Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

remnants of rootkit


  • Please log in to reply

#1
Joshsh3

Joshsh3

    New Member

  • Member
  • Pip
  • 7 posts
I attempted to clean my system without assistance, I ran Super AntiSpyware, Malwarebytes, combofix, and tdsskiller and now each reports that my system is clean but I am still getting reports from malwarebytes of outgoing malicious website attempts. Could someone help me finish this thing off?



OTL logfile created on: 6/26/2011 10:19:44 AM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Joshua\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 41.20% Memory free
2.83 Gb Paging File | 1.85 Gb Available in Paging File | 65.19% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 14.38 Gb Free Space | 19.30% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 975.63 Mb Total Space | 24.81 Mb Free Space | 2.54% Space Free | Partition Type: FAT
Drive J: | 465.76 Gb Total Space | 343.98 Gb Free Space | 73.85% Space Free | Partition Type: NTFS

Computer Name: COMPUTER1 | User Name: Joshua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/26 10:13:19 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joshua\Desktop\OTL.exe
PRC - [2011/06/25 07:47:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/05 12:43:58 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Joshua\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/21 07:54:06 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:50 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/21 07:53:34 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/16 03:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2010/01/19 12:48:52 | 000,323,280 | ---- | M] (Napster) -- C:\Program Files\Napster\napster.exe
PRC - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/26 10:13:19 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joshua\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/12 12:18:00 | 004,006,192 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2011/04/21 07:53:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/21 07:53:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/06/17 12:37:10 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/17 12:37:10 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/17 15:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2005/06/06 03:40:48 | 000,180,736 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/24 21:11:00 | 001,350,272 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 EA 6B A0 CB 1A CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.1


FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 07:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/02 06:10:50 | 000,000,000 | ---D | M]

[2010/05/22 00:52:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joshua\Application Data\Mozilla\Extensions
[2011/05/26 06:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\4y98bvb6.default\extensions
[2010/11/13 23:05:58 | 000,000,000 | ---D | M] (Firesheep) -- C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\4y98bvb6.default\extensions\[email protected]
[2011/05/26 06:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/08 22:12:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2010/05/23 15:12:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSHUA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4Y98BVB6.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2010/05/23 15:12:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/05/23 03:01:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/25 07:47:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/05/23 15:12:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/19 12:48:52 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/21 16:11:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Joshua\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1307297725328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/22 00:50:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/19 12:56:20 | 000,000,000 | R--D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2006/07/20 18:56:36 | 000,253,952 | R--- | M] (Firaxis Games) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/07/24 13:33:33 | 000,007,974 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/06/19 10:12:50 | 000,000,163 | -HS- | M] () - I:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2010/05/22 00:51:01 | 000,000,062 | ---- | M] () - J:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/26 10:13:18 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joshua\Desktop\OTL.exe
[2011/06/24 15:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\Photo Album1
[2011/06/24 15:31:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/24 04:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\MIT+Guide+to+Lockpicking_files
[2011/06/21 17:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\tdsskiller
[2011/06/21 17:02:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/06/21 17:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Application Data\Avira
[2011/06/21 16:56:59 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\Joshua\Desktop\dds.com
[2011/06/21 16:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/06/21 16:51:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/06/21 16:51:29 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/21 16:51:28 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/21 16:51:28 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/06/21 16:51:28 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/06/21 16:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/06/21 16:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/06/21 15:50:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/21 15:45:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/21 15:45:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/21 15:45:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/21 15:45:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/21 15:43:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/21 15:43:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/21 04:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/06/21 04:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Local Settings\Application Data\PackageAware
[2011/06/19 21:47:02 | 004,133,944 | R--- | C] (Swearware) -- C:\Documents and Settings\Joshua\Desktop\ComboFix.exe
[2011/06/19 21:37:43 | 000,645,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joshua\Desktop\OTS.exe
[2011/06/19 17:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\Photo Album
[2011/06/19 16:35:28 | 000,000,000 | ---D | C] -- C:\Pictures
[2011/06/19 13:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/19 13:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/19 09:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/19 09:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/18 18:18:30 | 020,367,424 | ---- | C] (The GIMP Team ) -- C:\Documents and Settings\Joshua\Desktop\gimp-2.6.11-i686-setup-1.exe
[2011/06/17 20:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Application Data\gtk-2.0
[2011/06/17 20:21:47 | 000,000,000 | ---D | C] -- C:\save
[2011/06/17 20:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Python 2.7
[2011/06/17 20:12:21 | 000,000,000 | ---D | C] -- C:\Python27
[2011/06/17 20:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Application Data\gedit
[2011/06/17 20:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\.gconfd
[2011/06/17 20:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\.gconf
[2011/06/17 20:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\gedit
[2011/06/17 19:22:54 | 023,918,572 | ---- | C] (GNOME ) -- C:\Documents and Settings\Joshua\Desktop\gedit-setup-2.30.1-1.exe
[2011/06/12 15:09:18 | 002,206,720 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\python27.dll
[2011/06/11 09:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\My Documents\My Music2
[2011/06/05 22:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\supreme_personality_0902_librivox_64kb_mp3
[2011/06/05 12:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Start Menu\Programs\SanDisk
[2011/06/05 12:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Application Data\SanDisk
[2011/06/05 12:43:33 | 000,360,328 | ---- | C] (SanDisk Corporation) -- C:\Documents and Settings\Joshua\Desktop\SansaUpdaterInstall.exe
[2011/06/05 12:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Application Data\Roxio
[2011/06/02 06:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\Spanish
[2011/05/31 06:52:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\Shakespear's Sonnets
[2011/05/31 06:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\Mind and Brain
[2011/05/31 06:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\Civil Disobedience
[2011/05/30 15:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Napster
[2011/05/30 15:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2011/05/30 15:05:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Napster Shared
[2011/05/30 15:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/05/30 15:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\Napster
[2011/05/30 15:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Application Data\InstallShield
[2011/05/29 10:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\Walden
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/26 10:13:19 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joshua\Desktop\OTL.exe
[2011/06/24 04:05:26 | 000,030,312 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\MIT+Guide+to+Lockpicking.htm
[2011/06/21 17:15:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/21 17:10:34 | 001,309,375 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\tdsskiller.zip
[2011/06/21 16:57:59 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\gmer.zip
[2011/06/21 16:56:59 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\Joshua\Desktop\dds.com
[2011/06/21 16:51:49 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/21 16:44:30 | 061,026,890 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\avira_antivir_personal_en.zip
[2011/06/21 16:11:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/21 15:50:54 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/21 15:44:30 | 004,133,944 | R--- | M] (Swearware) -- C:\Documents and Settings\Joshua\Desktop\ComboFix.exe
[2011/06/21 04:25:32 | 000,970,509 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\EFRCSetup.exe
[2011/06/21 04:05:52 | 000,011,634 | ---- | M] () -- C:\Documents and Settings\Joshua\My Documents\regbackup1.reg
[2011/06/21 04:03:31 | 000,213,280 | ---- | M] () -- C:\Documents and Settings\Joshua\My Documents\regbackup.reg
[2011/06/19 21:37:53 | 000,645,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joshua\Desktop\OTS.exe
[2011/06/19 17:59:00 | 140,710,182 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\Photo Album.zip
[2011/06/19 17:34:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/19 08:36:13 | 000,067,572 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\fathers-dayblink.gif
[2011/06/19 08:35:10 | 000,023,507 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\fathers_day.gif
[2011/06/18 18:20:49 | 020,367,424 | ---- | M] (The GIMP Team ) -- C:\Documents and Settings\Joshua\Desktop\gimp-2.6.11-i686-setup-1.exe
[2011/06/17 22:41:04 | 000,001,967 | ---- | M] () -- C:\Documents and Settings\Joshua\.recently-used.xbel
[2011/06/17 20:10:10 | 015,970,304 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\python-2.7.2.msi
[2011/06/17 19:26:28 | 023,918,572 | ---- | M] (GNOME ) -- C:\Documents and Settings\Joshua\Desktop\gedit-setup-2.30.1-1.exe
[2011/06/17 12:37:10 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/17 12:37:10 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/16 03:57:45 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/06/16 03:33:01 | 000,591,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/16 03:33:01 | 000,119,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/16 03:30:03 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/12 15:09:18 | 002,206,720 | ---- | M] (Python Software Foundation) -- C:\WINDOWS\System32\python27.dll
[2011/06/06 22:12:27 | 025,991,731 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\AsaManThinketh.mp3
[2011/06/06 22:08:23 | 013,499,175 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\AlphaBreak.mp3
[2011/06/05 13:17:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 12:43:34 | 000,360,328 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Joshua\Desktop\SansaUpdaterInstall.exe
[2011/06/02 06:10:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/31 07:17:18 | 227,587,082 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\Spanish_HeadStart_Complete.zip
[2011/05/31 06:52:23 | 035,857,185 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\Shakespeare_Sonnets_complete_mp3.zip
[2011/05/30 15:05:31 | 000,001,544 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Napster.lnk
[2011/05/29 11:39:08 | 381,169,311 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\platos_republic_0902_librivox1_64kb_mp3.zip
[2011/05/29 11:16:45 | 196,793,223 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\mindandbrain.zip
[2011/05/29 10:51:26 | 081,980,426 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\mental_efficiency.zip
[2011/05/29 10:47:28 | 058,915,209 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\supreme_personality_0902_librivox_64kb_mp3.zip
[2011/05/29 10:38:33 | 031,367,646 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\initiative_psychic_energy.zip
[2011/05/29 10:37:52 | 050,826,263 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\introduction_to_metaphysics.zip
[2011/05/29 10:35:34 | 006,759,060 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\apology.zip
[2011/05/29 10:28:32 | 411,880,713 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\walden_librivox_64kb_mp3.zip
[2011/05/29 10:22:16 | 039,035,781 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\civil_disobedience.zip
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/24 04:05:24 | 000,030,312 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\MIT+Guide+to+Lockpicking.htm
[2011/06/21 17:10:13 | 001,309,375 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\tdsskiller.zip
[2011/06/21 16:57:36 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\gmer.zip
[2011/06/21 16:51:49 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/21 16:34:11 | 061,026,890 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\avira_antivir_personal_en.zip
[2011/06/21 15:50:54 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/06/21 15:50:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/21 15:45:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/21 15:45:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/21 15:45:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/21 15:45:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/21 15:45:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/21 04:25:28 | 000,970,509 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\EFRCSetup.exe
[2011/06/21 04:05:34 | 000,011,634 | ---- | C] () -- C:\Documents and Settings\Joshua\My Documents\regbackup1.reg
[2011/06/21 04:03:16 | 000,213,280 | ---- | C] () -- C:\Documents and Settings\Joshua\My Documents\regbackup.reg
[2011/06/19 17:58:31 | 140,710,182 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\Photo Album.zip
[2011/06/19 08:36:12 | 000,067,572 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\fathers-dayblink.gif
[2011/06/19 08:31:35 | 000,023,507 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\fathers_day.gif
[2011/06/17 22:41:04 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\Joshua\.recently-used.xbel
[2011/06/17 20:08:30 | 015,970,304 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\python-2.7.2.msi
[2011/06/06 22:08:25 | 025,991,731 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\AsaManThinketh.mp3
[2011/06/06 22:06:05 | 013,499,175 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\AlphaBreak.mp3
[2011/06/02 06:10:50 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/31 06:48:15 | 035,857,185 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\Shakespeare_Sonnets_complete_mp3.zip
[2011/05/31 06:46:38 | 227,587,082 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\Spanish_HeadStart_Complete.zip
[2011/05/30 15:05:31 | 000,001,544 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Napster.lnk
[2011/05/29 10:28:50 | 381,169,311 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\platos_republic_0902_librivox1_64kb_mp3.zip
[2011/05/29 10:28:21 | 006,759,060 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\apology.zip
[2011/05/29 10:18:14 | 031,367,646 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\initiative_psychic_energy.zip
[2011/05/29 10:15:12 | 058,915,209 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\supreme_personality_0902_librivox_64kb_mp3.zip
[2011/05/29 10:09:30 | 081,980,426 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\mental_efficiency.zip
[2011/05/29 10:08:47 | 050,826,263 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\introduction_to_metaphysics.zip
[2011/05/29 10:08:14 | 196,793,223 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\mindandbrain.zip
[2011/05/29 10:03:05 | 039,035,781 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\civil_disobedience.zip
[2011/05/29 09:25:19 | 411,880,713 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\walden_librivox_64kb_mp3.zip
[2011/05/25 06:03:15 | 000,019,150 | -HS- | C] () -- C:\Documents and Settings\Joshua\Local Settings\Application Data\p1bu2ri321xilw08u32yl2wnnkws
[2011/05/25 06:03:15 | 000,019,150 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\p1bu2ri321xilw08u32yl2wnnkws
[2011/02/10 04:20:05 | 003,790,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/20 12:14:15 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/01/20 12:14:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2011/01/17 00:14:51 | 000,201,551 | ---- | C] () -- C:\Documents and Settings\Joshua\Local Settings\Application Data\debuggee.mdmp
[2010/11/29 23:42:23 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2010/11/28 17:30:36 | 000,000,043 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/11/17 20:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Resources.dat
[2010/10/09 06:11:06 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2010/10/09 06:07:21 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2010/06/18 19:33:54 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Joshua\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/09 03:40:29 | 005,268,142 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-842925246-606747145-839522115-1003-0.dat
[2010/06/09 03:40:23 | 000,393,046 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/06/02 20:47:19 | 000,020,992 | ---- | C] () -- C:\WINDOWS\bw-uninstall.exe
[2010/05/23 20:33:28 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/22 12:01:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/05/22 01:37:47 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/05/22 00:52:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/22 00:48:21 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/22 00:20:50 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Joshua\Local Settings\Application Data\fusioncache.dat
[2010/05/22 00:16:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/22 00:08:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/21 18:57:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/21 18:56:25 | 003,592,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 17:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 17:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,591,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,119,646 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,025,088 | -H-- | C] () -- C:\WINDOWS\LINKINFO.dll448647073
[2004/08/10 06:00:00 | 000,025,088 | -H-- | C] () -- C:\WINDOWS\LINKINFO.dll387567826
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/01/08 02:05:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/05/23 21:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Happyville__
[2010/05/22 00:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/06/21 20:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\myitlab
[2011/05/30 15:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2011/02/17 19:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/09/15 21:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PKWARE
[2011/01/20 12:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/04/05 21:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/05/22 00:50:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/06/06 20:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/28 17:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/06/21 04:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2010/11/06 23:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\.minecraft
[2010/05/23 12:49:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\Aveyond 3
[2011/03/01 18:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\Blender Foundation
[2010/05/28 10:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2011/06/17 22:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\gedit
[2011/06/17 20:27:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\gtk-2.0
[2010/05/22 00:48:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\Leadertech
[2010/07/31 22:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\My Games
[2011/02/17 19:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\NCH Swift Sound
[2011/01/25 13:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\nil
[2010/10/08 22:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\PKWARE
[2011/06/05 12:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\SanDisk
[2010/06/30 05:05:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\The Creative Assembly
[2011/05/22 17:32:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\Unity
[2010/05/22 11:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\Windows Desktop Search
[2010/05/25 16:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joshua\Application Data\Windows Search
[2011/03/15 17:30:01 | 000,000,290 | ---- | M] () -- C:\WINDOWS\Tasks\photostageShakeIcon.job
[2011/02/20 21:10:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\wavepadShakeIcon.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5D340C5
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1362456
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA345B65
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB2DC8A5
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD7C3EFB

< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Joshsh3,

Welcome to Geekstogo.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted ImageClick the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Next

  • Double click on the OTL icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    hklm\software\clients\startmenuinternet|command /rs
    
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply.

Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine. :)

When you return please post
  • aswMBR log
  • OTL scan log

  • 0

#3
Joshsh3

Joshsh3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for your help!

Here are both of the logs, I did not tell aswMBR to fix.

aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-06-30 19:51:59
-----------------------------
19:51:59.135 OS Version: Windows 5.1.2600 Service Pack 3
19:51:59.135 Number of processors: 1 586 0x409
19:51:59.135 ComputerName: COMPUTER1 UserName: Joshua
19:51:59.479 Initialize success
19:52:05.260 AVAST engine defs: 11063001
19:52:07.213 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
19:52:07.213 Disk 0 Vendor: WDC_WD800JD-75MSA3 10.01E04 Size: 76293MB BusType: 3
19:52:09.276 Disk 0 MBR read successfully
19:52:09.276 Disk 0 MBR scan
19:52:09.276 Disk 0 Windows XP default MBR code
19:52:11.323 Disk 0 scanning sectors +156232125
19:52:11.385 Disk 0 scanning C:\WINDOWS\system32\drivers
19:52:35.604 Service scanning
19:52:36.463 Disk 0 trace - called modules:
19:52:36.479 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
19:52:36.479 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a398ab8]
19:52:36.479 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x8a374d98]
19:52:36.917 AVAST engine scan C:\WINDOWS
20:20:52.463 File: C:\WINDOWS\LINKINFO.dll387567826 **INFECTED** Win32:AutoRun-BWQ [Trj]
20:20:52.948 File: C:\WINDOWS\LINKINFO.dll448647073 **INFECTED** Win32:AutoRun-BWQ [Trj]
20:56:18.948 AVAST engine scan C:\Documents and Settings\Joshua
21:42:22.917 AVAST engine scan C:\Documents and Settings\All Users
21:48:43.182 Scan finished successfully
21:49:13.667 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Joshua\Desktop\MBR.dat"
21:49:13.682 The log file has been saved successfully to "C:\Documents and Settings\Joshua\Desktop\aswMBR.txt"






OTL logfile created on: 6/30/2011 9:51:08 PM - Run 2
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Documents and Settings\Joshua\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 40.98% Memory free
2.83 Gb Paging File | 1.93 Gb Available in Paging File | 68.20% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 15.94 Gb Free Space | 21.39% Space Free | Partition Type: NTFS
Drive D: | 654.81 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 975.63 Mb Total Space | 24.81 Mb Free Space | 2.54% Space Free | Partition Type: FAT

Computer Name: COMPUTER1 | User Name: Joshua | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 18:42:13 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Joshua\Desktop\aswMBR.exe
PRC - [2011/06/28 17:19:00 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/26 10:13:19 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joshua\Desktop\OTL.exe
PRC - [2011/06/25 07:47:09 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/06/05 12:43:58 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Joshua\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/21 07:54:06 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:50 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:34 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/03/16 03:58:36 | 000,718,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/06/26 10:13:19 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joshua\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/06/28 17:19:00 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/12 12:18:00 | 004,006,192 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2011/04/21 07:53:50 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/25 11:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/12/18 11:25:16 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/06/28 17:19:02 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 17:19:02 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/17 15:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2005/06/06 03:40:48 | 000,180,736 | R--- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) High Definition Audio Driver (WDM)
DRV - [2005/03/24 21:11:00 | 001,350,272 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sigfilt.sys -- (sigfilt)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 EA 6B A0 CB 1A CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.1


FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/25 07:47:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/02 06:10:50 | 000,000,000 | ---D | M]

[2010/05/22 00:52:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joshua\Application Data\Mozilla\Extensions
[2011/05/26 06:48:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\4y98bvb6.default\extensions
[2010/11/13 23:05:58 | 000,000,000 | ---D | M] (Firesheep) -- C:\Documents and Settings\Joshua\Application Data\Mozilla\Firefox\Profiles\4y98bvb6.default\extensions\[email protected]
[2011/05/26 06:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/08 22:12:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2010/05/23 15:12:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JOSHUA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\4Y98BVB6.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
[2010/05/23 15:12:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/05/23 03:01:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/06/25 07:47:09 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/05/23 15:12:11 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/19 12:48:52 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/29 14:16:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKCU..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Joshua\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1307297725328 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/22 00:50:00 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/12/19 12:56:20 | 000,000,000 | R--D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2006/07/20 18:56:36 | 000,253,952 | R--- | M] (Firaxis Games) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/07/24 13:33:33 | 000,007,974 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2011/06/19 10:12:50 | 000,000,163 | -HS- | M] () - I:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/30 18:42:05 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Joshua\Desktop\aswMBR.exe
[2011/06/28 19:20:49 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Joshua\Desktop\dds.scr
[2011/06/26 17:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Local Settings\Application Data\Temporary Projects
[2011/06/26 10:13:18 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joshua\Desktop\OTL.exe
[2011/06/24 15:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\Photo Album1
[2011/06/24 04:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\MIT+Guide+to+Lockpicking_files
[2011/06/21 17:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\tdsskiller
[2011/06/21 17:02:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/06/21 17:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Application Data\Avira
[2011/06/21 16:56:59 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\Joshua\Desktop\dds.com
[2011/06/21 16:51:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/06/21 16:51:31 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/06/21 16:51:29 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/21 16:51:28 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/21 16:51:28 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/06/21 16:51:28 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/06/21 16:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/06/21 16:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/06/21 15:50:49 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/06/21 15:45:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/06/21 15:45:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/06/21 15:45:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/06/21 15:45:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/06/21 15:43:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/06/21 15:43:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/06/21 04:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011/06/21 04:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Local Settings\Application Data\PackageAware
[2011/06/19 21:47:02 | 004,129,550 | R--- | C] (Swearware) -- C:\Documents and Settings\Joshua\Desktop\ComboFix.exe
[2011/06/19 21:37:43 | 000,645,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joshua\Desktop\OTS.exe
[2011/06/19 17:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\Photo Album
[2011/06/19 16:35:28 | 000,000,000 | ---D | C] -- C:\Pictures
[2011/06/19 13:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/06/19 13:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/19 09:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/19 09:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/18 18:18:30 | 020,367,424 | ---- | C] (The GIMP Team ) -- C:\Documents and Settings\Joshua\Desktop\gimp-2.6.11-i686-setup-1.exe
[2011/06/17 20:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Application Data\gtk-2.0
[2011/06/17 20:21:47 | 000,000,000 | ---D | C] -- C:\save
[2011/06/17 20:12:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Python 2.7
[2011/06/17 20:12:21 | 000,000,000 | ---D | C] -- C:\Python27
[2011/06/17 20:07:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Application Data\gedit
[2011/06/17 20:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\.gconfd
[2011/06/17 20:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\.gconf
[2011/06/17 20:01:56 | 000,000,000 | ---D | C] -- C:\Program Files\gedit
[2011/06/17 19:22:54 | 023,918,572 | ---- | C] (GNOME ) -- C:\Documents and Settings\Joshua\Desktop\gedit-setup-2.30.1-1.exe
[2011/06/15 21:40:22 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/06/12 15:09:18 | 002,206,720 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\python27.dll
[2011/06/11 09:28:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\My Documents\My Music2
[2011/06/05 22:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\supreme_personality_0902_librivox_64kb_mp3
[2011/06/05 12:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Start Menu\Programs\SanDisk
[2011/06/05 12:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Application Data\SanDisk
[2011/06/05 12:43:33 | 000,360,328 | ---- | C] (SanDisk Corporation) -- C:\Documents and Settings\Joshua\Desktop\firefox (4).exe
[2011/06/05 12:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Application Data\Roxio
[2011/06/02 06:04:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joshua\Desktop\Spanish
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/30 21:49:13 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\MBR.dat
[2011/06/30 18:42:13 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Joshua\Desktop\aswMBR.exe
[2011/06/29 14:16:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/29 14:05:55 | 004,129,550 | R--- | M] (Swearware) -- C:\Documents and Settings\Joshua\Desktop\ComboFix.exe
[2011/06/29 03:17:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/28 19:20:57 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Joshua\Desktop\dds.scr
[2011/06/28 17:19:02 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/06/28 17:19:02 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/06/26 10:13:19 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joshua\Desktop\OTL.exe
[2011/06/26 01:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/06/24 04:05:26 | 000,030,312 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\MIT+Guide+to+Lockpicking.htm
[2011/06/21 17:10:34 | 001,309,375 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\tdsskiller.zip
[2011/06/21 16:57:59 | 000,293,775 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\gmer.zip
[2011/06/21 16:56:59 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\Joshua\Desktop\dds.com
[2011/06/21 16:51:49 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/21 16:44:30 | 061,026,890 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\avira_antivir_personal_en.zip
[2011/06/21 15:50:54 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/06/21 04:25:32 | 000,970,509 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\EFRCSetup.exe
[2011/06/21 04:05:52 | 000,011,634 | ---- | M] () -- C:\Documents and Settings\Joshua\My Documents\regbackup1.reg
[2011/06/21 04:03:31 | 000,213,280 | ---- | M] () -- C:\Documents and Settings\Joshua\My Documents\regbackup.reg
[2011/06/19 21:37:53 | 000,645,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joshua\Desktop\OTS.exe
[2011/06/19 17:59:00 | 140,710,182 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\Photo Album.zip
[2011/06/19 17:34:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/19 08:36:13 | 000,067,572 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\fathers-dayblink.gif
[2011/06/19 08:35:10 | 000,023,507 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\fathers_day.gif
[2011/06/18 18:20:49 | 020,367,424 | ---- | M] (The GIMP Team ) -- C:\Documents and Settings\Joshua\Desktop\gimp-2.6.11-i686-setup-1.exe
[2011/06/17 22:41:04 | 000,001,967 | ---- | M] () -- C:\Documents and Settings\Joshua\.recently-used.xbel
[2011/06/17 20:10:10 | 015,970,304 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\firefox (1).msi
[2011/06/17 19:26:28 | 023,918,572 | ---- | M] (GNOME ) -- C:\Documents and Settings\Joshua\Desktop\gedit-setup-2.30.1-1.exe
[2011/06/16 03:57:45 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/06/16 03:33:01 | 000,591,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/16 03:33:01 | 000,119,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/16 03:30:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/12 15:09:18 | 002,206,720 | ---- | M] (Python Software Foundation) -- C:\WINDOWS\System32\python27.dll
[2011/06/06 22:12:27 | 025,991,731 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\AsaManThinketh.mp3
[2011/06/06 22:08:23 | 013,499,175 | ---- | M] () -- C:\Documents and Settings\Joshua\Desktop\AlphaBreak.mp3
[2011/06/05 13:17:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/05 12:43:34 | 000,360,328 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Joshua\Desktop\firefox (4).exe
[2011/06/02 06:10:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/30 21:49:13 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\MBR.dat
[2011/06/28 19:26:09 | 000,302,080 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\gmer.exe
[2011/06/24 04:05:24 | 000,030,312 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\MIT+Guide+to+Lockpicking.htm
[2011/06/21 17:10:13 | 001,309,375 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\tdsskiller.zip
[2011/06/21 16:57:36 | 000,293,775 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\gmer.zip
[2011/06/21 16:51:49 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/06/21 16:34:11 | 061,026,890 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\avira_antivir_personal_en.zip
[2011/06/21 15:50:54 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/06/21 15:50:51 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/06/21 15:45:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/06/21 15:45:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/06/21 15:45:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/06/21 15:45:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/06/21 15:45:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/06/21 04:25:28 | 000,970,509 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\EFRCSetup.exe
[2011/06/21 04:05:34 | 000,011,634 | ---- | C] () -- C:\Documents and Settings\Joshua\My Documents\regbackup1.reg
[2011/06/21 04:03:16 | 000,213,280 | ---- | C] () -- C:\Documents and Settings\Joshua\My Documents\regbackup.reg
[2011/06/19 17:58:31 | 140,710,182 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\Photo Album.zip
[2011/06/19 08:36:12 | 000,067,572 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\fathers-dayblink.gif
[2011/06/19 08:31:35 | 000,023,507 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\fathers_day.gif
[2011/06/17 22:41:04 | 000,001,967 | ---- | C] () -- C:\Documents and Settings\Joshua\.recently-used.xbel
[2011/06/17 20:08:30 | 015,970,304 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\firefox (1).msi
[2011/06/06 22:08:25 | 025,991,731 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\AsaManThinketh.mp3
[2011/06/06 22:06:05 | 013,499,175 | ---- | C] () -- C:\Documents and Settings\Joshua\Desktop\AlphaBreak.mp3
[2011/06/02 06:10:50 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/05/25 06:03:15 | 000,019,150 | -HS- | C] () -- C:\Documents and Settings\Joshua\Local Settings\Application Data\p1bu2ri321xilw08u32yl2wnnkws
[2011/05/25 06:03:15 | 000,019,150 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\p1bu2ri321xilw08u32yl2wnnkws
[2011/02/10 04:20:05 | 003,790,392 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/20 12:14:15 | 000,000,020 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/01/20 12:14:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2011/01/17 00:14:51 | 000,201,551 | ---- | C] () -- C:\Documents and Settings\Joshua\Local Settings\Application Data\debuggee.mdmp
[2010/11/29 23:42:23 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2010/11/28 17:30:36 | 000,000,043 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/11/17 20:37:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Resources.dat
[2010/10/09 06:11:06 | 000,000,145 | ---- | C] () -- C:\WINDOWS\Eudcedit.ini
[2010/10/09 06:07:21 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2010/06/18 19:33:54 | 000,060,928 | ---- | C] () -- C:\Documents and Settings\Joshua\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/09 03:40:29 | 005,268,142 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-842925246-606747145-839522115-1003-0.dat
[2010/06/09 03:40:23 | 000,393,046 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/06/02 20:47:19 | 000,020,992 | ---- | C] () -- C:\WINDOWS\bw-uninstall.exe
[2010/05/23 20:33:28 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/22 12:01:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/05/22 01:37:47 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2010/05/22 00:52:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/22 00:48:21 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/22 00:20:50 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Joshua\Local Settings\Application Data\fusioncache.dat
[2010/05/22 00:16:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/22 00:08:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/21 18:57:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/21 18:56:25 | 003,592,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 17:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 17:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 06:00:00 | 000,591,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 06:00:00 | 000,119,646 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 06:00:00 | 000,025,088 | -H-- | C] () -- C:\WINDOWS\LINKINFO.dll448647073
[2004/08/10 06:00:00 | 000,025,088 | -H-- | C] () -- C:\WINDOWS\LINKINFO.dll387567826
[2004/08/10 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/02/17 19:14:00 | 000,053,980 | ---- | M] () -- C:\a.wav
[2011/01/02 17:11:47 | 000,006,942 | ---- | M] () -- C:\airplane.wmf
[2011/01/02 17:08:18 | 000,020,246 | ---- | M] () -- C:\alarmclock.wmf
[2011/02/15 13:07:44 | 000,118,446 | ---- | M] () -- C:\apple.jpg
[2010/05/22 00:50:00 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/02/17 19:30:03 | 000,038,102 | ---- | M] () -- C:\b.wav
[2011/01/02 17:12:18 | 000,021,498 | ---- | M] () -- C:\balloon.wmf
[2011/02/15 21:06:27 | 000,014,719 | ---- | M] () -- C:\banana.jpg
[2011/01/02 15:22:22 | 000,017,010 | ---- | M] () -- C:\banneropen.wav
[2011/06/16 03:57:45 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2011/06/21 15:50:54 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/01/02 17:16:45 | 000,014,984 | ---- | M] () -- C:\bull.wmf
[2011/02/15 22:20:34 | 000,047,281 | ---- | M] () -- C:\car.jpg
[2010/11/14 14:18:13 | 000,000,099 | ---- | M] () -- C:\chatlog.txt
[2011/02/02 19:42:15 | 000,020,688 | ---- | M] () -- C:\clap.wav
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/06/29 14:19:27 | 000,015,395 | ---- | M] () -- C:\ComboFix.txt
[2010/05/22 00:12:43 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/02/19 11:42:11 | 001,351,680 | ---- | M] () -- C:\Database1.accdb
[2011/02/15 22:22:08 | 000,041,599 | ---- | M] () -- C:\dog.jpg
[2011/02/15 22:25:58 | 000,049,471 | ---- | M] () -- C:\elephant.jpg
[2011/02/15 22:26:37 | 000,024,417 | ---- | M] () -- C:\frog.jpg
[2011/02/15 22:27:08 | 000,049,287 | ---- | M] () -- C:\goat.gif
[2010/10/08 22:33:53 | 000,000,520 | ---- | M] () -- C:\Hello.class
[2011/02/15 22:29:04 | 000,008,976 | ---- | M] () -- C:\horse.jpg
[2011/02/15 22:31:07 | 000,007,436 | ---- | M] () -- C:\igloo.jpg
[2010/05/22 00:12:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/02/15 22:38:05 | 000,031,107 | ---- | M] () -- C:\joker.jpg
[2011/02/15 22:40:31 | 000,028,945 | ---- | M] () -- C:\kangaroo.jpg
[2011/01/02 17:18:53 | 000,006,330 | ---- | M] () -- C:\kite.wmf
[2011/02/17 23:43:39 | 000,000,096 | ---- | M] () -- C:\limits.txt
[2011/02/15 22:56:16 | 000,007,461 | ---- | M] () -- C:\lion.jpg
[2011/02/15 22:43:27 | 000,004,892 | ---- | M] () -- C:\mouse.jpg
[2010/05/22 00:12:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/02/15 22:46:24 | 000,021,231 | ---- | M] () -- C:\necklace.jpg
[2011/01/02 13:19:07 | 000,000,000 | ---- | M] () -- C:\New Text Document.txt
[2011/01/02 17:18:08 | 000,016,898 | ---- | M] () -- C:\ninja.wmf
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/22 10:28:56 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/02 13:22:37 | 000,000,029 | ---- | M] () -- C:\numbers.txt
[2011/02/15 22:46:48 | 000,023,097 | ---- | M] () -- C:\orange.jpg
[2011/06/29 03:17:26 | 1600,208,896 | -HS- | M] () -- C:\pagefile.sys
[2011/02/15 22:47:18 | 000,002,639 | ---- | M] () -- C:\pencil.jpg
[2011/01/19 19:18:12 | 000,000,074 | ---- | M] () -- C:\prices.txt
[2011/02/15 22:48:50 | 000,006,613 | ---- | M] () -- C:\queen.jpg
[2011/02/15 22:49:12 | 000,008,608 | ---- | M] () -- C:\rainbow.jpg
[2011/01/02 17:14:05 | 000,025,430 | ---- | M] () -- C:\sailboat.wmf
[2011/01/02 19:33:32 | 000,000,090 | ---- | M] () -- C:\scores.txt
[2011/01/02 17:19:01 | 000,019,938 | ---- | M] () -- C:\skis.wmf
[2011/02/15 22:49:41 | 000,045,456 | ---- | M] () -- C:\sock.jpg
[2011/06/21 17:14:05 | 000,038,886 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_21.06.2011_17.13.34_log.txt
[2011/06/21 17:17:10 | 000,038,158 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_21.06.2011_17.16.45_log.txt
[2011/06/22 21:38:33 | 000,038,158 | ---- | M] () -- C:\TDSSKiller.2.5.5.0_22.06.2011_21.38.04_log.txt
[2011/02/15 22:52:02 | 000,026,166 | ---- | M] () -- C:\tree.jpg
[2011/02/15 22:52:29 | 000,031,360 | ---- | M] () -- C:\umbrella.jpg
[2011/02/15 22:52:56 | 000,004,057 | ---- | M] () -- C:\vacuum.jpg
[2011/01/09 10:50:31 | 307,169,448 | ---- | M] (Microsoft Corporation) -- C:\VisioSingleImage.exe
[2011/02/15 22:53:56 | 000,057,155 | ---- | M] () -- C:\wagon.jpg
[2011/01/02 15:36:19 | 000,516,776 | ---- | M] () -- C:\win.mp3
[2011/01/02 15:41:14 | 005,691,112 | ---- | M] () -- C:\win.wav
[2011/01/02 17:01:19 | 011,708,760 | ---- | M] (Nullsoft, Inc.) -- C:\winamp5601_full_emusic-7plus_en-us.exe
[2011/01/30 17:59:15 | 000,000,293 | ---- | M] () -- C:\WORDS2.txt
[2011/02/15 22:54:21 | 000,008,599 | ---- | M] () -- C:\xylophone.jpg
[2011/01/02 15:18:42 | 000,141,500 | ---- | M] () -- C:\youwin.wav
[2011/02/15 22:54:42 | 000,038,352 | ---- | M] () -- C:\yoyo.jpg
[2011/02/15 22:55:10 | 000,010,002 | ---- | M] () -- C:\zebra.gif

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/05/21 18:55:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/21 18:55:53 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/21 18:55:53 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-29 08:01:12

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/06/25 07:47:05 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/06/25 07:47:05 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/25 07:47:05 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/06/25 07:47:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/06/25 07:47:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/06/25 07:47:09 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 07:01:34 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D5D340C5
@Alternate Data Stream - 186 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E1362456
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FA345B65
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB2DC8A5
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD7C3EFB

< End of report >
  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,989 posts
Hello Joshsh3,

Logon to the Recovery Console.

1. Restart your computer.
2. Before Windows loads, you will be prompted to choose which Operating System to start.

Posted Image

Use the up and down arrow key to select Microsoft Windows Recovery Console
4. You must enter which Windows installation to log onto. Type 1 and press 'Enter'.
5. At the C:\Windows prompt, type the following bolded entry, and press 'Enter':

fixmbr

Reboot your machine.

After that

You have used ComboFix before. Re-run ComboFix; if it wants to update, allow it to do so. Post the log back here.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP