Daughter's computer infected

View previous topic View next topic Go down

Daughter's computer infected

Post by AngelsElf on 26th April 2010, 10:11 pm

My daughter seems to have caught something on her computer so I am writing this for her since she cannot access the internet on her computer at all. She keeps getting spam pop ups and asked to buy virus programs.

Please help me get her system back up and thank you again for all your help

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 26th April 2010, 10:31 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 26th April 2010, 10:36 pm

I would do this but I cannot access the internet on her computer it wont let me connect to the internet. Whatever virus she has, has closed her down.

Update : I rebooted daughters computer and it is completely frozen now, we cant even get into the operating system. /sigh

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 27th April 2010, 8:33 pm

Can you boot to Safe Mode?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 27th April 2010, 9:20 pm

Just rebooted in safe mode. All that is showing is the Documents section with whatever is in it.

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 27th April 2010, 9:50 pm

Hmm.
Reboot again, do the same, but this time select to option for Safe Mode with Networking, see if you can access the net via Safe Mode.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 27th April 2010, 9:59 pm

okay rebooted in safe mode with networking and i have google up right now

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 27th April 2010, 10:03 pm

Try downloading OTL now using my above instructions in post 2.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 27th April 2010, 10:12 pm

TL logfile created on: 2010-04-27 오후 6:06:14 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Sarah\Downloads
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000412 | Country: Korea | Language: KOR | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 4.78 Gb Free Space | 6.88% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 69.06 Gb Free Space | 99.34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-04-27 18:06:01 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe
PRC - [2010-04-06 14:49:36 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-10-29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010-04-27 18:06:01 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Downloads\OTL.exe
MOD - [2008-01-20 22:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - [2010-03-09 07:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-03-09 07:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-03-09 07:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-11-22 21:30:57 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009-08-24 08:16:12 | 000,378,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009-05-19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008-11-28 11:56:06 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008-04-25 22:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008-04-25 22:36:02 | 000,131,072 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008-03-03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008-01-20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-12-06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007-01-04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2010-03-09 07:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-03-09 07:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-03-09 07:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-03-09 07:08:52 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010-03-09 07:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-05-09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008-12-23 04:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-10-01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008-08-06 22:40:40 | 000,129,552 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008-07-28 03:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-07-04 02:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008-07-03 05:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-04-28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008-02-21 23:50:48 | 000,198,064 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008-01-30 05:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008-01-30 05:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008-01-23 07:18:28 | 001,187,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008-01-20 22:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008-01-20 22:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008-01-20 22:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008-01-20 22:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008-01-20 22:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008-01-20 22:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008-01-20 22:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008-01-20 22:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008-01-20 22:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008-01-20 22:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008-01-20 22:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008-01-20 22:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008-01-20 22:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008-01-20 22:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008-01-20 22:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008-01-20 22:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008-01-20 22:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008-01-20 22:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008-01-20 22:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008-01-20 22:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008-01-20 22:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008-01-20 22:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008-01-20 22:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008-01-20 22:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008-01-20 22:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007-04-17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006-11-02 09:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006-11-02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006-11-02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-07 18:30:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-06 14:49:38 | 000,000,000 | ---D | M]

[2009-01-15 15:48:28 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2010-04-25 02:29:41 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions
[2009-07-08 15:36:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-05-22 16:31:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009-05-22 16:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}-trash
[2010-03-25 23:44:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions\radiobar@toolbar
[2010-04-27 17:58:43 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006-09-18 17:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [ares vista] C:\Program Files\Ares Vista\AresVista.exe (Ares Vista)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Cognac] C:\Users\Sarah\AppData\Local\Temp\16466.exe File not found
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [NCsoft Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\Sarah\AppData\Local\Temp\Lrh.exe ()
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe (Convesoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.35,93.188.166.145
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (hnbc.dro) - hnbc.dro ()
O20 - HKLM Winlogon: Shell - (qoobyqc) - File not found
O24 - Desktop WallPaper: C:\Users\Sarah\Pictures\Adi and I.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sarah\Pictures\Adi and I.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0cafa829-dfd6-11dd-8b5a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0cafa829-dfd6-11dd-8b5a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{1f991cfa-8759-11de-912f-001eecdc1bed}\Shell - "" = AutoRun
O33 - MountPoints2\{1f991cfa-8759-11de-912f-001eecdc1bed}\Shell\AutoRun\command - "" = F:\AUTOPLAY.EXE id=10000017000015000016 ver=1.0.0.0 -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-04-25 19:06:48 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\DTP
[2010-04-25 18:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\My Riding Stables 2 - Life with Horses
[2010-04-14 19:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010-04-14 14:45:38 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010-04-14 14:45:27 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010-04-14 14:45:26 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010-04-14 14:45:10 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010-04-08 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010-04-08 23:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010-04-08 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022
[2010-04-08 23:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010-04-08 23:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010-04-08 23:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010-04-08 23:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010-04-08 17:22:00 | 000,000,000 | ---D | C] -- C:\Netts
[2010-04-08 16:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010-04-07 15:17:53 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\assembly
[2010-04-07 15:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\NCSoft
[2010-04-06 21:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Tale of Tales
[2010-04-06 03:06:51 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010-04-06 03:06:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010-04-06 03:06:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010-04-06 03:06:50 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010-04-06 03:06:48 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010-04-06 03:06:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010-04-06 03:06:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010-04-06 03:06:47 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010-04-06 03:06:47 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010-04-06 03:06:47 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010-04-06 03:06:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010-04-06 03:06:46 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010-04-06 03:06:46 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010-04-06 03:06:45 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010-04-06 03:06:44 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010-04-06 03:06:44 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010-04-06 03:06:43 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010-04-06 03:06:43 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010-04-06 03:06:43 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010-04-06 03:06:43 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010-04-06 03:06:42 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010-04-06 03:06:41 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010-04-06 03:06:41 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010-04-06 03:06:41 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010-04-06 03:06:40 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010-04-06 03:06:39 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010-04-06 03:06:39 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010-04-06 03:06:33 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010-04-06 03:06:33 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010-04-06 03:06:33 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010-04-06 03:06:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010-04-06 03:06:31 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010-04-06 03:06:31 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010-04-06 03:06:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010-04-06 03:06:29 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010-04-06 03:06:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010-04-06 03:06:29 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010-04-06 03:06:28 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010-04-06 03:06:27 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010-04-06 03:06:26 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010-04-06 03:06:26 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010-04-06 03:06:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010-04-06 03:06:26 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010-04-06 03:06:25 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010-04-06 03:06:24 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010-04-06 03:06:23 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010-04-06 03:06:23 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010-04-06 03:06:22 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010-04-06 03:06:20 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010-04-06 03:06:20 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010-04-06 03:06:19 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010-04-06 03:06:19 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010-04-06 03:06:18 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010-04-06 03:06:18 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010-04-06 03:06:18 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010-04-06 03:06:18 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010-04-06 03:06:18 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010-04-06 03:06:17 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010-04-06 03:06:16 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010-04-06 03:06:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010-04-06 03:06:16 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010-04-06 03:06:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010-04-06 03:06:15 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010-04-06 03:04:29 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010-04-06 03:04:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010-04-06 03:00:21 | 000,000,000 | ---D | C] -- C:\Impressive Title 0.5
[2010-03-30 16:51:12 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010-03-30 16:51:11 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010-03-30 16:51:11 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010-03-30 16:51:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010-03-30 16:51:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010-03-30 16:51:10 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010-03-30 16:51:10 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010-03-30 16:51:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010-03-30 16:51:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010-03-30 16:51:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010-03-30 16:51:03 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010-03-30 16:51:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010-03-30 16:51:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010-03-30 16:51:03 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010-03-30 16:51:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2008-12-05 09:39:27 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-04-27 18:06:52 | 003,145,728 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat
[2010-04-27 17:55:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-04-27 00:03:03 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-04-26 23:42:08 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010-04-26 23:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-04-26 22:26:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-04-26 18:41:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-04-26 18:41:49 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-04-26 18:41:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010-04-26 18:41:27 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\Ozsppt.job
[2010-04-26 18:41:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-04-26 18:12:46 | 000,019,968 | ---- | M] () -- C:\Windows\System32\hnbc.dro
[2010-04-26 03:35:53 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417e-869e-11de-8979-001eecdc1bed}.TMContainer00000000000000000001.regtrans-ms
[2010-04-26 03:35:53 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417e-869e-11de-8979-001eecdc1bed}.TM.blf
[2010-04-26 03:35:40 | 003,727,099 | -H-- | M] () -- C:\Users\Sarah\AppData\Local\IconCache.db
[2010-04-25 20:06:34 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sarah.job
[2010-04-25 18:59:56 | 000,001,907 | ---- | M] () -- C:\Users\Sarah\Desktop\My Riding Stables 2 - Life with Horses.lnk
[2010-04-25 03:02:58 | 000,152,576 | ---- | M] () -- C:\Windows\Lkeneb.exe
[2010-04-25 03:01:46 | 000,368,128 | RHS- | M] () -- C:\Windows\System32\WINSPOOLC.dll
[2010-04-25 03:01:45 | 000,152,576 | ---- | M] () -- C:\Windows\Lkenea.exe
[2010-04-23 21:16:07 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-04-21 02:00:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-04-21 02:00:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-04-20 11:25:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\WolfQuest Survival of the Pack.lnk
[2010-04-09 23:51:20 | 000,001,340 | ---- | M] () -- C:\Users\Sarah\Desktop\Perfect World.lnk
[2010-04-08 23:02:55 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010-03-30 21:59:01 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-04-26 18:12:28 | 000,019,968 | ---- | C] () -- C:\Windows\System32\hnbc.dro
[2010-04-25 18:59:56 | 000,001,907 | ---- | C] () -- C:\Users\Sarah\Desktop\My Riding Stables 2 - Life with Horses.lnk
[2010-04-25 15:06:48 | 000,152,576 | ---- | C] () -- C:\Windows\Lkeneb.exe
[2010-04-25 03:02:09 | 000,152,576 | ---- | C] () -- C:\Windows\Lkenea.exe
[2010-04-25 03:01:53 | 000,000,286 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010-04-25 03:01:52 | 000,000,246 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010-04-25 03:01:47 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\Ozsppt.job
[2010-04-25 03:01:46 | 000,368,128 | RHS- | C] () -- C:\Windows\System32\WINSPOOLC.dll
[2010-04-21 02:00:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010-04-21 02:00:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010-04-20 11:25:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\WolfQuest Survival of the Pack.lnk
[2010-04-09 23:51:20 | 000,001,340 | ---- | C] () -- C:\Users\Sarah\Desktop\Perfect World.lnk
[2010-04-08 23:03:03 | 000,000,474 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Sarah.job
[2010-04-08 23:02:55 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2009-01-10 22:11:53 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009-01-10 19:13:22 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008-12-05 09:36:37 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008-12-05 09:36:26 | 000,129,552 | ---- | C] () -- C:\Windows\System32\drivers\ahcix86s.sys
[2008-12-05 09:36:25 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008-12-05 08:41:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008-12-05 08:41:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008-12-05 08:01:04 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006-11-02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003-01-07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001-12-26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001-09-04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001-07-30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001-07-23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:F880DE59
< End of report >

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 28th April 2010, 12:16 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O4 - HKCU..\Run: [Cognac] C:\Users\Sarah\AppData\Local\Temp\16466.exe File not found
    O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\Sarah\AppData\Local\Temp\Lrh.exe ()
    O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
    O20 - HKLM Winlogon: Shell - (hnbc.dro) - hnbc.dro ()
    O20 - HKLM Winlogon: Shell - (qoobyqc) - File not found
    [2010-04-27 00:03:03 | 000,000,246 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
    [2010-04-26 23:42:08 | 000,000,286 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
    [2010-04-25 15:06:48 | 000,152,576 | ---- | C] () -- C:\Windows\Lkeneb.exe
    [2010-04-25 03:02:09 | 000,152,576 | ---- | C] () -- C:\Windows\Lkenea.exe
    [2010-04-26 18:12:28 | 000,019,968 | ---- | C] () -- C:\Windows\System32\hnbc.dro

    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
    "Start Page"=-


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 28th April 2010, 12:36 am

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Cognac deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YVIBBBHA8C deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\Lrh.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:rundll32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:hnbc.dro deleted successfully.
hnbc.dro moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:qoobyqc deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\Windows\Lkeneb.exe moved successfully.
C:\Windows\Lkenea.exe moved successfully.
File C:\Windows\System32\hnbc.dro not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.

OTL by OldTimer - Version 3.2.3.0 log created on 04272010_203441

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 28th April 2010, 6:44 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 28th April 2010, 7:47 pm

alwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 4048

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18904

2010-04-28 ?? 3:46:31
mbam-log-2010-04-28 (15-46-31).txt

Scan type: Quick scan
Objects scanned: 120602
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.35,93.188.166.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58485326-a36a-4952-ab42-b4ea8d9fbaa8}\DhcpNameServer (Trojan.DNSChanger) -> Data: 93.188.162.35,93.188.166.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{58485326-a36a-4952-ab42-b4ea8d9fbaa8}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.35,93.188.166.145 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9410e4d5-c526-4ecf-b0ac-93051717a0f6}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.35,93.188.166.145 -> Quarantined and deleted successfully.

Folders Infected:
C:\ProgramData\LastSun Ltd (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\ProgramData\LastSun Ltd\AV AntiSpyware (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Sarah\AppData\Local\Temp\16BD.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\3074.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\426E.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\56C7.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\5CC0.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\8AB2.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\CEC3.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\DF95.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Sarah\AppData\Local\Temp\e.exe (Trojan.Oficla) -> Quarantined and deleted successfully.
C:\Windows\System32\spool\prtprocs\w32x86\00005927.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 29th April 2010, 7:54 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 29th April 2010, 8:41 pm

my daughter's operating system is Vista so I received incompatible operating system error

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 29th April 2010, 9:15 pm

Hello.

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Do you have the Extras.txt log from OTL?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 29th April 2010, 10:17 pm

Hmmmmmmmmm I thought that I did. Well I ran it again and will post now

TL logfile created on: 2010-04-29 오후 6:12:29 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Sarah\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000412 | Country: Korea | Language: KOR | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 5.34 Gb Free Space | 7.68% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 69.06 Gb Free Space | 99.34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 249.72 Mb Total Space | 56.50 Mb Free Space | 22.62% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-04-29 18:11:48 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
PRC - [2010-04-06 14:49:36 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-10-29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010-04-29 18:11:48 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
MOD - [2008-01-20 22:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - [2010-04-14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-04-14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-04-14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-11-22 21:30:57 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009-05-19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008-11-28 11:56:06 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008-04-25 22:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008-04-25 22:36:02 | 000,131,072 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008-03-03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008-01-20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-12-06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007-01-04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2010-04-14 12:37:13 | 000,297,552 | ---- | M] (ALWIL Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010-04-14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-04-14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-04-14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-04-14 12:31:23 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010-04-14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-05-09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008-12-23 04:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-10-01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008-08-06 22:40:40 | 000,129,552 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008-07-28 03:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-07-04 02:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008-07-03 05:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-04-28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008-02-21 23:50:48 | 000,198,064 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008-01-30 05:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008-01-30 05:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008-01-23 07:18:28 | 001,187,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008-01-20 22:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008-01-20 22:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008-01-20 22:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008-01-20 22:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008-01-20 22:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008-01-20 22:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008-01-20 22:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008-01-20 22:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008-01-20 22:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008-01-20 22:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008-01-20 22:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008-01-20 22:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008-01-20 22:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008-01-20 22:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008-01-20 22:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008-01-20 22:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008-01-20 22:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008-01-20 22:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008-01-20 22:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008-01-20 22:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008-01-20 22:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008-01-20 22:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008-01-20 22:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008-01-20 22:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008-01-20 22:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007-04-17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006-11-02 09:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006-11-02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006-11-02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-07 18:30:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-06 14:49:38 | 000,000,000 | ---D | M]

[2009-01-15 15:48:28 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2010-04-28 15:30:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions
[2009-07-08 15:36:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-05-22 16:31:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009-05-22 16:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}-trash
[2010-03-25 23:44:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions\radiobar@toolbar
[2010-04-29 18:11:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006-09-18 17:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [ares vista] C:\Program Files\Ares Vista\AresVista.exe (Ares Vista)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [NCsoft Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe (Convesoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\Pictures\Adi and I.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sarah\Pictures\Adi and I.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008-12-07 13:33:04 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{0cafa829-dfd6-11dd-8b5a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0cafa829-dfd6-11dd-8b5a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{1f991cfa-8759-11de-912f-001eecdc1bed}\Shell - "" = AutoRun
O33 - MountPoints2\{1f991cfa-8759-11de-912f-001eecdc1bed}\Shell\AutoRun\command - "" = F:\AUTOPLAY.EXE id=10000017000015000016 ver=1.0.0.0 -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-04-29 18:11:46 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010-04-29 17:39:44 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\TFC.exe
[2010-04-29 16:40:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-04-29 16:36:12 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010-04-29 00:05:31 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-04-29 00:05:31 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010-04-29 00:05:28 | 000,297,552 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010-04-29 00:05:28 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-04-29 00:05:25 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-04-29 00:05:21 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-04-29 00:05:07 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010-04-29 00:05:07 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010-04-28 15:36:37 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2010-04-28 15:36:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-04-28 15:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-04-28 15:35:47 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-04-28 15:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-04-28 15:08:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\My Google Gadgets
[2010-04-27 20:34:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-04-25 19:06:48 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\DTP
[2010-04-25 18:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\My Riding Stables 2 - Life with Horses
[2010-04-14 19:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010-04-14 14:45:38 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010-04-14 14:45:27 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010-04-14 14:45:26 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010-04-14 14:45:10 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010-04-08 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010-04-08 23:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010-04-08 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022
[2010-04-08 23:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010-04-08 23:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010-04-08 23:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010-04-08 23:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010-04-08 17:22:00 | 000,000,000 | ---D | C] -- C:\Netts
[2010-04-08 16:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010-04-07 15:17:53 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\assembly
[2010-04-07 15:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\NCSoft
[2010-04-06 21:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Tale of Tales
[2010-04-06 03:06:51 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010-04-06 03:06:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010-04-06 03:06:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010-04-06 03:06:50 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010-04-06 03:06:48 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010-04-06 03:06:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010-04-06 03:06:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010-04-06 03:06:47 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010-04-06 03:06:47 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010-04-06 03:06:47 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010-04-06 03:06:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010-04-06 03:06:46 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010-04-06 03:06:46 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010-04-06 03:06:45 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010-04-06 03:06:44 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010-04-06 03:06:44 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010-04-06 03:06:43 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010-04-06 03:06:43 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010-04-06 03:06:43 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010-04-06 03:06:43 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010-04-06 03:06:42 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010-04-06 03:06:41 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010-04-06 03:06:41 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010-04-06 03:06:41 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010-04-06 03:06:40 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010-04-06 03:06:39 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010-04-06 03:06:39 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010-04-06 03:06:33 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010-04-06 03:06:33 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010-04-06 03:06:33 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010-04-06 03:06:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010-04-06 03:06:31 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010-04-06 03:06:31 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010-04-06 03:06:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010-04-06 03:06:29 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010-04-06 03:06:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010-04-06 03:06:29 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010-04-06 03:06:28 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010-04-06 03:06:27 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010-04-06 03:06:26 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010-04-06 03:06:26 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010-04-06 03:06:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010-04-06 03:06:26 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010-04-06 03:06:25 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010-04-06 03:06:24 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010-04-06 03:06:23 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010-04-06 03:06:23 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010-04-06 03:06:22 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010-04-06 03:06:20 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010-04-06 03:06:20 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010-04-06 03:06:19 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010-04-06 03:06:19 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010-04-06 03:06:18 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010-04-06 03:06:18 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010-04-06 03:06:18 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010-04-06 03:06:18 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010-04-06 03:06:18 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010-04-06 03:06:17 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010-04-06 03:06:16 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010-04-06 03:06:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010-04-06 03:06:16 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010-04-06 03:06:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010-04-06 03:06:15 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010-04-06 03:04:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010-04-06 03:00:21 | 000,000,000 | ---D | C] -- C:\Impressive Title 0.5
[2008-12-05 09:39:27 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010-04-29 18:11:48 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010-04-29 18:06:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-04-29 18:02:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-04-29 18:02:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-04-29 18:02:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-04-29 18:02:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010-04-29 18:02:15 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\Ozsppt.job
[2010-04-29 18:02:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-04-29 18:00:24 | 003,145,728 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat
[2010-04-29 18:00:24 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417e-869e-11de-8979-001eecdc1bed}.TMContainer00000000000000000001.regtrans-ms
[2010-04-29 18:00:24 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417e-869e-11de-8979-001eecdc1bed}.TM.blf
[2010-04-29 17:39:47 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\TFC.exe
[2010-04-29 17:31:06 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-04-29 17:31:06 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-04-29 17:31:06 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-04-29 17:28:47 | 000,009,728 | ---- | M] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-29 17:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-04-29 17:20:46 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.2.regtrans-ms
[2010-04-29 17:20:45 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.1.regtrans-ms
[2010-04-29 17:20:45 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.0.regtrans-ms
[2010-04-29 17:20:45 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.blf
[2010-04-29 16:34:57 | 003,924,018 | ---- | M] () -- C:\Users\Sarah\Desktop\svchost.exe
[2010-04-29 06:48:11 | 000,350,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-04-29 00:05:31 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010-04-29 00:05:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010-04-28 15:36:32 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-04-25 20:06:34 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sarah.job
[2010-04-25 18:59:56 | 000,001,907 | ---- | M] () -- C:\Users\Sarah\Desktop\My Riding Stables 2 - Life with Horses.lnk
[2010-04-25 03:01:46 | 000,368,128 | RHS- | M] () -- C:\Windows\System32\WINSPOOLC.dll
[2010-04-23 21:16:07 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-04-21 02:00:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-04-21 02:00:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-04-20 11:25:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\WolfQuest Survival of the Pack.lnk
[2010-04-14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010-04-14 12:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010-04-14 12:37:13 | 000,297,552 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010-04-14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-04-14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-04-14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-04-14 12:31:23 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-04-14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010-04-09 23:51:20 | 000,001,340 | ---- | M] () -- C:\Users\Sarah\Desktop\Perfect World.lnk
[2010-04-08 23:02:55 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010-03-30 21:59:01 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2010-04-29 17:20:46 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.2.regtrans-ms
[2010-04-29 17:20:45 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.1.regtrans-ms
[2010-04-29 17:20:45 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.0.regtrans-ms
[2010-04-29 17:20:45 | 000,065,536 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.blf
[2010-04-29 16:04:00 | 003,924,018 | ---- | C] () -- C:\Users\Sarah\Desktop\svchost.exe
[2010-04-29 00:05:31 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010-04-28 15:36:32 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-04-25 18:59:56 | 000,001,907 | ---- | C] () -- C:\Users\Sarah\Desktop\My Riding Stables 2 - Life with Horses.lnk
[2010-04-25 03:01:47 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\Ozsppt.job
[2010-04-25 03:01:46 | 000,368,128 | RHS- | C] () -- C:\Windows\System32\WINSPOOLC.dll
[2010-04-21 02:00:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010-04-21 02:00:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010-04-20 11:25:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\WolfQuest Survival of the Pack.lnk
[2010-04-09 23:51:20 | 000,001,340 | ---- | C] () -- C:\Users\Sarah\Desktop\Perfect World.lnk
[2010-04-08 23:03:03 | 000,000,474 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Sarah.job
[2010-04-08 23:02:55 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2009-01-10 22:11:53 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009-01-10 19:13:22 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008-12-05 09:36:37 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008-12-05 09:36:26 | 000,129,552 | ---- | C] () -- C:\Windows\System32\drivers\ahcix86s.sys
[2008-12-05 09:36:25 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008-12-05 08:41:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008-12-05 08:41:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008-12-05 08:01:04 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006-11-02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003-01-07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001-12-26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001-09-04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001-07-30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001-07-23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:F880DE59
< End of report >

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 29th April 2010, 10:21 pm

TL logfile created on: 2010-04-29 오후 6:12:29 - Run 2
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Sarah\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000412 | Country: Korea | Language: KOR | Date Format: yyyy-MM-dd

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.52 Gb Total Space | 5.34 Gb Free Space | 7.68% Space Free | Partition Type: NTFS
Drive D: | 69.52 Gb Total Space | 69.06 Gb Free Space | 99.34% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 249.72 Mb Total Space | 56.50 Mb Free Space | 22.62% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-04-29 18:11:48 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
PRC - [2010-04-06 14:49:36 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008-10-29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010-04-29 18:11:48 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
MOD - [2008-01-20 22:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (McNASvc)
SRV - [2010-04-14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010-04-14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010-04-14 12:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-11-22 21:30:57 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009-05-19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008-11-28 11:56:06 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008-04-25 22:36:20 | 000,045,056 | ---- | M] (NewTech InfoSystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
SRV - [2008-04-25 22:36:02 | 000,131,072 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
SRV - [2008-03-03 14:11:14 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Stopped] -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe -- (BUNAgentSvc)
SRV - [2008-01-20 22:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007-12-06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007-01-04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2010-04-14 12:37:13 | 000,297,552 | ---- | M] (ALWIL Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2010-04-14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010-04-14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010-04-14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010-04-14 12:31:23 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010-04-14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009-05-09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008-12-23 04:47:52 | 000,138,240 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-10-01 11:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008-08-06 22:40:40 | 000,129,552 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ahcix86s.sys -- (ahcix86s)
DRV - [2008-07-28 03:53:48 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008-07-04 02:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008-07-03 05:03:48 | 002,152,088 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008-04-28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008-02-21 23:50:48 | 000,198,064 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008-01-30 05:52:06 | 000,014,848 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008-01-30 05:51:50 | 000,013,824 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2008-01-23 07:18:28 | 001,187,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008-01-20 22:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008-01-20 22:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008-01-20 22:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008-01-20 22:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008-01-20 22:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008-01-20 22:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008-01-20 22:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008-01-20 22:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008-01-20 22:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008-01-20 22:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008-01-20 22:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008-01-20 22:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008-01-20 22:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008-01-20 22:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008-01-20 22:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008-01-20 22:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008-01-20 22:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008-01-20 22:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008-01-20 22:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008-01-20 22:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008-01-20 22:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008-01-20 22:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008-01-20 22:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008-01-20 22:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008-01-20 22:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007-04-17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006-11-02 09:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006-11-02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006-11-02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-04-07 18:30:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-04-06 14:49:38 | 000,000,000 | ---D | M]

[2009-01-15 15:48:28 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mozilla\Extensions
[2010-04-28 15:30:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions
[2009-07-08 15:36:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009-05-22 16:31:47 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009-05-22 16:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}-trash
[2010-03-25 23:44:59 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\mozilla\Firefox\Profiles\lapsbpge.default\extensions\radiobar@toolbar
[2010-04-29 18:11:00 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006-09-18 17:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5104.1546\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ToggleEN Toolbar) - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ToggleEN Toolbar) - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} - C:\Program Files\ToggleEN\tbTogg.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BkupTray] C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe ()
O4 - HKLM..\Run: [Blubster] C:\Program Files\Blubster\Blubster.exe File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [ares vista] C:\Program Files\Ares Vista\AresVista.exe (Ares Vista)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [NCsoft Launcher] C:\Program Files\NCSoft\Launcher\NCLauncher.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Orion.lnk = C:\Program Files\Convesoft\Orion\Messenger.exe (Convesoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\Pictures\Adi and I.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sarah\Pictures\Adi and I.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008-12-07 13:33:04 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{0cafa829-dfd6-11dd-8b5a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0cafa829-dfd6-11dd-8b5a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{1f991cfa-8759-11de-912f-001eecdc1bed}\Shell - "" = AutoRun
O33 - MountPoints2\{1f991cfa-8759-11de-912f-001eecdc1bed}\Shell\AutoRun\command - "" = F:\AUTOPLAY.EXE id=10000017000015000016 ver=1.0.0.0 -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\G:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010-04-29 18:11:46 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010-04-29 17:39:44 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\TFC.exe
[2010-04-29 16:40:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-04-29 16:36:12 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010-04-29 00:05:31 | 000,162,768 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-04-29 00:05:31 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010-04-29 00:05:28 | 000,297,552 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010-04-29 00:05:28 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-04-29 00:05:25 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-04-29 00:05:21 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-04-29 00:05:07 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010-04-29 00:05:07 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010-04-28 15:36:37 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Malwarebytes
[2010-04-28 15:36:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-04-28 15:35:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010-04-28 15:35:47 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-04-28 15:35:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-04-28 15:08:07 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\My Google Gadgets
[2010-04-27 20:34:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-04-25 19:06:48 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\DTP
[2010-04-25 18:58:53 | 000,000,000 | ---D | C] -- C:\Program Files\My Riding Stables 2 - Life with Horses
[2010-04-14 19:47:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010-04-14 14:45:38 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010-04-14 14:45:27 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010-04-14 14:45:26 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010-04-14 14:45:10 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010-04-08 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS
[2010-04-08 23:02:55 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010-04-08 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022
[2010-04-08 23:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010-04-08 23:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010-04-08 23:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010-04-08 23:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010-04-08 17:22:00 | 000,000,000 | ---D | C] -- C:\Netts
[2010-04-08 16:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010-04-07 15:17:53 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\assembly
[2010-04-07 15:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\NCSoft
[2010-04-06 21:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Tale of Tales
[2010-04-06 03:06:51 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010-04-06 03:06:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010-04-06 03:06:50 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010-04-06 03:06:50 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010-04-06 03:06:48 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010-04-06 03:06:48 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010-04-06 03:06:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010-04-06 03:06:47 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010-04-06 03:06:47 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010-04-06 03:06:47 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010-04-06 03:06:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010-04-06 03:06:46 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010-04-06 03:06:46 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010-04-06 03:06:45 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010-04-06 03:06:44 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010-04-06 03:06:44 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010-04-06 03:06:43 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010-04-06 03:06:43 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010-04-06 03:06:43 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010-04-06 03:06:43 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010-04-06 03:06:42 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010-04-06 03:06:41 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010-04-06 03:06:41 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010-04-06 03:06:41 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010-04-06 03:06:40 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010-04-06 03:06:39 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010-04-06 03:06:39 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010-04-06 03:06:33 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010-04-06 03:06:33 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010-04-06 03:06:33 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010-04-06 03:06:32 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010-04-06 03:06:31 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010-04-06 03:06:31 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010-04-06 03:06:30 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010-04-06 03:06:29 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010-04-06 03:06:29 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010-04-06 03:06:29 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010-04-06 03:06:28 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010-04-06 03:06:27 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010-04-06 03:06:26 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010-04-06 03:06:26 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010-04-06 03:06:26 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010-04-06 03:06:26 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010-04-06 03:06:25 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010-04-06 03:06:24 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010-04-06 03:06:23 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010-04-06 03:06:23 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010-04-06 03:06:22 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010-04-06 03:06:20 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010-04-06 03:06:20 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010-04-06 03:06:19 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010-04-06 03:06:19 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010-04-06 03:06:18 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010-04-06 03:06:18 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010-04-06 03:06:18 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010-04-06 03:06:18 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010-04-06 03:06:18 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010-04-06 03:06:17 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010-04-06 03:06:16 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010-04-06 03:06:16 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010-04-06 03:06:16 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010-04-06 03:06:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010-04-06 03:06:15 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010-04-06 03:04:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010-04-06 03:00:21 | 000,000,000 | ---D | C] -- C:\Impressive Title 0.5
[2008-12-05 09:39:27 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010-04-29 18:11:48 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010-04-29 18:06:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-04-29 18:02:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-04-29 18:02:41 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-04-29 18:02:37 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-04-29 18:02:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010-04-29 18:02:15 | 000,000,312 | -HS- | M] () -- C:\Windows\tasks\Ozsppt.job
[2010-04-29 18:02:13 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-04-29 18:00:24 | 003,145,728 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat
[2010-04-29 18:00:24 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417e-869e-11de-8979-001eecdc1bed}.TMContainer00000000000000000001.regtrans-ms
[2010-04-29 18:00:24 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417e-869e-11de-8979-001eecdc1bed}.TM.blf
[2010-04-29 17:39:47 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\TFC.exe
[2010-04-29 17:31:06 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-04-29 17:31:06 | 000,603,282 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-04-29 17:31:06 | 000,106,696 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-04-29 17:28:47 | 000,009,728 | ---- | M] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-04-29 17:26:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-04-29 17:20:46 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.2.regtrans-ms
[2010-04-29 17:20:45 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.1.regtrans-ms
[2010-04-29 17:20:45 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.0.regtrans-ms
[2010-04-29 17:20:45 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.blf
[2010-04-29 16:34:57 | 003,924,018 | ---- | M] () -- C:\Users\Sarah\Desktop\svchost.exe
[2010-04-29 06:48:11 | 000,350,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-04-29 00:05:31 | 000,001,844 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010-04-29 00:05:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010-04-28 15:36:32 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-04-25 20:06:34 | 000,000,474 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sarah.job
[2010-04-25 18:59:56 | 000,001,907 | ---- | M] () -- C:\Users\Sarah\Desktop\My Riding Stables 2 - Life with Horses.lnk
[2010-04-25 03:01:46 | 000,368,128 | RHS- | M] () -- C:\Windows\System32\WINSPOOLC.dll
[2010-04-23 21:16:07 | 000,002,377 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010-04-21 02:00:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-04-21 02:00:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-04-20 11:25:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\WolfQuest Survival of the Pack.lnk
[2010-04-14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010-04-14 12:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010-04-14 12:37:13 | 000,297,552 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2010-04-14 12:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010-04-14 12:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010-04-14 12:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010-04-14 12:31:23 | 000,051,792 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010-04-14 12:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010-04-09 23:51:20 | 000,001,340 | ---- | M] () -- C:\Users\Sarah\Desktop\Perfect World.lnk
[2010-04-08 23:02:55 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2010-03-30 21:59:01 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2010-04-29 17:20:46 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.2.regtrans-ms
[2010-04-29 17:20:45 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.1.regtrans-ms
[2010-04-29 17:20:45 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.0.regtrans-ms
[2010-04-29 17:20:45 | 000,065,536 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{c7a0417d-869e-11de-8979-001eecdc1bed}.TxR.blf
[2010-04-29 16:04:00 | 003,924,018 | ---- | C] () -- C:\Users\Sarah\Desktop\svchost.exe
[2010-04-29 00:05:31 | 000,001,844 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2010-04-28 15:36:32 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-04-25 18:59:56 | 000,001,907 | ---- | C] () -- C:\Users\Sarah\Desktop\My Riding Stables 2 - Life with Horses.lnk
[2010-04-25 03:01:47 | 000,000,312 | -HS- | C] () -- C:\Windows\tasks\Ozsppt.job
[2010-04-25 03:01:46 | 000,368,128 | RHS- | C] () -- C:\Windows\System32\WINSPOOLC.dll
[2010-04-21 02:00:48 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010-04-21 02:00:48 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010-04-20 11:25:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\WolfQuest Survival of the Pack.lnk
[2010-04-09 23:51:20 | 000,001,340 | ---- | C] () -- C:\Users\Sarah\Desktop\Perfect World.lnk
[2010-04-08 23:03:03 | 000,000,474 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Sarah.job
[2010-04-08 23:02:55 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini
[2009-01-10 22:11:53 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009-01-10 19:13:22 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008-12-05 09:36:37 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008-12-05 09:36:26 | 000,129,552 | ---- | C] () -- C:\Windows\System32\drivers\ahcix86s.sys
[2008-12-05 09:36:25 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008-12-05 08:41:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008-12-05 08:41:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008-12-05 08:01:04 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2006-11-02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003-01-07 16:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001-12-26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001-09-04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001-07-30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001-07-23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:AB689DEA
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:F880DE59
< End of report >

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 30th April 2010, 7:14 pm

Hello.
You posted OTL.txt twice. LMBO or ROFL I need to see Extras.txt if you have that log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 30th April 2010, 8:26 pm

I only get one log where would I find this second log, it only posts one notepad window which I now know is also the same notepad that is saved to desktop

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 30th April 2010, 11:50 pm

Hello.

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 1st May 2010, 12:17 am

I cant get my daughters computer to work on net off of safe mode and I cant download this in safe mode -.-

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 1st May 2010, 12:26 am

okay i have it on her computer, I downloaded it from memory stick onto it. I am in misc tools and i do not see a "Save List" Option

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 1st May 2010, 2:47 pm

Hello.
Did you follow my instructions to the letter?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 1st May 2010, 8:55 pm

cer Assist
Acer Crystal Eye Webcam
Acer Empowering Technology
Acer eRecovery Management
Acer Mobility Center Plug-In
Acer Registration
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ares 2.1.0
avast! Pro Antivirus
Bonjour
FINAL FANTASY XI
FINAL FANTASY XI: Chains of Promathia
FINAL FANTASY XI: Rise of the Zilart
FINAL FANTASY XI: Treasures of Aht Urhgan
FINAL FANTASY XI: Wings of the Goddess
Galapago
Google Desktop
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InterVideo WinDVD 8
iPod for Windows 2006-03-23
iTunes
Java(TM) 6 Update 13
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
MobileMe Control Panel
Mozilla Firefox (3.5.9)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Riding Stables 2 - Life with Horses
Norton Security Scan
NTI Backup Now 5
NTI Media Maker 8
Orion
PlayOnline Viewer & Tetra Master
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
Skype?4.0
Synaptics Pointing Device Driver
ToggleEN Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
WolfQuest
WriteItNow Novel Writing Software 4.0.2

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 2nd May 2010, 9:08 pm

Hello.

I see that you are running Ares.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ares 2.1.0
    Java(TM) 6 Update 13

Please download [You must be registered and logged in to see this link.] and install it. It will install over version 3.5.9 you currently have installed, so you won't lose any bookmarked websites.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 4th May 2010, 1:49 am

Okay we have done all the things you have asked us to do. My daughter sure didnt want to uninstall Ares though but I won ^^

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 4th May 2010, 10:38 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by AngelsElf on 5th May 2010, 1:09 pm

Below is the ONLY text log in the place you said it would be

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1

AngelsElf
Intermediate
Intermediate

Posts Posts : 101
Joined Joined : 2008-12-07
OS OS : Windows XP
Points Points : 30377
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Daughter's computer infected

Post by Belahzur on 5th May 2010, 6:46 pm

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum