1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive IE keeps randomly popping up

Discussion in 'Malware and Virus Removal Archive' started by JMabord, 2010/07/31.

Thread Status:
Not open for further replies.
Page 2 of 2
  1. 2010/08/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I understand. We're only in the middle of a cleaning process.
    You may try to copy and paste links for now.
     
    broni,
    #21
  2. 2010/08/01
    JMabord

    JMabord Inactive Thread Starter

    Joined:
    2010/07/31
    Messages:
    18
    Likes Received:
    0
    ComboFix 10-08-01.01 - Joseph 08/01/2010 21:33:05.4.2 - x86 MINIMAL
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1013.695 [GMT -5:00]
    Running from: c:\documents and settings\Joseph\Desktop\ComboFix.exe
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    .

    ((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
    .

    2010-08-01 14:35 . 2010-08-02 00:30 63488 ----a-w- c:\documents and settings\Joseph\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-08-01 14:35 . 2010-08-01 14:35 52224 ----a-w- c:\documents and settings\Joseph\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-08-01 14:35 . 2010-08-02 00:30 117760 ----a-w- c:\documents and settings\Joseph\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-08-01 14:35 . 2010-08-01 14:35 -------- d-----w- c:\documents and settings\Joseph\Application Data\SUPERAntiSpyware.com
    2010-08-01 14:35 . 2010-08-01 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-08-01 14:34 . 2010-08-01 14:35 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-07-31 22:06 . 2010-06-01 16:44 3907584 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    2010-07-31 22:06 . 2010-01-25 16:58 462848 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\ractrlkeyhook.dll
    2010-07-31 22:06 . 2010-01-15 19:26 70984 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
    2010-07-31 22:06 . 2010-01-15 19:25 864256 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianDll.dll
    2010-07-31 22:06 . 2010-01-15 19:25 315392 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardianEvt.dll
    2010-07-31 22:06 . 2010-01-15 19:25 372736 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
    2010-07-31 21:58 . 2010-07-31 21:58 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
    2010-07-28 21:23 . 2010-07-28 21:23 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
    2010-07-28 21:23 . 2010-07-28 21:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-07-25 22:50 . 2010-07-25 22:50 -------- d-----w- c:\program files\Bungie
    2010-07-22 21:37 . 2010-07-23 16:46 -------- d-----w- c:\documents and settings\Joseph\Application Data\Bitrix Security
    2010-07-22 21:37 . 2010-07-22 21:37 51712 ----a-w- c:\documents and settings\NetworkService\Application Data\Bitrix Security\depto.dll
    2010-07-22 21:37 . 2010-07-22 21:37 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Bitrix Security
    2010-07-21 17:54 . 2010-07-21 17:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\AdobeUM
    2010-07-21 17:54 . 2010-07-21 17:54 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
    2010-07-21 17:24 . 2010-07-21 17:24 -------- d-s---w- c:\documents and settings\LocalService\UserData
    2010-07-21 04:47 . 2010-07-21 14:08 -------- d-----w- c:\documents and settings\Joseph\Local Settings\Application Data\ManyCam
    2010-07-21 04:47 . 2010-07-21 04:47 -------- d-----w- c:\program files\ManyCam
    2010-07-21 04:30 . 2010-07-21 04:30 -------- d-s---w- c:\documents and settings\NetworkService\UserData
    2010-07-21 04:19 . 2010-07-21 04:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Mozilla
    2010-07-21 04:13 . 2010-07-21 04:13 -------- d-----w- c:\documents and settings\Joseph\Application Data\92761AAC7BC8227AFB0D4487BD754FCB
    2010-07-20 02:46 . 2010-07-20 02:48 -------- d-----w- c:\documents and settings\Joseph\Local Settings\Application Data\Temp
    2010-07-11 23:27 . 2010-07-11 23:38 24 ----a-w- C:\DUKE3D.BAT
    2010-07-11 23:27 . 2010-07-11 23:27 -------- d-----w- C:\DUKE3D
    2010-07-04 03:43 . 2010-07-04 03:43 -------- d-----w- c:\program files\iPod
    2010-07-04 03:43 . 2010-07-04 03:45 -------- d-----w- c:\program files\iTunes
    2010-07-04 03:39 . 2010-08-02 01:03 -------- d-----w- c:\program files\QuickTime
    2010-07-04 03:27 . 2010-07-04 03:27 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-02 02:15 . 2009-01-08 01:31 -------- d-----w- c:\program files\Symantec AntiVirus
    2010-08-02 01:03 . 2009-01-10 03:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-02 01:03 . 2009-01-08 01:31 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-08-01 03:47 . 2010-07-01 21:40 -------- d-----w- c:\program files\REAPER
    2010-07-30 03:20 . 2009-01-17 00:37 -------- d-----w- c:\documents and settings\Joseph\Application Data\U3
    2010-07-24 14:08 . 2010-05-10 03:34 -------- d-----w- c:\program files\Steam
    2010-07-21 04:47 . 2010-02-16 04:54 -------- d-----w- c:\documents and settings\Joseph\Application Data\ManyCam
    2010-07-10 23:07 . 2010-07-01 21:41 -------- d-----w- c:\documents and settings\Joseph\Application Data\REAPER
    2010-07-04 03:43 . 2009-01-10 01:48 -------- d-----w- c:\program files\Common Files\Apple
    2010-07-04 03:35 . 2009-01-10 01:49 -------- d-----w- c:\program files\Bonjour
    2010-07-01 13:55 . 2009-01-09 17:02 -------- d-----w- c:\program files\2Wire
    2010-06-30 04:02 . 2009-01-08 03:21 71944 ----a-w- c:\documents and settings\Joseph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-06-26 00:14 . 2009-06-03 02:57 46 ----a-w- c:\documents and settings\Joseph\jagex_runescape_preferences.dat
    2010-06-26 00:13 . 2010-06-26 00:02 99 ----a-w- c:\documents and settings\Joseph\jagex_runescape_preferences2.dat
    2010-06-26 00:02 . 2010-06-26 00:02 0 ----a-w- c:\documents and settings\Joseph\jagex__preferences3.dat
    2010-06-21 05:00 . 2010-06-21 05:00 -------- d-----w- c:\program files\Conduit
    2010-06-21 04:59 . 2010-06-21 04:59 -------- d-----w- c:\program files\ARM Software
    2010-06-17 04:36 . 2010-06-17 04:36 -------- d-----w- c:\program files\Nem's Tools
    2010-06-15 18:55 . 2010-01-01 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
    2010-06-15 18:52 . 2010-01-22 17:42 -------- d-----w- c:\documents and settings\Joseph\Application Data\vlc
    2010-06-08 05:00 . 2009-01-10 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-06-08 04:54 . 2009-01-08 01:17 -------- d-----w- c:\program files\Microsoft Works
    2010-06-07 21:29 . 2010-06-07 21:29 -------- d-----w- c:\documents and settings\Joseph\Application Data\AdobeUM
    2010-06-07 21:27 . 2009-01-18 03:45 -------- d-----w- c:\program files\Common Files\Adobe
    2010-06-07 21:26 . 2009-01-08 01:31 -------- d-----w- c:\program files\Symantec
    2010-06-06 21:36 . 2009-01-08 01:03 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-06-06 21:35 . 2010-05-31 18:00 -------- d-----w- c:\program files\Opera
    2010-06-06 21:33 . 2009-03-08 04:54 -------- d-----w- c:\program files\Common Files\AVSMedia
    2010-06-06 21:33 . 2009-03-08 04:53 -------- d-----w- c:\program files\AVS4YOU
    2010-06-06 21:32 . 2009-06-02 18:53 -------- d-----w- c:\program files\Any Video Converter Professional
    2010-06-06 21:32 . 2009-06-02 18:53 -------- d-----w- c:\documents and settings\Joseph\Application Data\Any Video Converter Professional
    2010-05-23 22:50 . 2010-05-28 21:53 73216 ----a-w- c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
    2010-05-18 21:35 . 2010-05-18 21:35 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 21:35 . 2010-05-18 21:35 197920 ----a-w- c:\windows\system32\dnssdX.dll
    2010-05-18 21:35 . 2010-05-18 21:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask .exe -atboottime" [X]
    "ISUSPM Startup "= "c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
    "IgfxTray "= "c:\windows\system32\igfxtray.exe" [2008-10-21 143360]
    "HotKeysCmds "= "c:\windows\system32\hkcmd.exe" [2008-10-21 172032]
    "RTHDCPL "= "RTHDCPL.EXE" [2008-10-28 17331200]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-1-7 50688]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "midi1 "=ma_cmidn.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless USB Utility.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless USB Utility.lnk
    backup=c:\windows\pss\Belkin Wireless USB Utility.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Joseph^Start Menu^Programs^Startup^MagicDisc.lnk]
    path=c:\documents and settings\Joseph\Start Menu\Programs\Startup\MagicDisc.lnk
    backup=c:\windows\pss\MagicDisc.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    2009-04-24 03:16 203928 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-12-29 10:40 687560 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-06-15 21:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-02-06 23:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-05-10 03:35 1238352 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-01-12 20:02 37888 ----a-w- c:\program files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=

    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
    S2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/9/2009 3:13 PM 24652]
    S3 cpuz130;cpuz130;\??\c:\docume~1\Joseph\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Joseph\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 5:06 AM 21632]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [12/30/2004 3:19 PM 153416]
    S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/9/2009 11:39 PM 721904]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{760B8973-48F7-40B2-B360-F7ABD8785E50}]
    2010-07-22 21:37 51712 ----a-w- c:\documents and settings\NetworkService\Application Data\Bitrix Security\depto.dll
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.sbc.com/dsl
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://losthighwayrecords.fancorps.com/includes/ImageUploaderPHP/Scripts/ImageUploader6.cab
    FF - ProfilePath - c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedengine - Google
    FF - prefs.js: browser.startup.homepage - www.reddit.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc_fireftp.dll
    FF - plugin: c:\documents and settings\Joseph\Application Data\Move Networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-HookURL - (no file)
    URLSearchHooks-Rank - (no file)
    Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
    @DACL=(02 0000)
    "PDVDDXSrv "= "\ "c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe\" "

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
    @DACL=(02 0000)
    "Installed "= "1 "
    @=" "

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
    @DACL=(02 0000)
    "NoChange "= "1 "
    "Installed "= "1 "
    @=" "

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
    @DACL=(02 0000)
    "Installed "= "1 "
    @=" "
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(224)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\l3codeca.acm
    c:\windows\system32\vorbis.acm
    c:\windows\system32\sirenacm.dll

    - - - - - - - > 'explorer.exe'(452)
    c:\windows\system32\msi.dll
    .
    Completion time: 2010-08-01 21:42:42
    ComboFix-quarantined-files.txt 2010-08-02 02:42
    ComboFix2.txt 2010-08-02 01:39
    ComboFix3.txt 2010-08-02 00:02

    Pre-Run: 57,190,809,600 bytes free
    Post-Run: 57,182,334,976 bytes free

    - - End Of File - - FA0054C261B5501F8965F6E5ABCA3085
     
    JMabord,
    #22


  3. to hide this advert.

  4. 2010/08/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It looks good now :)

    How are the issues?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    ===============================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
    broni,
    #23
  5. 2010/08/01
    JMabord

    JMabord Inactive Thread Starter

    Joined:
    2010/07/31
    Messages:
    18
    Likes Received:
    0
    The high usage of svchost are gone, that random number/letter file doesn't reappear, I can download updates for my ipod. So it's good. One upside of this incident is that I thought my computer needed more RAM because the excess use of Svchost, so I ordered 2 more gigs of RAM (it had .99 gig of RAM before)

    I'll let you know what happens after the scan.

    Thanks, I really appreciate all the help.
     
    JMabord,
    #24
  6. 2010/08/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    For normal usage, 1gig for XP is plenty...

    Good news though :)
     
    broni,
    #25
  7. 2010/08/01
    JMabord

    JMabord Inactive Thread Starter

    Joined:
    2010/07/31
    Messages:
    18
    Likes Received:
    0
    OTL logfile created on: 8/1/2010 10:17:30 PM - Run 2
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Joseph\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,013.00 Mb Total Physical Memory | 178.00 Mb Available Physical Memory | 18.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 229.77 Gb Total Space | 59.04 Gb Free Space | 25.69% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: JOSEPH-531DCD9B
    Current User Name: Joseph
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/01 22:01:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph\Desktop\OTL.exe
    PRC - [2010/07/23 23:16:16 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/07/23 23:16:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/06/15 16:33:40 | 010,358,072 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
    PRC - [2010/06/10 21:18:20 | 000,019,760 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
    PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/06/03 13:45:42 | 000,012,592 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    PRC - [2007/01/08 16:08:10 | 000,094,208 | ---- | M] () -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
    PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
    PRC - [2004/12/30 15:19:32 | 001,107,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    PRC - [2004/12/30 15:19:26 | 000,030,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
    PRC - [2004/12/10 19:02:34 | 000,243,312 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    PRC - [2004/12/10 19:02:28 | 000,255,600 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    PRC - [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/01 22:01:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph\Desktop\OTL.exe
    MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
    MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
    MOD - [2009/03/06 05:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
    MOD - [2009/02/12 16:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    MOD - [2009/02/12 16:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    MOD - [2008/10/25 12:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
    MOD - [2008/05/13 12:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
    MOD - [2004/08/04 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
    MOD - [2004/08/04 05:00:00 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
    MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
    SRV - File not found [Unknown | Stopped] -- -- (PEVSystemStart)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2009/02/08 23:58:05 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2007/05/28 11:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2007/01/08 16:08:10 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe -- (MA_CMIDI_InstallerService)
    SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    SRV - [2004/12/30 15:19:36 | 000,153,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
    SRV - [2004/12/30 15:19:32 | 001,107,784 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2004/12/30 15:19:26 | 000,030,528 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
    SRV - [2004/12/23 20:19:40 | 000,202,448 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
    SRV - [2004/12/10 19:02:34 | 000,243,312 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
    SRV - [2004/12/10 19:02:32 | 000,087,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
    SRV - [2004/12/10 19:02:28 | 000,255,600 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
    SRV - [2004/10/22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
    DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SABKUTIL.sys -- (SABKUTIL)
    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lmimirr.sys -- (lmimirr)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Joseph\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Joseph\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/07/30 03:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100730.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2010/07/30 03:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100730.002\NAVENG.SYS -- (NAVENG)
    DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/01/23 10:06:45 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2009/02/24 19:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/10/31 12:38:08 | 004,942,336 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2008/10/21 11:17:58 | 006,048,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2008/09/26 16:22:08 | 000,238,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
    DRV - [2008/01/14 05:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
    DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\regi.sys -- (regi)
    DRV - [2006/08/16 09:23:46 | 000,021,888 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
    DRV - [2005/11/10 13:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin)
    DRV - [2005/09/20 17:27:20 | 000,010,368 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
    DRV - [2005/01/07 18:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
    DRV - [2004/12/23 20:19:16 | 000,016,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
    DRV - [2004/10/25 14:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
    DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2004/03/05 00:46:46 | 000,082,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
    DRV - [2004/02/09 16:43:56 | 000,301,200 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
    DRV - [2004/02/09 16:43:56 | 000,037,008 | R--- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
    DRV - [2003/11/17 16:59:20 | 000,212,224 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2003/11/17 16:58:02 | 000,680,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2003/11/17 16:56:26 | 001,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com "
    FF - prefs.js..browser.search.defaultenginename: "Ask.com "
    FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search "
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms} "
    FF - prefs.js..browser.search.order.1: "Ask.com "
    FF - prefs.js..browser.search.selectedengine: "Google "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.search.usedbfororder: true
    FF - prefs.js..browser.startup.homepage: "www.reddit.com "
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
    FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.8
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.%(version)s
    FF - prefs.js..extensions.enabledItems: youtube-comment-snob@efinke.com:1.5
    FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
    FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
    FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.5.8.6
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
    FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&q= "
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/23 23:16:21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/23 23:16:21 | 000,000,000 | ---D | M]

    [2009/01/09 14:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Extensions
    [2010/08/01 09:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions
    [2010/06/20 23:59:53 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    [2010/07/10 23:13:05 | 000,000,000 | ---D | M] (Stylish) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
    [2010/05/28 16:53:45 | 000,000,000 | ---D | M] (FireFTP) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
    [2010/05/28 16:53:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/07/12 21:42:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/07/31 17:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\LogMeInClient@logmein.com
    [2010/04/23 21:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\personas@christopher.beard
    [2010/05/28 16:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\extensions\youtube-comment-snob@efinke.com
    [2009/01/09 15:40:37 | 000,002,005 | ---- | M] () -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\searchplugins\scrapetorrent.xml
    [2009/01/10 02:19:46 | 000,001,779 | ---- | M] () -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\searchplugins\torrentz-search.xml
    [2009/01/09 14:28:07 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\Joseph\Application Data\Mozilla\Firefox\Profiles\3w33w08z.default\searchplugins\youtube-video-search.xml
    [2010/08/01 09:14:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
    [2010/01/12 15:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2010/08/01 20:32:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
    O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://losthighwayrecords.fancorps.com/includes/ImageUploaderPHP/Scripts/ImageUploader6.cab (Image Uploader Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Joseph\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joseph\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/01/07 18:55:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/01 22:03:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/08/01 21:42:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/08/01 15:18:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/01 15:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/08/01 09:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Application Data\SUPERAntiSpyware.com
    [2010/08/01 09:35:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/08/01 09:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/07/31 21:25:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joseph\Desktop\OTL.exe
    [2010/07/31 21:13:59 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Joseph\Desktop\HijackThis.exe
    [2010/07/31 16:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
    [2010/07/30 23:53:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joseph\Recent
    [2010/07/28 16:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
    [2010/07/28 16:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/07/25 17:50:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bungie
    [2010/07/24 12:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/07/24 11:16:49 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Joseph\Desktop\procexp.exe
    [2010/07/22 22:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Desktop\Sega
    [2010/07/22 16:37:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Application Data\Bitrix Security
    [2010/07/22 16:37:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Bitrix Security
    [2010/07/21 12:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
    [2010/07/21 12:54:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
    [2010/07/21 12:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
    [2010/07/21 10:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/07/21 10:12:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/07/20 23:47:27 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam
    [2010/07/20 23:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Local Settings\Application Data\ManyCam
    [2010/07/20 23:45:29 | 013,855,416 | ---- | C] (ManyCam LLC) -- C:\Documents and Settings\Joseph\My Documents\ManyCam.exe
    [2010/07/20 23:31:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/07/20 23:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/07/20 23:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
    [2010/07/20 23:19:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
    [2010/07/20 23:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Application Data\92761AAC7BC8227AFB0D4487BD754FCB
    [2010/07/20 21:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Desktop\NS Raw
    [2010/07/19 21:46:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Local Settings\Application Data\Temp
    [2010/07/11 18:27:38 | 000,000,000 | ---D | C] -- C:\DUKE3D
    [2010/07/08 18:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\My Documents\GTA San Andreas User Files
    [2010/07/03 22:43:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/07/03 22:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/07/03 22:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2010/07/02 17:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Desktop\Mikes Tracks
    [2010/07/01 23:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\My Documents\REAPER Media
    [2010/07/01 16:41:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Application Data\REAPER
    [2010/07/01 16:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\REAPER
    [2010/06/28 16:45:13 | 000,000,000 | ---D | C] -- C:\b6ac945779466ce10f8b3f372b869a
    [2010/06/21 00:00:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Local Settings\Application Data\Conduit
    [2010/06/21 00:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
    [2010/06/20 23:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\ARM Software
    [2010/06/18 07:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Desktop\Iphotos
    [2010/06/16 23:37:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Local Settings\Application Data\Nem's Tools
    [2010/06/16 23:36:34 | 000,000,000 | ---D | C] -- C:\Program Files\Nem's Tools
    [2010/06/16 23:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Desktop\backup
    [2010/06/08 18:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Local Settings\Application Data\hocpewaf
    [2010/06/07 23:52:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
    [2010/06/07 16:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Application Data\AdobeUM
    [2010/06/07 16:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\My Documents\My eBooks
    [2010/06/07 16:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF 6.0
    [2010/06/07 15:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\My Documents\Work
    [2010/05/31 13:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Local Settings\Application Data\Opera
    [2010/05/31 13:00:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Application Data\Opera
    [2010/05/31 13:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
    [2010/05/22 17:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Local Settings\Application Data\dfhdntfqe
    [2010/05/14 11:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2010/05/14 10:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\AIM
    [2010/05/14 10:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
    [2010/05/10 07:06:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\My Documents\GTA Vice City User Files
    [2010/05/09 22:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joseph\Desktop\Vulpes Logo Designs
    [2010/05/09 22:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
    [2010/05/08 18:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\booddanet
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/08/01 22:01:14 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joseph\Desktop\OTL.exe
    [2010/08/01 21:56:32 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/08/01 21:45:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/01 21:45:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/01 21:41:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/01 21:01:38 | 007,340,032 | ---- | M] () -- C:\Documents and Settings\Joseph\ntuser.dat
    [2010/08/01 21:01:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Joseph\ntuser.ini
    [2010/08/01 20:32:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/01 15:18:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/08/01 15:04:30 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Joseph\Desktop\exeHelper.com
    [2010/08/01 15:04:02 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Joseph\Desktop\rkill.com
    [2010/08/01 09:35:02 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Joseph\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/08/01 09:19:56 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Joseph\Desktop\dds.scr
    [2010/08/01 01:53:43 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Joseph\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/07/31 21:14:07 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Joseph\Desktop\HijackThis.exe
    [2010/07/31 19:23:05 | 000,531,654 | ---- | M] () -- C:\Documents and Settings\Joseph\Desktop\Rubber Soul.jpg
    [2010/07/31 16:57:26 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2010/07/31 16:26:57 | 002,118,780 | -H-- | M] () -- C:\Documents and Settings\Joseph\Local Settings\Application Data\IconCache.db
    [2010/07/29 21:13:23 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\Joseph\webct_upload_applet.properties
    [2010/07/25 17:56:38 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Halo.lnk
    [2010/07/25 14:00:16 | 000,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/07/25 14:00:16 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/07/24 23:25:53 | 000,002,245 | ---- | M] () -- C:\Documents and Settings\Joseph\Desktop\vba.ini
    [2010/07/24 10:13:47 | 000,041,870 | ---- | M] () -- C:\details.aspx
    [2010/07/20 23:46:40 | 013,855,416 | ---- | M] (ManyCam LLC) -- C:\Documents and Settings\Joseph\My Documents\ManyCam.exe
    [2010/07/20 23:15:20 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
    [2010/07/12 22:37:25 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\Joseph\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/11 18:38:08 | 000,000,024 | ---- | M] () -- C:\DUKE3D.BAT
    [2010/07/01 16:41:14 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Joseph\Desktop\REAPER.lnk
    [2010/06/30 21:21:12 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
    [2010/06/30 21:12:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/06/29 23:02:02 | 000,071,944 | ---- | M] () -- C:\Documents and Settings\Joseph\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/06/28 22:31:35 | 002,339,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/28 16:49:52 | 000,492,798 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/28 16:49:52 | 000,435,590 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/28 16:49:52 | 000,068,360 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/25 19:14:53 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Joseph\jagex_runescape_preferences.dat
    [2010/06/25 19:13:18 | 000,000,099 | ---- | M] () -- C:\Documents and Settings\Joseph\jagex_runescape_preferences2.dat
    [2010/06/25 19:02:12 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Joseph\jagex__preferences3.dat
    [2010/06/15 14:06:13 | 386,447,359 | ---- | M] () -- C:\STOP_MAKING_SENSE.ISO
    [2010/06/07 16:27:43 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Professional.lnk
    [2010/06/07 16:16:56 | 003,887,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Joseph\Desktop\procexp.exe
    [2010/05/19 12:50:18 | 074,441,014 | ---- | M] () -- C:\Documents and Settings\Joseph\Desktop\Recording Sessions.pdf
    [2010/05/14 11:00:29 | 000,001,126 | -H-- | M] () -- C:\IPH.PH
    [2010/05/14 11:00:17 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Joseph\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2010/05/14 11:00:17 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
    [2010/05/09 22:41:20 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/08/01 15:18:47 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/08/01 15:18:44 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/08/01 15:04:36 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Joseph\Desktop\exeHelper.com
    [2010/08/01 15:04:03 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Joseph\Desktop\rkill.com
    [2010/08/01 09:35:02 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Joseph\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/08/01 09:19:59 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Joseph\Desktop\dds.scr
    [2010/07/31 21:11:12 | 000,007,055 | ---- | C] () -- C:\Documents and Settings\Joseph\resetlog.txt
    [2010/07/31 19:23:03 | 000,531,654 | ---- | C] () -- C:\Documents and Settings\Joseph\Desktop\Rubber Soul.jpg
    [2010/07/31 16:57:24 | 000,001,024 | ---- | C] () -- C:\.rnd
    [2010/07/25 17:56:38 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Halo.lnk
    [2010/07/24 10:13:46 | 000,041,870 | ---- | C] () -- C:\details.aspx
    [2010/07/20 23:15:11 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
    [2010/07/20 23:06:02 | 000,012,057 | ---- | C] () -- C:\Documents and Settings\Joseph\hs_err_pid3812.log
    [2010/07/11 18:27:38 | 000,000,024 | ---- | C] () -- C:\DUKE3D.BAT
    [2010/07/10 19:16:47 | 000,010,902 | ---- | C] () -- C:\Documents and Settings\Joseph\hs_err_pid3344.log
    [2010/07/04 12:15:12 | 000,010,902 | ---- | C] () -- C:\Documents and Settings\Joseph\hs_err_pid424.log
    [2010/07/03 22:45:05 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/07/01 16:41:14 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Joseph\Desktop\REAPER.lnk
    [2010/06/30 00:02:47 | 007,340,032 | ---- | C] () -- C:\Documents and Settings\Joseph\ntuser.dat
    [2010/06/25 19:02:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Joseph\jagex__preferences3.dat
    [2010/06/25 19:02:11 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Joseph\jagex_runescape_preferences2.dat
    [2010/06/15 13:56:18 | 386,447,359 | ---- | C] () -- C:\STOP_MAKING_SENSE.ISO
    [2010/06/07 16:27:43 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Professional.lnk
    [2010/05/31 22:11:58 | 000,010,901 | ---- | C] () -- C:\Documents and Settings\Joseph\hs_err_pid1384.log
    [2010/05/24 19:08:34 | 000,011,216 | ---- | C] () -- C:\Documents and Settings\Joseph\hs_err_pid3016.log
    [2010/05/22 21:47:07 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\Joseph\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/05/19 12:29:09 | 074,441,014 | ---- | C] () -- C:\Documents and Settings\Joseph\Desktop\Recording Sessions.pdf
    [2010/05/14 11:00:17 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\Joseph\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
    [2010/05/14 11:00:17 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
    [2010/05/09 22:34:46 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
    [2009/12/30 11:50:18 | 000,000,026 | ---- | C] () -- C:\WINDOWS\dvdSanta.INI
    [2009/10/24 16:38:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Smile.ini
    [2009/08/26 11:25:53 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2009/04/01 22:26:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
    [2009/01/09 14:44:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
    [2009/01/07 20:13:20 | 000,000,167 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/01/07 19:07:43 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
    [2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2008/11/06 11:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
    [2008/11/06 11:34:00 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
    [2008/11/06 11:33:02 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
    [2005/07/12 15:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
    [2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
    [2004/03/23 17:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
    [2002/07/05 09:12:06 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\authdvd.dll
    [2000/11/29 10:50:40 | 000,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll

    ========== LOP Check ==========

    [2010/03/02 15:52:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
    [2009/01/09 15:13:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
    [2010/05/14 11:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
    [2010/03/28 13:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CopyTransControlCenter
    [2009/01/19 20:04:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009/01/09 14:36:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
    [2009/05/05 23:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ID3-TagIT 3
    [2009/06/04 00:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2009/07/10 19:18:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2010/03/28 13:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
    [2009/01/09 14:34:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
    [2010/03/28 14:29:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2009/08/31 22:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2009/10/25 12:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\.purple
    [2010/07/20 23:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\92761AAC7BC8227AFB0D4487BD754FCB
    [2010/03/03 15:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Ableton
    [2009/01/09 15:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\acccore
    [2009/08/09 14:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Antares
    [2010/06/06 16:32:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Any Video Converter Professional
    [2010/07/23 11:46:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Bitrix Security
    [2010/03/27 10:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\CopyTrans
    [2009/03/01 21:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\CopyTransControlCenter
    [2010/01/09 12:39:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Crayon Physics Deluxe
    [2009/01/19 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\DAEMON Tools
    [2009/01/19 20:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\DAEMON Tools Lite
    [2009/01/19 20:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\DAEMON Tools Pro
    [2009/09/21 00:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\gtk-2.0
    [2009/05/05 23:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\ID3-TagIT 3
    [2009/12/31 23:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\ImgBurn
    [2010/01/07 16:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\iZotope
    [2009/10/30 12:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\M05
    [2010/07/20 23:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\ManyCam
    [2009/01/09 22:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\NetMedia Providers
    [2010/05/31 13:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Opera
    [2009/01/09 22:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Publish Providers
    [2010/07/10 18:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\REAPER
    [2009/11/16 23:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\SecondLife
    [2009/10/04 10:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Sony
    [2009/06/03 22:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Sony Setup
    [2010/03/06 13:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\SystemRequirementsLab
    [2009/01/07 22:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Template
    [2009/01/09 14:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Uniblue
    [2010/08/01 20:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\uTorrent
    [2009/01/16 16:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\Viewpoint
    [2010/03/28 14:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joseph\Application Data\WindSolutions

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/07/31 16:57:26 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2009/01/07 18:55:34 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/07/25 14:00:16 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/01 15:18:48 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/08/01 21:42:43 | 000,020,889 | ---- | M] () -- C:\ComboFix.txt
    [2009/01/07 18:55:34 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/07/24 10:13:47 | 000,041,870 | ---- | M] () -- C:\details.aspx
    [2010/07/11 18:38:08 | 000,000,024 | ---- | M] () -- C:\DUKE3D.BAT
    [2010/07/24 10:13:38 | 000,003,038 | ---- | M] () -- C:\fix_svchost.bat.txt
    [2010/03/21 12:43:34 | 440,146,224 | ---- | M] () -- C:\Image.bin
    [2010/03/21 12:43:35 | 000,000,435 | ---- | M] () -- C:\Image.cue
    [2009/01/07 18:55:34 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/05/14 11:00:29 | 000,001,126 | -H-- | M] () -- C:\IPH.PH
    [2009/01/25 21:15:33 | 000,000,021 | ---- | M] () -- C:\log-other.txt
    [2009/01/07 18:55:34 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/04 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2010/08/01 21:45:16 | 1593,470,976 | -HS- | M] () -- C:\pagefile.sys
    [2010/08/01 18:49:41 | 000,000,371 | ---- | M] () -- C:\rkill.log
    [2010/06/15 14:06:13 | 386,447,359 | ---- | M] () -- C:\STOP_MAKING_SENSE.ISO
    [2009/09/03 08:53:19 | 000,486,892 | ---- | M] () -- C:\vcredist_x86.log
    [2010/07/20 23:15:20 | 000,000,150 | ---- | M] () -- C:\zrpt.xml

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2009/01/07 12:45:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/01/07 12:45:43 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/01/07 12:45:43 | 000,909,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2004/08/04 05:00:00 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=C72661F8552ACE7C5C85E16A3CF505C4 -- C:\WINDOWS\system32\user32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2004/08/04 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp
     
    Last edited: 2010/08/01
    JMabord,
    #26
  8. 2010/08/01
    JMabord

    JMabord Inactive Thread Starter

    Joined:
    2010/07/31
    Messages:
    18
    Likes Received:
    0
    Extras.TXT did pop up.
     
    JMabord,
    #27
  9. 2010/08/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Did, or didn't?

    OTL.txt is incomplete.
     
    broni,
    #28
  10. 2010/08/01
    JMabord

    JMabord Inactive Thread Starter

    Joined:
    2010/07/31
    Messages:
    18
    Likes Received:
    0
    Did not pop up, sorry about that.

    And I edited the OTL.Txt with the full report. For some reason the internet keeps timing out when I try to post it.
     
    Last edited: 2010/08/01
    JMabord,
    #29
  11. 2010/08/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    It's still incomplete.
    It should end with <End of report> wording.
     
    broni,
    #30
  12. 2010/08/01
    JMabord

    JMabord Inactive Thread Starter

    Joined:
    2010/07/31
    Messages:
    18
    Likes Received:
    0
    :( Some douche hacked my paypal and sent $97 to himself :( ****!!!!
     
    JMabord,
    #31
  13. 2010/08/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I hate to hear it :(

    Make sure to change your password...
     
    broni,
    #32
Page 2 of 2
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...