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/03/13 22:14:15 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/02/09 17:29:30 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2010/11/18 16:37:10 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/11/06 22:28:35 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\[email protected]
[2011/01/18 18:38:43 | 000,000,000 | ---D | M] (IE Tab Plus) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\[email protected]
[2011/01/22 08:00:24 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\[email protected]
[2010/10/31 11:09:58 | 000,000,000 | ---D | M] (Foxit Toolbar) -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\extensions\[email protected]
[2009/07/27 14:43:26 | 000,001,196 | ---- | M] () -- C:\Users\LaZy SpiCe\AppData\Roaming\Mozilla\Firefox\Profiles\hqk2pc65.default\searchplugins\winamp-search.xml
[2011/02/05 18:50:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/08 15:59:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/03/13 21:45:11 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (LastPass Browser Helper Object) - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (LastPass Toolbar) - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cdloader] C:\Users\LaZy SpiCe\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [] File not found
O4 - HKLM..\RunOnce: [GrpConv] C:\Windows\System32\grpconv.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-F1N8S.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\LaZy SpiCe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\TRiLLiaN\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\LaZy SpiCe\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll (LastPass)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 156.154.119.11 156.154.129.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: E:\windows pictures\background-frames\Vitreous_Butterfly.jpg
O24 - Desktop BackupWallPaper: E:\windows pictures\background-frames\Vitreous_Butterfly.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 000,027,992 | R--- | M] (magicJack L.P.) - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 000,016,158 | R--- | M] () - G:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 000,000,308 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 000,706,144 | R--- | M] (magicJack L.P.) - G:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 000,000,270 | ---- | M] () - I:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{ce32ae42-f756-11df-9a58-0016d4d808ed}\Shell - "" = AutoRun
O33 - MountPoints2\{ce32ae42-f756-11df-9a58-0016d4d808ed}\Shell\AutoRun\command - "" = J:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/05 19:00:55 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/02/05 19:00:55 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/02/05 19:00:54 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/02/05 19:00:41 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/02/05 18:53:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/02/05 18:53:42 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/02/05 18:28:20 | 000,000,000 | R--D | C] -- C:\Users\LaZy SpiCe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware - Shortcut
[2011/02/05 17:19:19 | 000,000,000 | ---D | C] -- C:\Users\LaZy SpiCe\AppData\Roaming\SUPERAntiSpyware.com
[2011/02/05 17:19:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/02/05 17:18:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/05 17:16:30 | 000,000,000 | ---D | C] -- C:\Users\LaZy SpiCe\AppData\Roaming\Malwarebytes
[2011/02/05 17:16:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/02/05 17:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/05 17:16:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/05 17:16:18 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/02/05 17:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/05 16:46:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/02/05 16:45:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/05 16:28:29 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/01/25 20:21:08 | 000,000,000 | ---D | C] -- C:\Windows\TempC35A1DEA-8FE0-300D-0272-621847ECE95D-Signatures
[2011/01/25 20:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/01/22 11:17:10 | 000,000,000 | ---D | C] -- C:\Users\LaZy SpiCe\Desktop\moozak
[2011/01/18 18:34:55 | 000,000,000 | ---D | C] -- C:\Users\LaZy SpiCe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
[2011/01/18 18:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
[2009/08/18 16:15:27 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/05 20:58:50 | 000,001,356 | ---- | M] () -- C:\Users\LaZy SpiCe\AppData\Local\d3d9caps.dat
[2011/02/05 20:54:14 | 000,603,844 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/02/05 20:54:14 | 000,104,554 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/02/05 20:47:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/02/05 20:44:52 | 000,709,456 | ---- | M] () -- C:\Windows\is-F1N8S.exe
[2011/02/05 20:44:52 | 000,010,562 | ---- | M] () -- C:\Windows\is-F1N8S.msg
[2011/02/05 20:44:52 | 000,000,934 | ---- | M] () -- C:\Users\LaZy SpiCe\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/05 20:44:52 | 000,000,322 | ---- | M] () -- C:\Windows\is-F1N8S.lst
[2011/02/05 18:28:08 | 000,000,719 | ---- | M] () -- C:\Users\LaZy SpiCe\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware - Shortcut.lnk
[2011/02/05 17:18:40 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/05 16:45:39 | 004,264,054 | R--- | M] () -- C:\Users\LaZy SpiCe\Desktop\ComboFix.exe
[2011/02/05 16:28:23 | 000,000,036 | ---- | M] () -- C:\Users\LaZy SpiCe\AppData\Local\housecall.guid.cache
[2011/02/05 16:16:04 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/05 16:16:04 | 000,003,696 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/05 16:06:05 | 000,000,916 | ---- | M] () -- C:\Users\LaZy SpiCe\Desktop\magicJack.lnk
[2011/02/05 15:16:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3427474510-1933968507-2412266195-1000UA.job
[2011/02/05 12:12:11 | 000,043,008 | ---- | M] () -- C:\Users\LaZy SpiCe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/04 23:55:32 | 366,774,272 | ---- | M] () -- C:\Users\LaZy SpiCe\Desktop\The.Good.Wife.S02E09.HDTV.XviD-LOL.[VTV].avi
[2011/02/04 23:04:36 | 366,763,370 | ---- | M] () -- C:\Users\LaZy SpiCe\Desktop\The.Good.Wife.S02E12.HDTV.XviD-LOL.[VTV].avi
[2011/02/04 20:16:00 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3427474510-1933968507-2412266195-1000Core.job
[2011/02/02 19:28:50 | 000,000,467 | ---- | M] () -- C:\Users\LaZy SpiCe\AppData\Roaming\prio.ini
[2011/01/25 20:23:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011/01/18 19:05:02 | 000,001,671 | ---- | M] () -- C:\Users\LaZy SpiCe\Desktop\stmt_y4.qif
[2011/01/18 18:27:08 | 000,103,433 | ---- | M] () -- C:\Users\LaZy SpiCe\Desktop\MyStatementsControl
[2011/01/18 18:26:58 | 000,103,433 | ---- | M] () -- C:\Users\LaZy SpiCe\Desktop\eStmt_07_29_2009.pdf
[2011/01/06 21:10:42 | 000,093,259 | ---- | M] () -- C:\Users\LaZy SpiCe\Desktop\mmmcrafts3DOwlArtLO.pdf
[2011/01/06 21:07:19 | 000,450,205 | ---- | M] () -- C:\Users\LaZy SpiCe\Desktop\ Zippered Wristlet_Pouch Made Easy.pdf
[2011/01/06 21:04:40 | 000,330,628 | ---- | M] () -- C:\Users\LaZy SpiCe\Desktop\Notes on Small Messenger Bag.pdf
[2011/01/06 21:01:10 | 000,922,308 | ---- | M] () -- C:\Users\LaZy SpiCe\Desktop\Messenger Bag with Zip Top Closure.pdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/05 20:54:16 | 000,009,019 | ---- | C] () -- C:\Users\LaZy SpiCe\no run.txt
[2011/02/05 20:44:52 | 000,709,456 | ---- | C] () -- C:\Windows\is-F1N8S.exe
[2011/02/05 20:44:52 | 000,010,562 | ---- | C] () -- C:\Windows\is-F1N8S.msg
[2011/02/05 20:44:52 | 000,000,322 | ---- | C] () -- C:\Windows\is-F1N8S.lst
[2011/02/05 19:02:52 | 000,005,033 | ---- | C] () -- C:\Users\LaZy SpiCe\_so far.txt
[2011/02/05 19:00:55 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/02/05 19:00:55 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/02/05 19:00:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/02/05 19:00:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/02/05 19:00:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/02/05 18:43:53 | 000,003,088 | ---- | C] () -- C:\Users\LaZy SpiCe\cmd exe Virus Scan Result.txt
[2011/02/05 18:28:08 | 000,000,719 | ---- | C] () -- C:\Users\LaZy SpiCe\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware - Shortcut.lnk
[2011/02/05 18:27:59 | 000,000,934 | ---- | C] () -- C:\Users\LaZy SpiCe\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/02/05 17:18:40 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/02/05 17:01:36 | 000,002,768 | ---- | C] () -- C:\Users\LaZy SpiCe\opening cmd file.txt
[2011/02/05 17:01:10 | 000,003,773 | ---- | C] () -- C:\Users\LaZy SpiCe\delete access denied files.txt
[2011/02/05 17:00:51 | 000,000,919 | ---- | C] () -- C:\Users\LaZy SpiCe\view & remove hidden files & folders.txt
[2011/02/05 17:00:08 | 000,003,679 | ---- | C] () -- C:\Users\LaZy SpiCe\0.txt
[2011/02/05 16:59:24 | 000,002,768 | ---- | C] () -- C:\Users\LaZy SpiCe\1.txt
[2011/02/05 16:59:06 | 000,001,007 | ---- | C] () -- C:\Users\LaZy SpiCe\2.txt
[2011/02/05 16:45:25 | 004,264,054 | R--- | C] () -- C:\Users\LaZy SpiCe\Desktop\ComboFix.exe
[2011/02/05 16:28:23 | 000,000,036 | ---- | C] () -- C:\Users\LaZy SpiCe\AppData\Local\housecall.guid.cache
[2011/02/04 23:17:10 | 366,774,272 | ---- | C] () -- C:\Users\LaZy SpiCe\Desktop\The.Good.Wife.S02E09.HDTV.XviD-LOL.[VTV].avi
[2011/02/04 22:41:06 | 366,763,370 | ---- | C] () -- C:\Users\LaZy SpiCe\Desktop\The.Good.Wife.S02E12.HDTV.XviD-LOL.[VTV].avi
[2011/01/25 20:23:38 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011/01/18 19:05:01 | 000,001,671 | ---- | C] () -- C:\Users\LaZy SpiCe\Desktop\stmt_y4.qif
[2011/01/18 18:27:08 | 000,103,433 | ---- | C] () -- C:\Users\LaZy SpiCe\Desktop\MyStatementsControl
[2011/01/18 18:26:56 | 000,103,433 | ---- | C] () -- C:\Users\LaZy SpiCe\Desktop\eStmt_07_29_2009.pdf
[2011/01/06 21:10:41 | 000,093,259 | ---- | C] () -- C:\Users\LaZy SpiCe\Desktop\mmmcrafts3DOwlArtLO.pdf
[2011/01/06 21:06:20 | 000,450,205 | ---- | C] () -- C:\Users\LaZy SpiCe\Desktop\ Zippered Wristlet_Pouch Made Easy.pdf
[2011/01/06 21:04:38 | 000,330,628 | ---- | C] () -- C:\Users\LaZy SpiCe\Desktop\Notes on Small Messenger Bag.pdf
[2011/01/06 21:01:09 | 000,922,308 | ---- | C] () -- C:\Users\LaZy SpiCe\Desktop\Messenger Bag with Zip Top Closure.pdf
[2010/11/12 13:33:53 | 000,000,292 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/09/01 18:43:34 | 000,001,356 | ---- | C] () -- C:\Users\LaZy SpiCe\AppData\Local\d3d9caps.dat
[2010/08/24 20:13:55 | 000,000,467 | ---- | C] () -- C:\Users\LaZy SpiCe\AppData\Roaming\prio.ini
[2010/04/13 18:48:27 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2010/03/14 00:56:37 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2009/08/29 18:15:15 | 000,043,008 | ---- | C] () -- C:\Users\LaZy SpiCe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/29 16:38:20 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/08/29 16:38:11 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2009/08/29 16:38:00 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini
[2009/08/18 16:15:27 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2009/07/30 20:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/27 14:37:13 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/07/27 14:37:08 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/07/27 14:23:34 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009/07/20 14:40:53 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll
[2009/07/10 14:45:41 | 000,076,407 | ---- | C] () -- C:\Users\LaZy SpiCe\AppData\Roaming\Smiley.ico
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/02 11:13:42 | 000,009,600 | ---- | C] () -- C:\Windows\System32\drivers\NETMNT.sys
[2003/12/29 19:45:08 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ServiceControl.dll

========== LOP Check ==========

[2009/08/29 13:00:20 | 000,000,000 | ---D | M] -- C:\Users\LaZy SpiCe\AppData\Roaming\Acer
[2010/07/25 17:57:01 | 000,000,000 | ---D | M] -- C:\Users\LaZy SpiCe\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/03/13 21:45:32 | 000,000,000 | ---D | M] -- C:\Users\LaZy SpiCe\AppData\Roaming\Foxit
[2010/03/14 00:41:29 | 000,000,000 | ---D | M] -- C:\Users\LaZy SpiCe\AppData\Roaming\Foxit Software
[2011/02/05 16:06:10 | 000,000,000 | ---D | M] -- C:\Users\LaZy SpiCe\AppData\Roaming\mjusbsp
[2010/10/08 13:43:33 | 000,000,000 | ---D | M] -- C:\Users\LaZy SpiCe\AppData\Roaming\OpenCandy
[2011/01/15 23:23:59 | 000,000,000 | ---D | M] -- C:\Users\LaZy SpiCe\AppData\Roaming\PrimoPDF
[2010/11/27 00:01:56 | 000,000,000 | ---D | M] -- C:\Users\LaZy SpiCe\AppData\Roaming\SendSpace Wizard
[2010/09/04 13:01:22 | 000,000,000 | ---D | M] -- C:\Users\LaZy SpiCe\AppData\Roaming\SoftGrid Client
[2010/06/24 22:43:22 | 000,000,000 | ---D | M] -- C:\Users\LaZy SpiCe\AppData\Roaming\TP
[2010/03/13 22:34:52 | 000,000,000 | ---D | M] -- C:\Users\LaZy SpiCe\AppData\Roaming\Trillian
[2010/10/08 14:24:27 | 000,000,000 | ---D | M] -- C:\Users\LaZy SpiCe\AppData\Roaming\Uniblue
[2011/02/05 13:04:20 | 000,000,000 | ---D | M] -- C:\Users\LaZy SpiCe\AppData\Roaming\uTorrent
[2011/02/05 16:16:00 | 000,032,564 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   81.21KB   77 downloads

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP