Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web Search Redirect / Router Virus?


  • This topic is locked This topic is locked
27 replies to this topic

#1 lancmale

lancmale

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 20 August 2010 - 04:38 PM

Greetings ...

I noticed a few weeks ago that when I was doing homework for class that when I clicked on a link while doing search (via Yahoo, Google, Bing, etc) that a new page would opne up and would be the page I wanted ... some junk and some that look like real professional sites. I did some research on this topic and thought that it was a virus in my computer so I download AVG, Norton, Microsoft Security Essentials and some other programs and none of them could not find any Viruses or trojans in my computers. So I did some researh and couldnt find anything about it ... I then talked to my friend about it and he had jokingly said "maybe you have a virus in your router" ... not sure if it was possible but I researched it and of course didnt find anything to help me ... just for the heck of it I thought I would see if the same thing would happen on the internet browser on the PS3, sure enoough the same thing happened on the PS3 as it does on the laptop and desktop.

So I decide to do a hard reset on the wireless router. Since I did that, none of the computers are able to serach for any networks. Though I can find it on my iphone ... I can change the name and also secure the wireless router, but as soon as it gets secure it basically just disappears and my iphone cant find it ... I am using a WRT54G, two different verisons (the same thing happens to both). I then tried to access the wireless router from my XBOX 360 slim, I am able to access the router but not get on the internet from the router. I was looking at the IP address when I notice that it wasnt even close to what My IP address has been ... I then checked the details on the conection of the router via my iphone and saw basically the same thing. I live in Lancaster, PA and the IP addresses were coming out of the Bronx in NY (169.254.113.58 and 169.254.127.153).

I have tried anything and everything I can think of to try and fix this problem, but of course I have failed because I am here asking for help!! I think I got out everything that has happened or I have done, if I remember something I will be sure to post here.

Thanks for the help, really ppreciate it!!
Puck

Attached Files



BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:04 AM

Posted 26 August 2010 - 09:28 PM

Hi lancmale,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 3 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 lancmale

lancmale
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 29 August 2010 - 04:29 AM

Thanks mpascal!! Hopefully I did everything you asked me to correctly


OTL Report

OTL logfile created on: 8/29/2010 5:13:11 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Sarah\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 40.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.03 Gb Total Space | 4.31 Gb Free Space | 3.12% Space Free | Partition Type: NTFS
Drive D: | 11.02 Gb Total Space | 1.24 Gb Free Space | 11.22% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 124.35 Mb Total Space | 124.23 Mb Free Space | 99.90% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSErHrvtx) -- C:\Windows\System32\Drivers\AVGIDSvx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDrivervtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFiltervtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimvtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (HSXHWBS3) -- C:\Windows\System32\drivers\HSXHWBS3.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\WMP54GSx86.sys (Broadcom Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.selectedengine: "Yahoo! Search"
FF - prefs.js..browser.search.usedbfororder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com//?fr=fp-tyc8"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 08:38:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/13 18:16:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/17 00:38:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/08/17 08:47:17 | 000,000,000 | ---D | M]

[2009/02/07 14:51:11 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla\Extensions
[2010/08/01 13:33:22 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x7zrux5q.default\extensions
[2009/11/09 03:37:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x7zrux5q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/01 01:19:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x7zrux5q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/14 18:53:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x7zrux5q.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/07/14 18:54:01 | 000,000,321 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x7zrux5q.default\searchplugins\aim-search.xml
[2010/08/02 00:07:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/02 00:07:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/02 00:06:00 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

Hosts file not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\cf - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\Pictures\2010-06-23\122.JPG
O24 - Desktop BackupWallPaper: C:\Users\Sarah\Pictures\2010-06-23\122.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/25 09:12:57 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/08/29 05:11:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010/08/29 03:20:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/29 03:20:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/29 03:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/29 03:19:18 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sarah\Desktop\mbam-setup.exe
[2010/08/28 20:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2010/08/22 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\saummbpem
[2010/08/20 03:35:46 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\gmer
[2010/08/17 08:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/08/17 00:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/08/17 00:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/08/16 19:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/15 23:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/14 02:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2010/08/13 18:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/08/02 02:48:43 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\uTorrent
[2010/08/02 00:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/02 00:07:04 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/08/02 00:07:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/02 00:07:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/02 00:07:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/01 00:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2008/11/30 19:53:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sarah\AppData\Roaming\pcouffin.sys
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[12 C:\Users\Sarah\Documents\*.tmp files -> C:\Users\Sarah\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/29 05:17:17 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/29 05:15:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{347C16ED-58A3-4D85-A75F-EF1BFF64685A}.job
[2010/08/29 05:13:15 | 003,145,728 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat
[2010/08/29 05:11:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010/08/29 04:32:41 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3069609433-1055128507-2126640712-1000UA.job
[2010/08/29 04:28:53 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/29 04:28:53 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/29 04:28:53 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/29 04:23:40 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 04:23:39 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/29 04:23:36 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/29 04:23:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/29 04:23:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/29 04:23:23 | 282,041,607 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/29 03:38:59 | 000,340,141 | ---- | M] () -- C:\Users\Sarah\Desktop\Web Search Redirect - Router Virus.mht
[2010/08/29 03:24:13 | 000,293,376 | ---- | M] () -- C:\Users\Sarah\Desktop\mxl107mx.exe
[2010/08/29 03:20:09 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/29 03:19:30 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sarah\Desktop\mbam-setup.exe
[2010/08/29 03:16:20 | 000,082,432 | ---- | M] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/29 03:13:06 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{bd02e0f1-c915-11de-b83c-002215f4a496}.TMContainer00000000000000000001.regtrans-ms
[2010/08/29 03:13:06 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{bd02e0f1-c915-11de-b83c-002215f4a496}.TM.blf
[2010/08/29 03:12:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/29 03:11:00 | 001,957,962 | -H-- | M] () -- C:\Users\Sarah\AppData\Local\IconCache.db
[2010/08/29 03:09:11 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\mbam-setup.exe
[2010/08/29 03:06:22 | 000,002,265 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2010/08/28 20:26:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3069609433-1055128507-2126640712-1000Core.job
[2010/08/28 20:09:36 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2010/08/28 18:22:14 | 000,049,152 | ---- | M] () -- C:\Users\Sarah\Documents\LT+Charter+criminal+court+system.doc
[2010/08/28 18:13:20 | 000,043,520 | ---- | M] () -- C:\Users\Sarah\Documents\CAM Movies and DVD Quality Movie.doc
[2010/08/28 12:25:16 | 1470,408,704 | ---- | M] () -- C:\Users\Sarah\Desktop\The Expendables.avi
[2010/08/28 07:26:27 | 064,032,736 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/28 06:05:09 | 737,501,184 | ---- | M] () -- C:\Users\Sarah\Desktop\MacGruber.avi
[2010/08/28 05:50:37 | 1605,715,968 | ---- | M] () -- C:\Users\Sarah\Desktop\Grown Ups.avi
[2010/08/28 02:03:24 | 823,987,970 | ---- | M] () -- C:\Users\Sarah\Desktop\The Other Guys.avi
[2010/08/28 01:23:05 | 000,002,545 | ---- | M] () -- C:\Users\Sarah\Desktop\Microsoft Word.lnk
[2010/08/27 19:26:39 | 000,616,965 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/08/27 14:15:53 | 853,557,249 | ---- | M] () -- C:\Users\Sarah\Desktop\Piranha.avi
[2010/08/24 22:08:27 | 734,967,808 | ---- | M] () -- C:\Users\Sarah\Desktop\Black Death.avi
[2010/08/23 23:32:03 | 000,002,483 | ---- | M] () -- C:\Users\Sarah\Desktop\HiJackThis.lnk
[2010/08/23 19:19:45 | 000,001,165 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\vso_ts_preview.xml
[2010/08/23 18:47:19 | 734,955,520 | ---- | M] () -- C:\Users\Sarah\Desktop\The Switch.avi
[2010/08/23 00:40:02 | 734,307,576 | ---- | M] () -- C:\Users\Sarah\Desktop\Shoot The Hero.avi
[2010/08/22 16:55:34 | 654,925,916 | ---- | M] () -- C:\Users\Sarah\Desktop\Scott Pilgrim Against The World.avi
[2010/08/22 03:31:40 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Documents\~$M Movies and DVD Quality Movies.doc
[2010/08/20 23:31:24 | 731,723,776 | ---- | M] () -- C:\Users\Sarah\Desktop\Know Thy Enemy.avi
[2010/08/20 18:03:33 | 001,682,775 | ---- | M] () -- C:\Users\Sarah\Desktop\Guide Me.mht
[2010/08/20 03:35:05 | 000,284,915 | ---- | M] () -- C:\Users\Sarah\Desktop\gmer.zip
[2010/08/20 03:28:23 | 000,525,824 | ---- | M] () -- C:\Users\Sarah\Desktop\dds.scr
[2010/08/20 03:26:48 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2010/08/20 03:25:51 | 000,050,477 | ---- | M] () -- C:\Users\Sarah\Desktop\Defogger.exe
[2010/08/20 00:10:42 | 732,305,408 | ---- | M] () -- C:\Users\Sarah\Desktop\Why Did I Get Married Too.avi
[2010/08/19 18:25:45 | 733,736,960 | ---- | M] () -- C:\Users\Sarah\Desktop\My Own Love Song.avi
[2010/08/19 04:28:35 | 1466,246,564 | ---- | M] () -- C:\Users\Sarah\Desktop\The Experiment.avi
[2010/08/17 23:21:28 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/08/17 17:35:51 | 000,033,280 | ---- | M] () -- C:\Users\Sarah\Documents\DVD Quality Movies.doc
[2010/08/17 00:47:03 | 000,077,680 | ---- | M] () -- C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/17 00:46:52 | 000,316,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/16 19:03:48 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/16 09:07:17 | 735,150,080 | ---- | M] () -- C:\Users\Sarah\Desktop\Teenage Mutant Ninja Turtles - Turtles Forever.avi
[2010/08/15 20:53:20 | 1477,784,870 | ---- | M] () -- C:\Users\Sarah\Desktop\Prince Of Persia - The Sands Of Time.avi
[2010/08/15 14:00:52 | 735,606,784 | ---- | M] () -- C:\Users\Sarah\Desktop\5 Dollars A Day.avi
[2010/08/15 06:50:05 | 1475,728,174 | ---- | M] () -- C:\Users\Sarah\Desktop\Step Up 3.avi
[2010/08/14 11:32:43 | 731,150,177 | ---- | M] () -- C:\Users\Sarah\Desktop\Killers.avi
[2010/08/14 02:57:44 | 001,335,980 | ---- | M] () -- C:\Users\Sarah\Documents\UnEncrypted.pdf
[2010/08/14 02:40:38 | 000,000,926 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/13 18:33:10 | 000,002,265 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/11 01:45:37 | 733,498,052 | ---- | M] () -- C:\Users\Sarah\Desktop\Paperman.avi
[2010/08/10 23:33:38 | 000,342,016 | ---- | M] () -- C:\Users\Sarah\Documents\NFL.com Private Football League.doc
[2010/08/10 17:30:35 | 735,219,712 | ---- | M] () -- C:\Users\Sarah\Desktop\Just Wright.avi
[2010/08/10 15:24:44 | 733,517,824 | ---- | M] () -- C:\Users\Sarah\Desktop\Centurion.avi
[2010/08/10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/08/10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/08/09 05:22:33 | 1558,806,528 | ---- | M] () -- C:\Users\Sarah\Desktop\Solitary Man.avi
[2010/08/08 01:34:17 | 1353,345,444 | ---- | M] () -- C:\Users\Sarah\Desktop\Cats And Dogs - The Revenge Of Kitty Galore.avi
[2010/08/04 14:08:52 | 000,000,726 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 7.lnk
[2010/08/04 14:08:52 | 000,000,702 | ---- | M] () -- C:\Users\Sarah\Desktop\DVDFab 7.lnk
[2010/08/03 00:29:08 | 732,442,625 | ---- | M] () -- C:\Users\Sarah\Desktop\Knight And Day.avi
[2010/08/02 00:06:00 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/08/02 00:06:00 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/08/02 00:06:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/08/02 00:06:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/08/01 23:30:01 | 000,009,760 | ---- | M] () -- C:\Users\Sarah\Documents\kaspersky scan report.html
[2010/08/01 03:37:24 | 1472,757,760 | ---- | M] () -- C:\Users\Sarah\Desktop\Inception.avi
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[12 C:\Users\Sarah\Documents\*.tmp files -> C:\Users\Sarah\Documents\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/29 03:38:54 | 000,340,141 | ---- | C] () -- C:\Users\Sarah\Desktop\Web Search Redirect - Router Virus.mht
[2010/08/29 03:24:01 | 000,293,376 | ---- | C] () -- C:\Users\Sarah\Desktop\mxl107mx.exe
[2010/08/29 03:20:09 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/29 03:09:11 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\mbam-setup.exe
[2010/08/28 20:09:36 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2010/08/28 18:22:14 | 000,049,152 | ---- | C] () -- C:\Users\Sarah\Documents\LT+Charter+criminal+court+system.doc
[2010/08/28 11:53:10 | 1470,408,704 | ---- | C] () -- C:\Users\Sarah\Desktop\The Expendables.avi
[2010/08/28 05:47:40 | 1605,715,968 | ---- | C] () -- C:\Users\Sarah\Desktop\Grown Ups.avi
[2010/08/28 02:02:08 | 823,987,970 | ---- | C] () -- C:\Users\Sarah\Desktop\The Other Guys.avi
[2010/08/27 14:14:14 | 853,557,249 | ---- | C] () -- C:\Users\Sarah\Desktop\Piranha.avi
[2010/08/26 02:00:18 | 000,043,520 | ---- | C] () -- C:\Users\Sarah\Documents\CAM Movies and DVD Quality Movie.doc
[2010/08/24 22:07:13 | 734,967,808 | ---- | C] () -- C:\Users\Sarah\Desktop\Black Death.avi
[2010/08/23 18:45:37 | 734,955,520 | ---- | C] () -- C:\Users\Sarah\Desktop\The Switch.avi
[2010/08/23 00:38:37 | 734,307,576 | ---- | C] () -- C:\Users\Sarah\Desktop\Shoot The Hero.avi
[2010/08/22 16:54:48 | 654,925,916 | ---- | C] () -- C:\Users\Sarah\Desktop\Scott Pilgrim Against The World.avi
[2010/08/22 03:31:40 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Documents\~$M Movies and DVD Quality Movies.doc
[2010/08/20 23:26:02 | 731,723,776 | ---- | C] () -- C:\Users\Sarah\Desktop\Know Thy Enemy.avi
[2010/08/20 18:03:33 | 001,682,775 | ---- | C] () -- C:\Users\Sarah\Desktop\Guide Me.mht
[2010/08/20 03:35:00 | 000,284,915 | ---- | C] () -- C:\Users\Sarah\Desktop\gmer.zip
[2010/08/20 03:27:49 | 000,525,824 | ---- | C] () -- C:\Users\Sarah\Desktop\dds.scr
[2010/08/20 03:26:48 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2010/08/20 03:25:44 | 000,050,477 | ---- | C] () -- C:\Users\Sarah\Desktop\Defogger.exe
[2010/08/19 23:05:16 | 732,305,408 | ---- | C] () -- C:\Users\Sarah\Desktop\Why Did I Get Married Too.avi
[2010/08/19 16:52:18 | 733,736,960 | ---- | C] () -- C:\Users\Sarah\Desktop\My Own Love Song.avi
[2010/08/19 02:08:26 | 1466,246,564 | ---- | C] () -- C:\Users\Sarah\Desktop\The Experiment.avi
[2010/08/17 23:20:41 | 000,196,608 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2010/08/16 19:03:48 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/16 08:02:21 | 735,150,080 | ---- | C] () -- C:\Users\Sarah\Desktop\Teenage Mutant Ninja Turtles - Turtles Forever.avi
[2010/08/15 16:49:47 | 1477,784,870 | ---- | C] () -- C:\Users\Sarah\Desktop\Prince Of Persia - The Sands Of Time.avi
[2010/08/15 12:25:01 | 735,606,784 | ---- | C] () -- C:\Users\Sarah\Desktop\5 Dollars A Day.avi
[2010/08/15 04:31:13 | 1475,728,174 | ---- | C] () -- C:\Users\Sarah\Desktop\Step Up 3.avi
[2010/08/14 10:26:48 | 731,150,177 | ---- | C] () -- C:\Users\Sarah\Desktop\Killers.avi
[2010/08/14 02:57:43 | 001,335,980 | ---- | C] () -- C:\Users\Sarah\Documents\UnEncrypted.pdf
[2010/08/14 02:40:38 | 000,000,926 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/11 00:35:07 | 733,498,052 | ---- | C] () -- C:\Users\Sarah\Desktop\Paperman.avi
[2010/08/10 23:33:37 | 000,342,016 | ---- | C] () -- C:\Users\Sarah\Documents\NFL.com Private Football League.doc
[2010/08/10 16:25:36 | 735,219,712 | ---- | C] () -- C:\Users\Sarah\Desktop\Just Wright.avi
[2010/08/10 13:32:24 | 733,517,824 | ---- | C] () -- C:\Users\Sarah\Desktop\Centurion.avi
[2010/08/09 18:17:19 | 1558,806,528 | ---- | C] () -- C:\Users\Sarah\Desktop\Solitary Man.avi
[2010/08/07 23:31:28 | 1353,345,444 | ---- | C] () -- C:\Users\Sarah\Desktop\Cats And Dogs - The Revenge Of Kitty Galore.avi
[2010/08/04 18:37:12 | 732,442,625 | ---- | C] () -- C:\Users\Sarah\Desktop\Knight And Day.avi
[2010/08/04 14:08:52 | 000,000,726 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 7.lnk
[2010/08/04 14:08:52 | 000,000,702 | ---- | C] () -- C:\Users\Sarah\Desktop\DVDFab 7.lnk
[2010/08/04 13:57:32 | 000,002,265 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2010/08/01 23:30:01 | 000,009,760 | ---- | C] () -- C:\Users\Sarah\Documents\kaspersky scan report.html
[2010/07/30 23:14:46 | 1472,757,760 | ---- | C] () -- C:\Users\Sarah\Desktop\Inception.avi
[2010/06/04 02:52:30 | 000,001,698 | ---- | C] () -- C:\Users\Sarah\AppData\Local\Upakeyudafawinaq.dat
[2010/06/04 02:52:30 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Local\Twigogujaged.bin
[2010/06/04 02:41:07 | 000,000,012 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\gklupx.dat
[2009/11/02 04:07:16 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat
[2009/11/02 02:41:06 | 000,000,031 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/09/24 03:18:36 | 000,034,308 | ---- | C] () -- C:\ProgramData\mazuki.dll
[2009/09/18 07:19:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/01/31 23:03:43 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/01/31 23:03:43 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/01/31 23:03:43 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/01/31 23:03:43 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/01/31 17:04:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/01/31 17:02:51 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2009/01/22 05:17:09 | 000,001,165 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\vso_ts_preview.xml
[2009/01/20 20:19:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/02 11:15:09 | 000,000,187 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\default.rss
[2008/11/30 22:54:31 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/11/30 22:11:09 | 000,001,356 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2008/11/30 20:24:43 | 000,082,432 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/30 19:53:30 | 000,000,034 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.log
[2008/11/30 19:53:21 | 000,087,608 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\inst.exe
[2008/11/30 19:53:21 | 000,007,887 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.cat
[2008/11/30 19:53:21 | 000,001,144 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.inf
[2008/08/25 09:13:58 | 000,000,349 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/08/25 08:46:22 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/08/25 08:46:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/12/07 20:18:47 | 000,000,865 | ---- | M] () -- C:\A2Output2.xml
[2008/12/07 20:18:47 | 000,000,865 | ---- | M] () -- C:\A2Output6.xml
[2008/08/25 09:12:57 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2010/01/21 04:57:18 | 000,027,686 | ---- | M] () -- C:\avi_log.txt
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/08/25 09:27:44 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/01/29 09:45:48 | 000,000,080 | ---- | M] () -- C:\FilterLog.log
[2008/12/31 11:10:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/27 11:15:37 | 000,001,102 | -H-- | M] () -- C:\IPH.PH
[2008/12/02 13:34:04 | 000,001,355 | ---- | M] () -- C:\MP4debug.log
[2008/12/31 11:10:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/29 04:23:23 | 2325,487,616 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 08:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/05/04 02:58:15 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/20 22:32:37 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:57:01 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 23:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 23:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 23:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoUpdate" = 0

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-15 00:40:54

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Sarah\Documents\123442.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Sarah\Documents\121455.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Sarah\Documents\033030.avi:TOC.WMV
< End of report >

Attached Files



#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:04 AM

Posted 29 August 2010 - 12:05 PM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 lancmale

lancmale
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 29 August 2010 - 08:05 PM

Here it is

ComboFix 10-08-28.02 - Sarah 08/29/2010 18:23:21.3.2 - x86
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.1918.1127 [GMT -4:00]
Running from: c:\users\Sarah\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-29 22:34 . 2010-08-29 22:35 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2010-08-29 22:34 . 2010-08-29 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-29 18:10 . 2010-08-29 18:10 -------- d-----w- c:\users\Sarah\AppData\Local\ESET
2010-08-29 07:20 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 07:20 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 07:20 . 2010-08-29 07:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 00:07 . 2010-08-29 00:07 -------- d-----w- c:\program files\Verizon
2010-08-22 14:42 . 2010-08-24 16:38 -------- d-----w- c:\users\Sarah\AppData\Local\saummbpem
2010-08-22 14:41 . 2010-08-22 14:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ESET
2010-08-17 04:51 . 2010-08-17 04:51 -------- d-----w- c:\programdata\Symantec
2010-08-17 04:51 . 2010-08-17 04:51 -------- d-----w- c:\programdata\NortonInstaller
2010-08-16 23:03 . 2010-08-16 23:04 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-16 03:51 . 2010-08-17 12:47 -------- d-----w- c:\program files\ESET
2010-08-14 06:46 . 2010-08-17 04:52 -------- d-----w- c:\program files\ElcomSoft
2010-08-14 04:39 . 2010-08-14 04:39 27591840 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-13 22:15 . 2010-08-13 22:16 -------- d-----w- c:\program files\QuickTime
2010-08-04 12:12 . 2010-08-04 12:12 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-02 06:48 . 2010-08-20 00:37 -------- d-----w- c:\users\Sarah\AppData\Roaming\uTorrent
2010-08-02 04:07 . 2010-08-02 04:07 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 04:07 . 2010-08-02 04:06 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-01 04:14 . 2010-08-01 05:01 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-01 04:07 . 2010-08-11 21:32 -------- d-----w- c:\programdata\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 22:02 . 2009-05-28 09:08 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-23 23:19 . 2008-11-30 23:53 -------- d-----w- c:\users\Sarah\AppData\Roaming\Vso
2010-08-17 05:00 . 2010-07-25 07:25 -------- d-----w- c:\programdata\Norton
2010-08-17 04:47 . 2008-11-30 23:10 77680 ----a-w- c:\users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-17 04:41 . 2008-11-30 23:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-13 20:55 . 2008-12-15 14:52 -------- d-----w- c:\users\Sarah\AppData\Roaming\Yahoo!
2010-08-13 11:40 . 2008-11-30 23:44 -------- d-----w- c:\program files\uTorrent
2010-08-04 18:09 . 2010-07-16 05:17 -------- d-----w- c:\program files\DVDFab 7
2010-08-04 12:16 . 2008-12-03 19:54 -------- d-----w- c:\program files\Safari
2010-08-02 03:36 . 2008-08-25 13:15 -------- d-----w- c:\program files\Java
2010-08-02 03:36 . 2010-08-02 03:36 0 ----a-w- c:\windows\system32\REN9BDD.tmp
2010-08-02 03:36 . 2010-08-02 03:36 0 ----a-w- c:\windows\system32\REN9BDC.tmp
2010-08-02 03:36 . 2010-08-02 03:36 0 ----a-w- c:\windows\system32\REN9BDB.tmp
2010-08-01 15:16 . 2009-01-22 16:04 -------- d-----w- c:\program files\DivX
2010-08-01 05:18 . 2009-08-05 22:07 -------- d-----w- c:\programdata\Yahoo! Companion
2010-08-01 05:01 . 2009-01-22 16:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-01 04:14 . 2009-01-22 16:56 -------- d-----w- c:\users\Sarah\AppData\Roaming\DivX
2010-07-29 17:31 . 2010-07-29 17:31 96920 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-07-29 17:31 . 2010-07-29 17:31 136632 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-07-29 17:31 . 2010-07-29 17:31 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-07-26 05:24 . 2010-07-26 05:24 -------- d-----w- c:\users\Sarah\AppData\Roaming\NeroDigital™
2010-07-26 04:33 . 2009-11-01 07:13 -------- d-----w- c:\users\Sarah\AppData\Roaming\Nero
2010-07-26 04:31 . 2008-12-01 02:27 -------- d-----w- c:\programdata\Nero
2010-07-26 04:31 . 2008-12-01 02:28 -------- d-----w- c:\program files\Nero
2010-07-26 04:21 . 2009-11-01 06:15 -------- d-----w- c:\program files\Common Files\Nero
2010-07-26 03:16 . 2008-08-25 13:09 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-07-26 03:16 . 2010-06-26 07:05 -------- d-----w- c:\program files\Microsoft.NET
2010-07-21 12:59 . 2010-07-21 12:58 -------- d-----w- c:\program files\iTunes
2010-07-21 12:58 . 2010-07-21 12:58 -------- d-----w- c:\program files\iPod
2010-07-21 12:58 . 2008-12-03 19:53 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 12:46 . 2010-07-21 12:46 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-15 02:23 . 2010-07-15 02:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 02:23 . 2010-07-15 02:23 25168 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-07-15 02:23 . 2010-07-15 02:23 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-07-15 02:23 . 2010-07-15 02:23 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 02:22 . 2010-07-15 02:22 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 02:22 . 2010-07-15 02:22 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-15 02:19 . 2010-07-15 02:19 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-07-15 02:18 . 2009-11-04 05:53 -------- d-----w- c:\programdata\avg9
2010-07-15 00:33 . 2010-07-15 00:33 -------- d-----w- c:\program files\Common Files\Windows Live
2010-07-14 23:39 . 2009-11-29 16:52 -------- d-----w- c:\program files\Google
2010-07-14 23:39 . 2010-07-14 05:23 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-07-14 23:39 . 2010-04-07 16:20 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-14 23:39 . 2010-05-04 08:28 -------- d-----w- c:\program files\Trend Micro
2010-07-14 23:39 . 2010-06-08 03:20 -------- d-----w- c:\users\Sarah\AppData\Roaming\Xilisoft
2010-07-14 23:19 . 2010-07-14 23:19 -------- d-----w- c:\program files\Safari(79)
2010-07-14 19:25 . 2008-08-25 13:30 -------- d-----w- c:\program files\Yahoo!
2010-07-14 06:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-04 23:11 . 2008-12-01 02:11 1356 ----a-w- c:\users\Sarah\AppData\Local\d3d9caps.dat
2010-07-03 20:01 . 2010-07-03 20:01 -------- d-----w- c:\program files\Siber Systems
2010-06-13 06:30 . 2010-06-04 06:52 1698 ----a-w- c:\users\Sarah\AppData\Local\Upakeyudafawinaq.dat
2010-06-13 06:30 . 2010-06-04 06:52 0 ----a-w- c:\users\Sarah\AppData\Local\Twigogujaged.bin
2010-06-09 12:01 . 2010-06-09 12:01 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-04 06:41 . 2010-06-04 06:41 12 ----a-w- c:\users\Sarah\AppData\Roaming\gklupx.dat
2008-12-08 02:14 . 2008-12-08 02:14 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-08-25 13:36 . 2008-08-25 13:34 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:79,24,7b,c6,69,5c,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 135664]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-07-15 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-07-15 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-15 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-15 243024]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-07-15 2331032]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-07-15 122448]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-07-15 30288]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-07-15 27216]
S3 HSXHWBS3;HSXHWBS3;c:\windows\system32\DRIVERS\HSXHWBS3.sys [2008-02-12 207360]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 16:52]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 16:52]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3069609433-1055128507-2126640712-1000Core.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 16:52]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3069609433-1055128507-2126640712-1000UA.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 16:52]

2010-08-29 c:\windows\Tasks\User_Feed_Synchronization-{347C16ED-58A3-4D85-A75F-EF1BFF64685A}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x7zrux5q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.search.selectedengine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com//?fr=fp-tyc8
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Sarah\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Sarah\AppData\Local\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 18:35
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3069609433-1055128507-2126640712-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*V*I*D*-*P*r*i*s*M*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-29 18:39:55
ComboFix-quarantined-files.txt 2010-08-29 22:39

Pre-Run: 7,754,936,320 bytes free
Post-Run: 7,577,817,088 bytes free

- - End Of File - - FB9F36F7AB0D5066C101377B74B015E1

Attached Files


Edited by mpascal, 29 August 2010 - 09:05 PM.
opened up log


#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:04 AM

Posted 29 August 2010 - 09:12 PM

Hi there,

Close any open browsers, and close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Open notepad and copy/paste the text in the codebox below into it:

CODE
Folder::
c:\users\Sarah\AppData\Local\saummbpem

File::
c:\windows\system32\REN9BDD.tmp
c:\windows\system32\REN9BDC.tmp
c:\windows\system32\REN9BDB.tmp
c:\users\Sarah\AppData\Local\Upakeyudafawinaq.dat
c:\users\Sarah\AppData\Local\Twigogujaged.bin
  • Save this as CFScript.txt, in the same location as ComboFix.exe


Refering to the picture above, drag CFScript into ComboFix.exe.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 lancmale

lancmale
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 31 August 2010 - 09:10 AM

ok, lets see if this works

ComboFix 10-08-30.02 - Sarah 08/31/2010 3:51.4.2 - x86
Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6002.2.1252.1.1033.18.1918.1048 [GMT -4:00]
Running from: c:\users\Sarah\Desktop\ComboFix.exe
Command switches used :: c:\users\Sarah\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\Sarah\AppData\Local\Twigogujaged.bin"
"c:\users\Sarah\AppData\Local\Upakeyudafawinaq.dat"
"c:\windows\system32\REN9BDB.tmp"
"c:\windows\system32\REN9BDC.tmp"
"c:\windows\system32\REN9BDD.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Sarah\AppData\Local\saummbpem
c:\users\Sarah\AppData\Local\Twigogujaged.bin
c:\users\Sarah\AppData\Local\Upakeyudafawinaq.dat
c:\windows\system32\REN9BDB.tmp
c:\windows\system32\REN9BDC.tmp
c:\windows\system32\REN9BDD.tmp

.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-31 )))))))))))))))))))))))))))))))
.

2010-08-31 08:02 . 2010-08-31 08:02 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2010-08-31 08:02 . 2010-08-31 08:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-31 08:02 . 2010-08-31 08:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-29 22:39 . 2010-08-31 08:03 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2010-08-29 18:10 . 2010-08-29 18:10 -------- d-----w- c:\users\Sarah\AppData\Local\ESET
2010-08-29 07:20 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-29 07:20 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-29 07:20 . 2010-08-29 07:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-29 00:07 . 2010-08-29 00:07 -------- d-----w- c:\program files\Verizon
2010-08-22 14:41 . 2010-08-22 14:41 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\ESET
2010-08-17 04:51 . 2010-08-17 04:51 -------- d-----w- c:\programdata\Symantec
2010-08-17 04:51 . 2010-08-17 04:51 -------- d-----w- c:\programdata\NortonInstaller
2010-08-16 23:03 . 2010-08-16 23:04 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-16 03:51 . 2010-08-17 12:47 -------- d-----w- c:\program files\ESET
2010-08-14 06:46 . 2010-08-17 04:52 -------- d-----w- c:\program files\ElcomSoft
2010-08-14 04:39 . 2010-08-14 04:39 27591840 ----a-w- c:\programdata\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-13 22:15 . 2010-08-13 22:16 -------- d-----w- c:\program files\QuickTime
2010-08-04 12:12 . 2010-08-04 12:12 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-08-02 06:48 . 2010-08-20 00:37 -------- d-----w- c:\users\Sarah\AppData\Roaming\uTorrent
2010-08-02 04:07 . 2010-08-02 04:07 -------- d-----w- c:\program files\Common Files\Java
2010-08-02 04:07 . 2010-08-02 04:06 423656 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 03:20 . 2009-05-28 09:08 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-23 23:19 . 2008-11-30 23:53 -------- d-----w- c:\users\Sarah\AppData\Roaming\Vso
2010-08-17 05:00 . 2010-07-25 07:25 -------- d-----w- c:\programdata\Norton
2010-08-17 04:47 . 2008-11-30 23:10 77680 ----a-w- c:\users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-17 04:41 . 2008-11-30 23:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-13 20:55 . 2008-12-15 14:52 -------- d-----w- c:\users\Sarah\AppData\Roaming\Yahoo!
2010-08-13 11:40 . 2008-11-30 23:44 -------- d-----w- c:\program files\uTorrent
2010-08-11 21:32 . 2010-08-01 04:07 -------- d-----w- c:\programdata\DivX
2010-08-04 18:09 . 2010-07-16 05:17 -------- d-----w- c:\program files\DVDFab 7
2010-08-04 12:16 . 2008-12-03 19:54 -------- d-----w- c:\program files\Safari
2010-08-02 03:36 . 2008-08-25 13:15 -------- d-----w- c:\program files\Java
2010-08-01 15:16 . 2009-01-22 16:04 -------- d-----w- c:\program files\DivX
2010-08-01 05:18 . 2009-08-05 22:07 -------- d-----w- c:\programdata\Yahoo! Companion
2010-08-01 05:01 . 2010-08-01 04:14 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-01 05:01 . 2009-01-22 16:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-08-01 04:14 . 2009-01-22 16:56 -------- d-----w- c:\users\Sarah\AppData\Roaming\DivX
2010-07-29 17:31 . 2010-07-29 17:31 96920 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-07-29 17:31 . 2010-07-29 17:31 136632 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-07-29 17:31 . 2010-07-29 17:31 115008 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-07-26 05:24 . 2010-07-26 05:24 -------- d-----w- c:\users\Sarah\AppData\Roaming\NeroDigital™
2010-07-26 04:33 . 2009-11-01 07:13 -------- d-----w- c:\users\Sarah\AppData\Roaming\Nero
2010-07-26 04:31 . 2008-12-01 02:27 -------- d-----w- c:\programdata\Nero
2010-07-26 04:31 . 2008-12-01 02:28 -------- d-----w- c:\program files\Nero
2010-07-26 04:21 . 2009-11-01 06:15 -------- d-----w- c:\program files\Common Files\Nero
2010-07-26 03:16 . 2008-08-25 13:09 -------- d---a-w- c:\program files\Common Files\LightScribe
2010-07-26 03:16 . 2010-06-26 07:05 -------- d-----w- c:\program files\Microsoft.NET
2010-07-21 12:59 . 2010-07-21 12:58 -------- d-----w- c:\program files\iTunes
2010-07-21 12:58 . 2010-07-21 12:58 -------- d-----w- c:\program files\iPod
2010-07-21 12:58 . 2008-12-03 19:53 -------- d-----w- c:\program files\Common Files\Apple
2010-07-21 12:46 . 2010-07-21 12:46 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe
2010-07-15 02:23 . 2010-07-15 02:23 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 02:23 . 2010-07-15 02:23 25168 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-07-15 02:23 . 2010-07-15 02:23 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-07-15 02:23 . 2010-07-15 02:23 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 02:22 . 2010-07-15 02:22 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-15 02:22 . 2010-07-15 02:22 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-07-15 02:19 . 2010-07-15 02:19 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-07-15 02:18 . 2009-11-04 05:53 -------- d-----w- c:\programdata\avg9
2010-07-15 00:33 . 2010-07-15 00:33 -------- d-----w- c:\program files\Common Files\Windows Live
2010-07-14 23:39 . 2009-11-29 16:52 -------- d-----w- c:\program files\Google
2010-07-14 23:39 . 2010-07-14 05:23 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-07-14 23:39 . 2010-04-07 16:20 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-14 23:39 . 2010-05-04 08:28 -------- d-----w- c:\program files\Trend Micro
2010-07-14 23:39 . 2010-06-08 03:20 -------- d-----w- c:\users\Sarah\AppData\Roaming\Xilisoft
2010-07-14 23:19 . 2010-07-14 23:19 -------- d-----w- c:\program files\Safari(79)
2010-07-14 19:25 . 2008-08-25 13:30 -------- d-----w- c:\program files\Yahoo!
2010-07-14 06:08 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-07-04 23:11 . 2008-12-01 02:11 1356 ----a-w- c:\users\Sarah\AppData\Local\d3d9caps.dat
2010-07-03 20:01 . 2010-07-03 20:01 -------- d-----w- c:\program files\Siber Systems
2010-06-09 12:01 . 2010-06-09 12:01 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-04 06:41 . 2010-06-04 06:41 12 ----a-w- c:\users\Sarah\AppData\Roaming\gklupx.dat
2008-12-08 02:14 . 2008-12-08 02:14 22 --sha-w- c:\windows\SMINST\HPCD.sys
2008-08-25 13:36 . 2008-08-25 13:34 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( SnapShot@2010-08-29_22.35.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-08-30 03:25 67860 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2010-08-30 03:25 86484 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-11-30 23:06 . 2010-08-29 22:07 11540 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3069609433-1055128507-2126640712-1000_UserData.bin
+ 2008-11-30 23:06 . 2010-08-30 03:25 11540 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3069609433-1055128507-2126640712-1000_UserData.bin
- 2008-11-30 23:05 . 2010-08-29 18:00 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-30 23:05 . 2010-08-30 02:12 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-30 23:05 . 2010-08-30 02:12 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-30 23:05 . 2010-08-29 18:00 81920 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-30 23:05 . 2010-08-29 18:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-30 23:05 . 2010-08-30 02:12 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-15 19:50 . 2010-08-29 22:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-10-15 19:50 . 2010-08-30 22:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-10-15 19:50 . 2010-08-29 22:06 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-15 19:50 . 2010-08-30 22:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-15 19:50 . 2010-08-30 22:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-10-15 19:50 . 2010-08-29 22:06 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-04-14 05:21 . 2010-08-30 03:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-04-14 05:21 . 2010-08-29 22:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-04-14 05:21 . 2010-08-30 03:22 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-04-14 05:21 . 2010-08-29 22:04 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-04-14 05:21 . 2010-08-30 03:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-04-14 05:21 . 2010-08-29 22:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-08-29 22:03 . 2010-08-29 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-30 03:22 . 2010-08-30 03:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-30 03:22 . 2010-08-30 03:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-29 22:03 . 2010-08-29 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-08-31 04:24 604264 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-08-29 22:08 604264 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-08-31 04:24 103964 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-08-29 22:08 103964 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:79,24,7b,c6,69,5c,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 135664]
R3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-07-15 25168]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-07-15 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-07-15 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-15 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-15 243024]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-07-15 2331032]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-07-29 136632]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-08-12 810144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-07-29 96920]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-03-25 490280]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-07-15 122448]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-07-15 30288]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-07-15 27216]
S3 HSXHWBS3;HSXHWBS3;c:\windows\system32\DRIVERS\HSXHWBS3.sys [2008-02-12 207360]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 42368]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 16:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 11:32 128512 ----a-w- c:\windows\System32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 16:52]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-29 16:52]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3069609433-1055128507-2126640712-1000Core.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 16:52]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3069609433-1055128507-2126640712-1000UA.job
- c:\users\Sarah\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-29 16:52]

2010-08-31 c:\windows\Tasks\User_Feed_Synchronization-{347C16ED-58A3-4D85-A75F-EF1BFF64685A}.job
- c:\windows\system32\msfeedssync.exe [2010-06-10 04:30]
.
.
------- Supplementary Scan -------
.
TCP: {3BD396AC-B0F2-4C91-9AEC-9381581B2944} = 71.242.0.12 71.250.0.12
FF - ProfilePath - c:\users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x7zrux5q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.search.selectedengine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com//?fr=fp-tyc8
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc8&p=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 04:03
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3069609433-1055128507-2126640712-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*X*V*I*D*-*P*r*i*s*M*-*M*F*D*s*s*"!\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-31 04:07:12
ComboFix-quarantined-files.txt 2010-08-31 08:06
ComboFix2.txt 2010-08-29 22:39

Pre-Run: 3,907,776,512 bytes free
Post-Run: 2,413,727,744 bytes free

- - End Of File - - F0CE0EBFAD336BC987B8E5330D358C93

Attached Files


Edited by mpascal, 31 August 2010 - 10:36 AM.
opened log


#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:04 AM

Posted 31 August 2010 - 10:38 AM

Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 lancmale

lancmale
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 03 September 2010 - 08:58 AM

I am having problems getting the Kaspersky Online Scanner to run ... it first tells me that I need to have java 1.6 or greater (I have 1.6.0_21 and when I try to access the Java webite there are lots of error messages of things I can not see to help me get a newer version or an update) and the second message I get is that it tells me to make sure to deavtivate all anti-virus software, all of them are. I even rebooted the computer with them devactivated and still cant get Kaspersky Online Scanner to run, I know I had to running once already, I came across the program before looking to these forums for help, but now for reason I cant get it to work ... any advise??

Here is my mbam report for now:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4533

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

9/3/2010 7:56:40 AM
mbam-log-2010-09-03 (07-56-40).txt


Scan type: Quick scan
Objects scanned: 136169
Time elapsed: 8 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\wnxmal (Rogue.SecuritySuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rhnnlwba (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

UPDATE

I have now tried to run the Kaspersky Online Scanner on Safari, IE and Firefox only to get the same messages ... the biggest one is telling me to update my Java (I have confirmed that I have the latest updated version) I am at a lost and unsure of what I need to do now ... any help??

Thanks

Edited by lancmale, 03 September 2010 - 09:11 AM.


#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:04 AM

Posted 03 September 2010 - 04:17 PM

Hi there,

Okay, I'll give you an alternative for Kaspersky.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 lancmale

lancmale
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 05 September 2010 - 12:10 PM

Well I've trying running this program ... One the first scan the computer crashed twice, the third time I got a complete scan with no crashes but the scan did not fund anything, so I followed the directions ... I ran the second scan on express and it came up with nothing again. So I don't have a report to post.

I went to get on the net this morning and now I am having problems doing so.

#12 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:04 AM

Posted 05 September 2010 - 12:30 PM

Are you able to connect to the internet at all? Like is it just your browsers aren't working?

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#13 lancmale

lancmale
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 05 September 2010 - 02:21 PM

Yeah after tinkering with it I am back on the net now thumbup2.gif

#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:06:04 AM

Posted 05 September 2010 - 03:57 PM

Hi there,

Okay, glad you were able to get it fixed. I just want to do another scan or two to make sure I haven't missed anything in your logs.

Open up OTL and push the Quickscan button. Post the resulting log here.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 lancmale

lancmale
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:04 AM

Posted 06 September 2010 - 03:23 AM

Ok here is my scan of OTL:

OTL logfile created on: 9/6/2010 3:45:11 AM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Sarah\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.03 Gb Total Space | 9.09 Gb Free Space | 6.59% Space Free | Partition Type: NTFS
Drive D: | 11.02 Gb Total Space | 1.06 Gb Free Space | 9.61% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3.72 Gb Total Space | 0.19 Gb Free Space | 5.14% Space Free | Partition Type: FAT32

Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Sarah\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws9) -- C:\Program Files\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Sarah\AppData\Local\Temp\catchme.sys File not found
DRV - (eamonm) -- C:\Windows\System32\drivers\eamonm.sys (ESET)
DRV - (ehdrv) -- C:\Windows\System32\drivers\ehdrv.sys (ESET)
DRV - (epfwwfpr) -- C:\Windows\System32\drivers\epfwwfpr.sys (ESET)
DRV - (AvgRkx86) -- C:\Windows\System32\Drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSErHrvtx) -- C:\Windows\System32\Drivers\AVGIDSvx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDrivervtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFiltervtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShimvtx) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (HSXHWBS3) -- C:\Windows\System32\drivers\HSXHWBS3.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\WMP54GSx86.sys (Broadcom Corporation)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-tyc8"
FF - prefs.js..browser.search.param.yahoo-type: ""
FF - prefs.js..browser.search.selectedEngine: "AIM Search"
FF - prefs.js..browser.search.selectedengine: "Yahoo! Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.search.usedbfororder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com//?fr=fp-tyc8"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 08:38:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/03 10:04:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/04 15:28:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/08/17 08:47:17 | 000,000,000 | ---D | M]

[2009/02/07 14:51:11 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla\Extensions
[2010/09/06 03:35:18 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x7zrux5q.default\extensions
[2009/11/09 03:37:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x7zrux5q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/01 01:19:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x7zrux5q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/09/03 10:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x7zrux5q.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/09/03 10:05:19 | 000,001,739 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\x7zrux5q.default\searchplugins\aim-search.xml
[2010/09/03 10:04:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/02 00:07:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/02 00:06:00 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

Hosts file not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 71.242.0.12 71.250.0.12 192.168.1.1
O18 - Protocol\Handler\cf - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\Pictures\2010-06-23\122.JPG
O24 - Desktop BackupWallPaper: C:\Users\Sarah\Pictures\2010-06-23\122.JPG
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/25 09:12:57 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/05 00:07:54 | 000,000,000 | ---D | C] -- C:\Users\Sarah\DoctorWeb
[2010/09/04 18:20:41 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\tbnngglqk
[2010/09/02 02:14:46 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\wbtcclvod
[2010/09/01 13:24:29 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\pperycjcx
[2010/09/01 00:26:29 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\TFC.exe
[2010/08/31 23:35:29 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\Nero_AG
[2010/08/31 04:07:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/31 03:45:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/29 18:39:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/08/29 18:39:58 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\temp
[2010/08/29 14:10:08 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\ESET
[2010/08/29 14:06:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/29 14:06:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/29 14:06:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/29 14:06:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/29 14:05:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/29 05:11:26 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010/08/29 03:20:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/29 03:20:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/29 03:20:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/29 03:19:18 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Sarah\Desktop\mbam-setup.exe
[2010/08/28 20:07:53 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon
[2010/08/20 03:35:46 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\gmer
[2010/08/17 08:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2010/08/17 00:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/08/17 00:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/08/16 19:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/15 23:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/14 02:46:08 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2010/08/13 18:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/02 02:48:43 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\uTorrent
[2010/08/02 00:07:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/01 00:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/07/29 13:31:26 | 000,136,632 | ---- | C] (ESET) -- C:\Windows\System32\drivers\eamonm.sys
[2010/07/29 13:31:26 | 000,115,008 | ---- | C] (ESET) -- C:\Windows\System32\drivers\ehdrv.sys
[2010/07/29 13:31:26 | 000,096,920 | ---- | C] (ESET) -- C:\Windows\System32\drivers\epfwwfpr.sys
[2010/07/26 01:29:00 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\Nero Recode
[2010/07/26 01:24:50 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\NeroDigital™
[2010/07/26 01:13:26 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Documents\SecurDisc Key Data
[2010/07/25 03:25:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/07/21 08:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/21 08:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/16 01:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 7
[2010/07/14 22:23:09 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/14 22:23:07 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/07/14 22:23:06 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/07/14 22:23:03 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/07/14 22:22:54 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/07/14 22:22:52 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/07/14 22:22:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/07/14 22:19:55 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/07/14 20:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/07/14 19:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\Safari(79)
[2010/07/14 01:34:03 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\FixItCenter
[2010/07/14 01:23:55 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2010/07/14 01:23:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center
[2010/07/14 01:22:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/07/03 16:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Siber Systems
[2010/06/26 03:05:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/23 08:13:04 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\Pink- Funhouse (SpecialEdition)
[2010/06/23 03:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/13 02:17:02 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/06/11 03:54:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Desktop\Paul Mccartney - Live In Los Angeles (2010)
[2008/11/30 19:53:21 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sarah\AppData\Roaming\pcouffin.sys
[12 C:\Users\Sarah\Documents\*.tmp files -> C:\Users\Sarah\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/06 03:49:10 | 003,145,728 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat
[2010/09/06 03:46:36 | 000,002,265 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2010/09/06 03:45:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{347C16ED-58A3-4D85-A75F-EF1BFF64685A}.job
[2010/09/06 03:39:21 | 000,002,044 | ---- | M] () -- C:\Users\Sarah\Desktop\Google Chrome.lnk
[2010/09/06 03:39:21 | 000,002,006 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/06 03:26:05 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3069609433-1055128507-2126640712-1000UA.job
[2010/09/06 03:17:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/06 03:09:33 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/06 03:01:18 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/09/06 03:01:18 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/09/06 03:01:18 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/09/06 02:55:55 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/06 02:55:55 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/06 02:55:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/06 02:55:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/06 02:09:17 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{bd02e0f1-c915-11de-b83c-002215f4a496}.TMContainer00000000000000000001.regtrans-ms
[2010/09/06 02:09:17 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{bd02e0f1-c915-11de-b83c-002215f4a496}.TM.blf
[2010/09/06 02:08:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/09/06 02:08:10 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3069609433-1055128507-2126640712-1000Core.job
[2010/09/06 02:08:08 | 001,920,878 | -H-- | M] () -- C:\Users\Sarah\AppData\Local\IconCache.db
[2010/09/06 02:07:37 | 000,002,483 | ---- | M] () -- C:\Users\Sarah\Desktop\HiJackThis.lnk
[2010/09/06 01:57:28 | 000,112,640 | ---- | M] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/05 21:26:41 | 064,344,501 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/05 17:14:32 | 1200,221,328 | ---- | M] () -- C:\Users\Sarah\Desktop\Machete.avi
[2010/09/05 12:42:09 | 265,880,351 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/09/05 00:03:10 | 042,730,616 | ---- | M] () -- C:\Users\Sarah\Desktop\4k8t247w.exe
[2010/09/04 16:59:45 | 000,001,165 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\vso_ts_preview.xml
[2010/09/04 04:24:22 | 734,195,712 | ---- | M] () -- C:\Users\Sarah\Desktop\Titanic II.avi
[2010/09/04 02:31:50 | 1555,189,760 | ---- | M] () -- C:\Users\Sarah\Desktop\Iron Man 2.avi
[2010/09/04 00:06:57 | 735,289,344 | ---- | M] () -- C:\Users\Sarah\Desktop\Giallo.avi
[2010/09/03 10:04:16 | 000,001,710 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/02 11:06:54 | 000,037,888 | ---- | M] () -- C:\Users\Sarah\Documents\DVD Quality Movies.doc
[2010/09/02 04:34:09 | 1766,900,482 | ---- | M] () -- C:\Users\Sarah\Desktop\Mother And Child.avi
[2010/09/02 03:21:06 | 000,041,472 | ---- | M] () -- C:\Users\Sarah\Documents\CAM Movies and DVD Quality Movie.doc
[2010/09/01 10:48:47 | 737,531,904 | ---- | M] () -- C:\Users\Sarah\Desktop\The Last Seven.avi
[2010/09/01 04:29:49 | 734,121,984 | ---- | M] () -- C:\Users\Sarah\Desktop\Letters To Juliet.avi
[2010/09/01 00:27:04 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\TFC.exe
[2010/08/31 23:30:25 | 1463,989,545 | ---- | M] () -- C:\Users\Sarah\Desktop\Robin Hood - 2010.mkv
[2010/08/31 15:02:55 | 734,140,416 | ---- | M] () -- C:\Users\Sarah\Desktop\Dog Pound.avi
[2010/08/31 04:03:07 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/31 03:45:21 | 003,829,532 | R--- | M] () -- C:\Users\Sarah\Desktop\ComboFix.exe
[2010/08/31 02:03:05 | 000,042,496 | ---- | M] () -- C:\Users\Sarah\Documents\CJA373StudentFindingtheCourt.doc
[2010/08/30 12:46:10 | 725,253,274 | ---- | M] () -- C:\Users\Sarah\Desktop\Takers.avi
[2010/08/29 05:11:51 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010/08/29 03:38:59 | 000,340,141 | ---- | M] () -- C:\Users\Sarah\Desktop\Web Search Redirect - Router Virus.mht
[2010/08/29 03:24:13 | 000,293,376 | ---- | M] () -- C:\Users\Sarah\Desktop\mxl107mx.exe
[2010/08/29 03:20:09 | 000,000,780 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/29 03:19:30 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Sarah\Desktop\mbam-setup.exe
[2010/08/28 20:09:36 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2010/08/28 18:22:14 | 000,049,152 | ---- | M] () -- C:\Users\Sarah\Documents\LT+Charter+criminal+court+system.doc
[2010/08/28 06:05:09 | 737,501,184 | ---- | M] () -- C:\Users\Sarah\Desktop\MacGruber.avi
[2010/08/28 05:50:37 | 1605,715,968 | ---- | M] () -- C:\Users\Sarah\Desktop\Grown Ups.avi
[2010/08/28 02:03:24 | 823,987,970 | ---- | M] () -- C:\Users\Sarah\Desktop\The Other Guys.avi
[2010/08/28 01:23:05 | 000,002,545 | ---- | M] () -- C:\Users\Sarah\Desktop\Microsoft Word.lnk
[2010/08/27 19:26:39 | 000,616,965 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/08/27 14:15:53 | 853,557,249 | ---- | M] () -- C:\Users\Sarah\Desktop\Piranha.avi
[2010/08/24 22:08:27 | 734,967,808 | ---- | M] () -- C:\Users\Sarah\Desktop\Black Death.avi
[2010/08/23 18:47:19 | 734,955,520 | ---- | M] () -- C:\Users\Sarah\Desktop\The Switch.avi
[2010/08/22 16:55:34 | 654,925,916 | ---- | M] () -- C:\Users\Sarah\Desktop\Scott Pilgrim Against The World.avi
[2010/08/22 03:31:40 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Documents\~$M Movies and DVD Quality Movies.doc
[2010/08/20 23:31:24 | 731,723,776 | ---- | M] () -- C:\Users\Sarah\Desktop\Know Thy Enemy.avi
[2010/08/20 18:03:33 | 001,682,775 | ---- | M] () -- C:\Users\Sarah\Desktop\Guide Me.mht
[2010/08/20 03:35:05 | 000,284,915 | ---- | M] () -- C:\Users\Sarah\Desktop\gmer.zip
[2010/08/20 03:28:23 | 000,525,824 | ---- | M] () -- C:\Users\Sarah\Desktop\dds.scr
[2010/08/20 03:26:48 | 000,000,000 | ---- | M] () -- C:\Users\Sarah\defogger_reenable
[2010/08/20 03:25:51 | 000,050,477 | ---- | M] () -- C:\Users\Sarah\Desktop\Defogger.exe
[2010/08/19 18:25:45 | 733,736,960 | ---- | M] () -- C:\Users\Sarah\Desktop\My Own Love Song.avi
[2010/08/19 04:28:35 | 1466,246,564 | ---- | M] () -- C:\Users\Sarah\Desktop\The Experiment.avi
[2010/08/17 23:21:28 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/08/17 00:47:03 | 000,077,680 | ---- | M] () -- C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/08/17 00:46:52 | 000,316,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/16 19:03:48 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/15 20:53:20 | 1477,784,870 | ---- | M] () -- C:\Users\Sarah\Desktop\Prince Of Persia - The Sands Of Time.avi
[2010/08/15 06:50:05 | 1475,728,174 | ---- | M] () -- C:\Users\Sarah\Desktop\Step Up 3.avi
[2010/08/14 11:32:43 | 731,150,177 | ---- | M] () -- C:\Users\Sarah\Desktop\Killers.avi
[2010/08/14 02:57:44 | 001,335,980 | ---- | M] () -- C:\Users\Sarah\Documents\UnEncrypted.pdf
[2010/08/14 02:40:38 | 000,000,926 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/13 18:33:10 | 000,002,265 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/08/10 23:33:38 | 000,342,016 | ---- | M] () -- C:\Users\Sarah\Documents\NFL.com Private Football League.doc
[2010/08/10 17:30:35 | 735,219,712 | ---- | M] () -- C:\Users\Sarah\Desktop\Just Wright.avi
[2010/08/09 05:22:33 | 1558,806,528 | ---- | M] () -- C:\Users\Sarah\Desktop\Solitary Man.avi
[2010/08/08 01:34:17 | 1353,345,444 | ---- | M] () -- C:\Users\Sarah\Desktop\Cats And Dogs - The Revenge Of Kitty Galore.avi
[2010/08/04 14:08:52 | 000,000,726 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 7.lnk
[2010/08/04 14:08:52 | 000,000,702 | ---- | M] () -- C:\Users\Sarah\Desktop\DVDFab 7.lnk
[2010/08/03 00:29:08 | 732,442,625 | ---- | M] () -- C:\Users\Sarah\Desktop\Knight And Day.avi
[2010/08/01 23:30:01 | 000,009,760 | ---- | M] () -- C:\Users\Sarah\Documents\kaspersky scan report.html
[2010/07/29 13:31:26 | 000,136,632 | ---- | M] (ESET) -- C:\Windows\System32\drivers\eamonm.sys
[2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) -- C:\Windows\System32\drivers\ehdrv.sys
[2010/07/29 13:31:26 | 000,096,920 | ---- | M] (ESET) -- C:\Windows\System32\drivers\epfwwfpr.sys
[2010/07/26 00:22:11 | 000,002,122 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/07/24 03:00:10 | 000,000,297 | ---- | M] () -- C:\Users\Sarah\Desktop\My Documnets.lnk
[2010/07/21 08:59:33 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/21 08:45:18 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010/07/14 22:23:10 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/07/14 22:23:10 | 000,001,609 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/07/14 22:23:07 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/07/14 22:23:07 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/07/14 22:23:05 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/07/14 22:22:55 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/07/14 22:22:54 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/07/14 22:22:52 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/07/14 22:19:55 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/07/14 19:41:19 | 002,883,584 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat_previous
[2010/07/14 01:18:03 | 003,276,800 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/07/14 01:18:03 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/07/14 01:18:03 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/07/14 01:17:45 | 003,276,800 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/07/14 01:17:44 | 000,131,072 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/07/14 01:17:44 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/07/13 23:18:20 | 000,040,442 | ---- | M] () -- C:\Users\Sarah\Documents\UoP -Tax Fax.pdf
[2010/07/08 17:59:08 | 000,498,610 | ---- | M] () -- C:\Users\Sarah\Documents\Verification Coversheet - 2010-2011 UoP.pdf
[2010/07/04 19:11:36 | 000,001,356 | ---- | M] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2010/07/04 02:16:13 | 000,048,997 | ---- | M] () -- C:\Users\Sarah\Documents\xbox 360 UPS label.pdf
[2010/07/02 00:03:23 | 000,643,498 | ---- | M] () -- C:\Users\Sarah\Documents\008.JPG
[2010/07/02 00:00:56 | 000,787,693 | ---- | M] () -- C:\Users\Sarah\Documents\005.JPG
[2010/07/01 11:23:59 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010/06/27 15:46:26 | 000,148,628 | ---- | M] () -- C:\Users\Sarah\Documents\Master Promissory Note_ Federal Direct PLUS Loan.pdf
[2010/06/24 10:15:11 | 746,200,692 | ---- | M] () -- C:\Users\Sarah\Desktop\Jonah Hex.avi
[2010/06/14 00:47:01 | 735,291,392 | ---- | M] () -- C:\Users\Sarah\Desktop\No Crossover - The Trial Of Allen Iverson.avi
[2010/06/13 11:17:35 | 000,000,979 | ---- | M] () -- C:\Users\Sarah\Desktop\ConvertXtoDVD 4.lnk
[2010/06/13 11:17:35 | 000,000,971 | ---- | M] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/06/08 17:30:49 | 738,498,722 | ---- | M] () -- C:\Users\Sarah\Desktop\Get Him To The Greek.avi
[12 C:\Users\Sarah\Documents\*.tmp files -> C:\Users\Sarah\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/05 17:08:38 | 1200,221,328 | ---- | C] () -- C:\Users\Sarah\Desktop\Machete.avi
[2010/09/05 00:03:04 | 042,730,616 | ---- | C] () -- C:\Users\Sarah\Desktop\4k8t247w.exe
[2010/09/04 04:19:22 | 734,195,712 | ---- | C] () -- C:\Users\Sarah\Desktop\Titanic II.avi
[2010/09/04 02:30:03 | 1555,189,760 | ---- | C] () -- C:\Users\Sarah\Desktop\Iron Man 2.avi
[2010/09/04 00:06:20 | 735,289,344 | ---- | C] () -- C:\Users\Sarah\Desktop\Giallo.avi
[2010/09/02 09:24:34 | 733,976,576 | ---- | C] () -- C:\Users\Sarah\Desktop\Doghouse.avi
[2010/09/02 04:30:52 | 1766,900,482 | ---- | C] () -- C:\Users\Sarah\Desktop\Mother And Child.avi
[2010/09/01 10:47:48 | 737,531,904 | ---- | C] () -- C:\Users\Sarah\Desktop\The Last Seven.avi
[2010/09/01 04:28:54 | 734,121,984 | ---- | C] () -- C:\Users\Sarah\Desktop\Letters To Juliet.avi
[2010/08/31 23:28:33 | 1463,989,545 | ---- | C] () -- C:\Users\Sarah\Desktop\Robin Hood - 2010.mkv
[2010/08/31 15:02:07 | 734,140,416 | ---- | C] () -- C:\Users\Sarah\Desktop\Dog Pound.avi
[2010/08/31 02:03:05 | 000,042,496 | ---- | C] () -- C:\Users\Sarah\Documents\CJA373StudentFindingtheCourt.doc
[2010/08/30 12:42:34 | 725,253,274 | ---- | C] () -- C:\Users\Sarah\Desktop\Takers.avi
[2010/08/29 14:06:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/29 14:06:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/29 14:06:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/29 14:06:38 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/29 14:06:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/29 14:03:38 | 003,829,532 | R--- | C] () -- C:\Users\Sarah\Desktop\ComboFix.exe
[2010/08/29 03:38:54 | 000,340,141 | ---- | C] () -- C:\Users\Sarah\Desktop\Web Search Redirect - Router Virus.mht
[2010/08/29 03:24:01 | 000,293,376 | ---- | C] () -- C:\Users\Sarah\Desktop\mxl107mx.exe
[2010/08/29 03:20:09 | 000,000,780 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/28 20:09:36 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Vz In-Home Agent.lnk
[2010/08/28 18:22:14 | 000,049,152 | ---- | C] () -- C:\Users\Sarah\Documents\LT+Charter+criminal+court+system.doc
[2010/08/28 05:47:40 | 1605,715,968 | ---- | C] () -- C:\Users\Sarah\Desktop\Grown Ups.avi
[2010/08/28 02:02:08 | 823,987,970 | ---- | C] () -- C:\Users\Sarah\Desktop\The Other Guys.avi
[2010/08/27 14:14:14 | 853,557,249 | ---- | C] () -- C:\Users\Sarah\Desktop\Piranha.avi
[2010/08/26 02:00:18 | 000,041,472 | ---- | C] () -- C:\Users\Sarah\Documents\CAM Movies and DVD Quality Movie.doc
[2010/08/24 22:07:13 | 734,967,808 | ---- | C] () -- C:\Users\Sarah\Desktop\Black Death.avi
[2010/08/23 18:45:37 | 734,955,520 | ---- | C] () -- C:\Users\Sarah\Desktop\The Switch.avi
[2010/08/22 16:54:48 | 654,925,916 | ---- | C] () -- C:\Users\Sarah\Desktop\Scott Pilgrim Against The World.avi
[2010/08/22 03:31:40 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Documents\~$M Movies and DVD Quality Movies.doc
[2010/08/20 23:26:02 | 731,723,776 | ---- | C] () -- C:\Users\Sarah\Desktop\Know Thy Enemy.avi
[2010/08/20 18:03:33 | 001,682,775 | ---- | C] () -- C:\Users\Sarah\Desktop\Guide Me.mht
[2010/08/20 03:35:00 | 000,284,915 | ---- | C] () -- C:\Users\Sarah\Desktop\gmer.zip
[2010/08/20 03:27:49 | 000,525,824 | ---- | C] () -- C:\Users\Sarah\Desktop\dds.scr
[2010/08/20 03:26:48 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\defogger_reenable
[2010/08/20 03:25:44 | 000,050,477 | ---- | C] () -- C:\Users\Sarah\Desktop\Defogger.exe
[2010/08/19 16:52:18 | 733,736,960 | ---- | C] () -- C:\Users\Sarah\Desktop\My Own Love Song.avi
[2010/08/19 02:08:26 | 1466,246,564 | ---- | C] () -- C:\Users\Sarah\Desktop\The Experiment.avi
[2010/08/17 23:20:41 | 000,196,608 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2010/08/16 19:03:48 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/15 16:49:47 | 1477,784,870 | ---- | C] () -- C:\Users\Sarah\Desktop\Prince Of Persia - The Sands Of Time.avi
[2010/08/15 04:31:13 | 1475,728,174 | ---- | C] () -- C:\Users\Sarah\Desktop\Step Up 3.avi
[2010/08/14 10:26:48 | 731,150,177 | ---- | C] () -- C:\Users\Sarah\Desktop\Killers.avi
[2010/08/14 02:57:43 | 001,335,980 | ---- | C] () -- C:\Users\Sarah\Documents\UnEncrypted.pdf
[2010/08/14 02:40:38 | 000,000,926 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/08/10 23:33:37 | 000,342,016 | ---- | C] () -- C:\Users\Sarah\Documents\NFL.com Private Football League.doc
[2010/08/10 16:25:36 | 735,219,712 | ---- | C] () -- C:\Users\Sarah\Desktop\Just Wright.avi
[2010/08/09 18:17:19 | 1558,806,528 | ---- | C] () -- C:\Users\Sarah\Desktop\Solitary Man.avi
[2010/08/07 23:31:28 | 1353,345,444 | ---- | C] () -- C:\Users\Sarah\Desktop\Cats And Dogs - The Revenge Of Kitty Galore.avi
[2010/08/04 18:37:12 | 732,442,625 | ---- | C] () -- C:\Users\Sarah\Desktop\Knight And Day.avi
[2010/08/04 14:08:52 | 000,000,726 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 7.lnk
[2010/08/04 14:08:52 | 000,000,702 | ---- | C] () -- C:\Users\Sarah\Desktop\DVDFab 7.lnk
[2010/08/04 13:57:32 | 000,002,265 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk
[2010/08/01 23:30:01 | 000,009,760 | ---- | C] () -- C:\Users\Sarah\Documents\kaspersky scan report.html
[2010/07/26 00:22:11 | 000,002,122 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010/07/24 03:00:10 | 000,000,297 | ---- | C] () -- C:\Users\Sarah\Desktop\My Documnets.lnk
[2010/07/21 08:59:33 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/07/14 22:23:10 | 000,001,609 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/07/14 22:22:52 | 000,616,965 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/07/14 22:22:52 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/07/14 22:22:51 | 064,344,501 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/07/14 20:31:51 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2010/07/14 20:22:39 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/07/14 20:22:39 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/07/14 20:22:39 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/07/14 20:00:03 | 000,002,006 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/14 01:17:45 | 003,276,800 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2010/07/14 01:17:45 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2010/07/14 01:17:45 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2010/07/14 01:15:14 | 003,276,800 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell2.etl
[2010/07/14 01:15:14 | 000,131,072 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.perf
[2010/07/14 01:15:14 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell2.dpx
[2010/07/13 23:18:20 | 000,040,442 | ---- | C] () -- C:\Users\Sarah\Documents\UoP -Tax Fax.pdf
[2010/07/08 17:59:07 | 000,498,610 | ---- | C] () -- C:\Users\Sarah\Documents\Verification Coversheet - 2010-2011 UoP.pdf
[2010/07/04 02:16:13 | 000,048,997 | ---- | C] () -- C:\Users\Sarah\Documents\xbox 360 UPS label.pdf
[2010/07/02 00:03:07 | 000,643,498 | ---- | C] () -- C:\Users\Sarah\Documents\008.JPG
[2010/07/02 00:00:36 | 000,787,693 | ---- | C] () -- C:\Users\Sarah\Documents\005.JPG
[2010/06/27 15:46:26 | 000,148,628 | ---- | C] () -- C:\Users\Sarah\Documents\Master Promissory Note_ Federal Direct PLUS Loan.pdf
[2010/06/24 09:06:28 | 746,200,692 | ---- | C] () -- C:\Users\Sarah\Desktop\Jonah Hex.avi
[2010/06/23 08:01:48 | 000,000,629 | ---- | C] () -- C:\Windows\System32\mapisvc.inf
[2010/06/13 22:32:04 | 735,291,392 | ---- | C] () -- C:\Users\Sarah\Desktop\No Crossover - The Trial Of Allen Iverson.avi
[2010/06/13 11:17:35 | 000,000,979 | ---- | C] () -- C:\Users\Sarah\Desktop\ConvertXtoDVD 4.lnk
[2010/06/13 11:17:35 | 000,000,971 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\ConvertXtoDVD 4.lnk
[2010/06/09 08:09:29 | 000,002,265 | ---- | C] () -- C:\Users\Sarah\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2010/06/09 02:31:35 | 738,498,722 | ---- | C] () -- C:\Users\Sarah\Desktop\Get Him To The Greek.avi
[2010/06/04 02:41:07 | 000,000,012 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\gklupx.dat
[2009/11/02 04:07:16 | 000,000,000 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\wklnhst.dat
[2009/11/02 02:41:06 | 000,000,031 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/09/18 07:19:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/01/31 23:03:43 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2009/01/31 23:03:43 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2009/01/31 23:03:43 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2009/01/31 23:03:43 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/01/31 17:04:17 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/01/31 17:02:51 | 000,000,067 | ---- | C] () -- C:\Windows\AVIConverter.INI
[2009/01/22 05:17:09 | 000,001,165 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\vso_ts_preview.xml
[2009/01/20 20:19:57 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/12/02 11:15:09 | 000,000,187 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\default.rss
[2008/11/30 22:54:31 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/11/30 22:11:09 | 000,001,356 | ---- | C] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2008/11/30 20:24:43 | 000,112,640 | ---- | C] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/30 19:53:30 | 000,000,034 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.log
[2008/11/30 19:53:21 | 000,007,887 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.cat
[2008/11/30 19:53:21 | 000,001,144 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\pcouffin.inf
[2008/08/25 09:13:58 | 000,000,349 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/08/25 08:46:22 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/08/25 08:46:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2009/01/22 12:14:58 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\acccore
[2009/01/07 19:25:12 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\allTunes
[2010/02/17 23:53:24 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\AVG9
[2010/04/28 21:43:40 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\DVDFab
[2009/03/08 23:41:50 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\GrabIt
[2010/09/02 08:13:53 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\uTorrent
[2010/09/04 16:59:45 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Vso
[2010/03/18 04:42:57 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WinAVI
[2008/12/01 20:08:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WinBatch
[2010/07/14 19:39:18 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Xilisoft
[2010/09/06 02:08:53 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/09/06 03:45:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{347C16ED-58A3-4D85-A75F-EF1BFF64685A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Sarah\Documents\123442.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Sarah\Documents\121455.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Sarah\Documents\033030.avi:TOC.WMV
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users