1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Search results being redirected IE and Firefox

Discussion in 'Malware and Virus Removal Archive' started by carab, 2010/06/19.

Thread Status:
Not open for further replies.
Page 5 of 5
  1. 2010/07/15
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
    ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
    ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
    ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1167157780-497472970-3894054306-1000
    ProfileImagePath REG_EXPAND_SZ C:\Users\Cara

    ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\LocalService
    ProfileImagePath REG_EXPAND_SZ %SystemRoot%\ServiceProfiles\NetworkService
    SystemRoot REG_SZ C:\Windows
     
    carab,
    #81
  2. 2010/07/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Nothing suspicious here.

    My friend was very nice and she responded quickly. Let's see, if she'll come up with something else.
    Please, be patient.

    Please, be aware, that you may be forced to format your drive and reinstall Windows, so make sure, you have all personal data is backed up.
     
    broni,
    #82


  3. to hide this advert.

  4. 2010/07/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheck will be on your desktop
    Open this report and post its content in your next reply.
     
    broni,
    #83
  5. 2010/07/15
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    MBRCheck, version 1.1.1

    (c) 2010, AD



    \\.\C: --> \\.\PhysicalDrive0

    \\.\D: --> \\.\PhysicalDrive0



    Size Device Name MBR Status

    --------------------------------------------

    74 GB \\.\PhysicalDrive0 Windows Vista MBR code detected





    Done! Press ENTER to exit...
     
    carab,
    #84
  6. 2010/07/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Unfortunately, it looks clean.

    One more attempt....

    Let's see, if we can look at your computer booting from an external source.

    Using good computer, please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your bad computer using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
    broni,
    #85
  7. 2010/07/15
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    So I have to use a different computer to create the boot CD?
     
    carab,
    #86
  8. 2010/07/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Not really. It's my canned speech for badly infected computer, which won't boot.
    You can use your regular computer.
     
    broni,
    #87
  9. 2010/07/16
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    i'll finish this tomorrow
     
    carab,
    #88
  10. 2010/07/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    No problem :)
     
    broni,
    #89
  11. 2010/07/16
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    OTL logfile created on: 7/16/2010 4:12:03 PM - Run
    OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
    Windows Vista (TM) Home Premium (Version = 6.0.6000) - Type = System
    Internet Explorer (Version = 8.0.6001.18928)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    894.00 Mb Total Physical Memory | 670.00 Mb Available Physical Memory | 75.00% Memory free
    806.00 Mb Paging File | 703.00 Mb Available in Paging File | 87.00% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 64.44 Gb Total Space | 34.53 Gb Free Space | 53.59% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 6.31 Gb Free Space | 63.08% Space Free | Partition Type: NTFS
    Drive E: | 121.72 Mb Total Space | 113.29 Mb Free Space | 93.07% Space Free | Partition Type: FAT
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: REATOGO
    Current User Name: SYSTEM
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Standard
    Using ControlSet: ControlSet001

    ========== Win32 Services (SafeList) ==========

    SRV - [2010/04/01 14:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/02/24 11:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2009/12/07 21:50:40 | 000,030,192 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
    SRV - [2008/04/10 11:23:00 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/04/24 08:31:10 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto] -- C:\Windows\System32\stacsv.exe -- (STacSV)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand] -- C:\Users\Cara\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - File not found [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCM42RLY.sys -- (BCM42RLY)
    DRV - [2010/06/08 18:33:27 | 000,080,896 | ---- | M] (Piffit Inc) [Kernel | System] -- C:\Windows\System32\dbbc.sys -- (dbbc)
    DRV - [2010/03/01 11:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/16 15:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/05/11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2008/04/10 11:35:31 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/04/10 11:35:31 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/04/10 11:35:31 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/12/07 01:52:48 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
    DRV - [2007/10/17 05:33:56 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2007/05/24 01:08:56 | 000,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/04/29 01:24:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/04/29 01:24:28 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/04/29 01:24:28 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/04/29 01:24:28 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2007/04/24 08:31:16 | 000,323,584 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/04/24 08:29:38 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2007/04/24 08:00:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Disabled] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2007/04/24 08:00:18 | 000,043,520 | ---- | M] (REDC) [Kernel | Disabled] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2007/04/24 08:00:16 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2006/10/30 11:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/small...n&client=dell-usuk&channel=us-smb&ibd=1080410
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/small...n&client=dell-usuk&channel=us-smb&ibd=1080410


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\Cara_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/small...n&client=dell-usuk&channel=us-smb&ibd=1080410
    IE - HKU\Cara_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inbox
    IE - HKU\Cara_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\Cara_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?hl=en&shva=1# "

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/10 12:03:17 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 16:07:43 | 000,000,000 | ---D | M]

    [2008/10/23 17:02:49 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\Mozilla\Extensions
    [2010/06/08 18:16:00 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\3te386a9.default\extensions
    [2008/10/13 13:00:36 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\3te386a9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2010/06/08 18:36:05 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\knszno0y.Cara\extensions
    [2010/07/15 23:09:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/06/20 15:52:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/06/20 15:51:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

    O1 HOSTS File: ([2010/07/11 21:58:40 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
    O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\Cara_ON_C\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKU\Cara_ON_C\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
    O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
    O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\Cara_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\Cara_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
    O33 - MountPoints2\{1caf2ae1-06d1-11dd-a641-806e6f6e6963}\Shell - " " = AutoRun
    O33 - MountPoints2\{1caf2ae1-06d1-11dd-a641-806e6f6e6963}\Shell\AutoRun\command - " " = E:\setup.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/07/16 01:01:23 | 126,844,958 | ---- | C] (Igor Pavlov) -- C:\Users\Cara\Desktop\OTLPENet.exe
    [2010/07/11 21:15:07 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/07/11 20:48:08 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Cara\Desktop\OTL.exe
    [2010/07/10 13:51:09 | 000,000,000 | ---D | C] -- C:\Users\Cara\Desktop\Videos
    [2010/07/10 01:05:59 | 000,499,712 | ---- | C] (eSage Lab) -- C:\Users\Cara\Desktop\remover.exe
    [2010/07/08 21:13:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/07/08 21:11:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/07/08 20:53:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/07/08 20:53:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/07/08 20:53:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/07/08 20:53:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/07/08 20:52:18 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
    [2010/07/08 20:43:34 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/06/23 22:18:40 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
    [2010/06/23 22:18:38 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
    [2010/06/23 22:18:36 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
    [2010/06/23 22:18:36 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
    [2010/06/23 22:18:36 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
    [2010/06/23 22:18:36 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
    [2010/06/23 22:18:32 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
    [2010/06/23 22:18:24 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
    [2010/06/23 21:58:13 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
    [2010/06/23 21:57:52 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
    [2010/06/23 21:57:42 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
    [2010/06/23 21:50:29 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
    [2010/06/23 21:50:23 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
    [2010/06/23 21:43:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2010/06/23 21:43:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
    [2010/06/23 21:43:05 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
    [2010/06/23 21:43:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2010/06/23 21:43:04 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
    [2010/06/23 21:43:03 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
    [2010/06/23 21:43:02 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2010/06/23 21:43:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
    [2010/06/23 21:43:01 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
    [2010/06/23 21:43:00 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
    [2010/06/23 21:42:59 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
    [2010/06/23 21:42:59 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
    [2010/06/23 21:42:58 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
    [2010/06/23 21:42:58 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
    [2010/06/23 21:42:54 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2010/06/23 21:40:59 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
    [2010/06/23 21:40:58 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
    [2010/06/23 21:40:57 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
    [2010/06/23 21:40:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
    [2010/06/23 21:40:56 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
    [2010/06/23 21:40:56 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
    [2010/06/23 21:40:55 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
    [2010/06/23 21:40:55 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
    [2010/06/23 21:40:54 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
    [2010/06/23 21:40:53 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
    [2010/06/23 21:40:53 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
    [2010/06/23 21:40:52 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
    [2010/06/23 21:40:51 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
    [2010/06/23 21:40:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
    [2010/06/23 21:40:51 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
    [2010/06/23 21:40:49 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
    [2010/06/23 21:40:48 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
    [2010/06/23 21:40:47 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
    [2010/06/23 21:40:47 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
    [2010/06/23 21:40:47 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2010/06/23 21:40:44 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
    [2010/06/23 21:40:43 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
    [2010/06/23 21:40:43 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
    [2010/06/23 21:40:42 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
    [2010/06/23 21:40:42 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
    [2010/06/23 21:40:42 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
    [2010/06/23 21:32:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2010/06/23 21:31:21 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
    [2010/06/23 21:29:21 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
    [2010/06/23 21:29:18 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
    [2010/06/23 21:29:17 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
    [2010/06/23 21:29:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
    [2010/06/23 21:29:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
    [2010/06/23 21:29:17 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
    [2010/06/23 21:29:17 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
    [2010/06/23 21:29:16 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
    [2010/06/23 21:29:15 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
    [2010/06/23 21:27:13 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
    [2010/06/23 21:27:12 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
    [2010/06/23 21:27:12 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
    [2010/06/23 21:27:12 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
    [2010/06/23 21:27:12 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
    [2010/06/23 21:27:12 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
    [2010/06/23 21:27:02 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
    [2010/06/23 21:27:02 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
    [2010/06/23 21:27:01 | 000,435,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
    [2010/06/23 21:27:00 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
    [2010/06/23 21:27:00 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
    [2010/06/23 21:27:00 | 000,431,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
    [2010/06/23 21:26:59 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
    [2010/06/23 21:26:59 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
    [2010/06/23 21:26:59 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
    [2010/06/23 21:26:42 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
    [2010/06/23 21:26:41 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
    [2010/06/23 21:26:39 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
    [2010/06/23 21:26:37 | 001,244,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mcmde.dll
    [2010/06/23 21:26:31 | 000,177,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
    [2010/06/23 21:26:31 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
    [2010/06/23 21:26:29 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
    [2010/06/23 21:26:29 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
    [2010/06/23 21:26:15 | 004,247,552 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
    [2010/06/23 21:26:11 | 001,686,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
    [2010/06/23 21:26:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
    [2010/06/23 21:25:48 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2010/06/23 21:25:47 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2010/06/23 21:25:40 | 002,433,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
    [2010/06/23 21:25:39 | 002,855,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
    [2010/06/23 21:25:38 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
    [2010/06/23 21:25:38 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
    [2010/06/23 21:25:37 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
    [2010/06/23 21:25:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
    [2010/06/23 21:25:30 | 000,213,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
    [2010/06/23 21:25:30 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
    [2010/06/23 21:25:29 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
    [2010/06/23 21:25:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
    [2010/06/23 21:25:29 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
    [2010/06/23 21:25:19 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
    [2010/06/23 21:25:19 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
    [2010/06/23 21:25:11 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
    [2010/06/23 21:25:05 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
    [2010/06/23 21:24:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
    [2010/06/23 21:24:31 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
    [2010/06/23 21:24:31 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
    [2010/06/23 21:24:26 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
    [2010/06/23 21:24:26 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
    [2010/06/23 21:24:25 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
    [2010/06/23 21:24:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
    [2010/06/23 21:24:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
    [2010/06/23 21:23:51 | 000,712,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
    [2010/06/23 21:23:51 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
    [2010/06/23 21:23:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
    [2010/06/23 21:23:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
    [2010/06/23 21:23:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printcom.dll
    [2010/06/23 21:23:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
    [2010/06/23 21:23:35 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
    [2010/06/23 21:23:30 | 000,272,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\polstore.dll
    [2010/06/23 21:23:30 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FwRemoteSvr.dll
    [2010/06/23 21:23:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winipsec.dll
    [2010/06/23 21:23:15 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
    [2010/06/23 21:23:14 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
    [2010/06/23 21:22:56 | 001,327,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
    [2010/06/23 21:22:54 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
    [2010/06/23 21:22:53 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
    [2010/06/23 21:22:53 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
    [2010/06/23 21:22:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
    [2010/06/23 21:22:43 | 000,500,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
    [2010/06/23 21:22:43 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
    [2010/06/23 21:22:38 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\INETRES.dll
    [2010/06/23 21:22:26 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
    [2010/06/23 21:22:26 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
    [2010/06/23 21:22:25 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
    [2010/06/23 21:22:25 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
    [2010/06/23 21:22:25 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
    [2010/06/23 21:22:02 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
    [2010/06/23 21:22:02 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
    [2010/06/23 21:22:02 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
    [2010/06/23 21:21:39 | 000,713,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
    [2010/06/23 21:21:34 | 002,923,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
    [2010/06/23 21:21:30 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
    [2010/06/23 21:21:30 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
    [2010/06/23 21:21:20 | 002,031,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2010/06/23 21:21:14 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
    [2010/06/23 21:20:57 | 000,321,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
    [2010/06/23 21:20:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
    [2010/06/23 21:20:34 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
    [2010/06/23 21:20:34 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
    [2010/06/23 20:55:21 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
    [2010/06/23 20:55:16 | 008,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
    [2010/06/23 20:55:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
    [2010/06/23 20:55:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
    [2010/06/23 20:55:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
    [2010/06/23 20:53:10 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
    [2010/06/23 20:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\WOT
    [2010/06/20 21:21:37 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Cara\Desktop\TFC.exe
    [2010/06/20 15:51:59 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2010/06/20 15:51:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2010/06/20 15:51:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2010/06/20 15:35:29 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
    [2010/06/20 01:59:05 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [2010/06/20 01:31:43 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/06/20 01:28:26 | 000,000,000 | ---D | C] -- C:\Users\Cara\AppData\Roaming\Avira
    [2010/06/20 00:59:30 | 000,000,000 | ---D | C] -- C:\Users\Cara\Desktop\Malware ****
    [2010/06/19 22:57:19 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2010/06/19 22:57:14 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2010/06/19 22:57:14 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2010/06/19 22:57:14 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
    [2010/06/19 22:57:13 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
    [2010/06/19 22:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

    ========== Files - Modified Within 30 Days ==========

    [2010/07/16 15:57:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/07/16 15:56:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2010/07/16 15:56:11 | 002,653,141 | -H-- | M] () -- C:\Users\Cara\AppData\Local\IconCache.db
    [2010/07/16 15:52:15 | 000,000,433 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
    [2010/07/16 15:51:12 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/07/16 15:51:12 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/07/16 13:23:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1167157780-497472970-3894054306-1000UA.job
    [2010/07/16 01:01:49 | 126,844,958 | ---- | M] (Igor Pavlov) -- C:\Users\Cara\Desktop\OTLPENet.exe
    [2010/07/16 00:37:42 | 000,055,296 | ---- | M] () -- C:\Users\Cara\Desktop\MBRCheck.exe
    [2010/07/15 21:23:20 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1167157780-497472970-3894054306-1000Core.job
    [2010/07/15 18:38:58 | 000,147,832 | ---- | M] () -- C:\Users\Cara\Desktop\profiles.exe
    [2010/07/15 17:47:34 | 000,012,402 | ---- | M] () -- C:\Users\Cara\Desktop\Medium Cover Letter.docx
    [2010/07/15 17:24:04 | 000,048,128 | ---- | M] () -- C:\Users\Cara\Desktop\BanhagelJuly15.doc
    [2010/07/14 10:57:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
    [2010/07/14 10:57:28 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
    [2010/07/13 09:14:27 | 000,720,778 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
    [2010/07/13 09:14:27 | 000,621,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/07/13 09:14:27 | 000,104,868 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/07/12 19:52:23 | 000,047,616 | ---- | M] () -- C:\Users\Cara\Desktop\BanhagelJuly12.doc
    [2010/07/12 00:19:18 | 000,077,312 | ---- | M] () -- C:\Users\Cara\Desktop\mbr.exe
    [2010/07/11 21:58:40 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
    [2010/07/11 20:48:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Cara\Desktop\OTL.exe
    [2010/07/11 16:06:36 | 000,000,104 | ---- | M] () -- C:\Users\Cara\Desktop\Computer - Shortcut.lnk
    [2010/07/10 01:04:15 | 000,478,504 | ---- | M] () -- C:\Users\Cara\Desktop\bootkit_remover.rar
    [2010/07/08 21:07:47 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
    [2010/07/08 20:52:17 | 003,728,433 | R--- | M] () -- C:\Users\Cara\Desktop\ComboFix.exe
    [2010/07/08 12:57:23 | 000,049,664 | ---- | M] () -- C:\Users\Cara\Desktop\BanhagelJuly8.doc
    [2010/07/06 19:41:10 | 000,011,146 | ---- | M] () -- C:\Users\Cara\Documents\Medium-Short Cover Letter.docx
    [2010/07/06 19:36:41 | 000,011,291 | ---- | M] () -- C:\Users\Cara\Documents\Medium Cover Letter.docx
    [2010/07/06 19:03:21 | 000,011,863 | ---- | M] () -- C:\Users\Cara\Documents\Cover Letter.docx
    [2010/07/06 18:10:34 | 000,044,032 | ---- | M] () -- C:\Users\Cara\Desktop\BanhagelResumeQ.doc
    [2010/07/06 15:35:52 | 000,001,701 | ---- | M] () -- C:\Users\Cara\Desktop\NASAContactImport.csv
    [2010/07/06 15:27:40 | 000,064,000 | ---- | M] () -- C:\Users\Cara\Desktop\Networking List 2010-06-25.xls
    [2010/07/05 17:44:12 | 000,043,520 | ---- | M] () -- C:\Users\Cara\Desktop\BanhagelResume.doc
    [2010/07/02 22:24:32 | 000,002,039 | ---- | M] () -- C:\Users\Cara\Desktop\Google Chrome.lnk
    [2010/06/24 18:51:42 | 000,056,728 | ---- | M] () -- C:\Users\Cara\AppData\Local\GDIPFONTCACHEV1.DAT
    [2010/06/24 18:48:45 | 000,000,945 | ---- | M] () -- C:\Users\Cara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/06/24 18:47:32 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
    [2010/06/24 18:43:30 | 000,262,880 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/06/23 22:18:16 | 048,070,656 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
    [2010/06/23 22:18:14 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
    [2010/06/23 22:18:14 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
    [2010/06/20 21:21:51 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Cara\Desktop\TFC.exe
    [2010/06/20 15:51:23 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
    [2010/06/20 15:51:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
    [2010/06/20 15:51:22 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
    [2010/06/20 00:23:16 | 126,409,011 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/06/19 21:37:59 | 000,000,680 | ---- | M] () -- C:\Users\Cara\AppData\Local\d3d9caps.dat
    [2010/06/19 21:06:14 | 000,000,036 | ---- | M] () -- C:\Users\Cara\AppData\Local\housecall.guid.cache

    ========== Files Created - No Company Name ==========

    [2010/07/16 00:37:38 | 000,055,296 | ---- | C] () -- C:\Users\Cara\Desktop\MBRCheck.exe
    [2010/07/15 18:38:35 | 000,147,832 | ---- | C] () -- C:\Users\Cara\Desktop\profiles.exe
    [2010/07/15 17:47:32 | 000,012,402 | ---- | C] () -- C:\Users\Cara\Desktop\Medium Cover Letter.docx
    [2010/07/15 17:24:01 | 000,048,128 | ---- | C] () -- C:\Users\Cara\Desktop\BanhagelJuly15.doc
    [2010/07/14 10:54:59 | 000,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
    [2010/07/14 10:54:59 | 000,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
    [2010/07/12 19:50:36 | 000,047,616 | ---- | C] () -- C:\Users\Cara\Desktop\BanhagelJuly12.doc
    [2010/07/12 00:19:17 | 000,077,312 | ---- | C] () -- C:\Users\Cara\Desktop\mbr.exe
    [2010/07/11 16:06:36 | 000,000,104 | ---- | C] () -- C:\Users\Cara\Desktop\Computer - Shortcut.lnk
    [2010/07/10 01:04:08 | 000,478,504 | ---- | C] () -- C:\Users\Cara\Desktop\bootkit_remover.rar
    [2010/07/08 20:53:11 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/07/08 20:53:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/07/08 20:53:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/07/08 20:53:11 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/07/08 20:53:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/07/08 20:52:00 | 003,728,433 | R--- | C] () -- C:\Users\Cara\Desktop\ComboFix.exe
    [2010/07/08 12:23:30 | 000,049,664 | ---- | C] () -- C:\Users\Cara\Desktop\BanhagelJuly8.doc
    [2010/07/06 19:41:09 | 000,011,146 | ---- | C] () -- C:\Users\Cara\Documents\Medium-Short Cover Letter.docx
    [2010/07/06 19:36:39 | 000,011,291 | ---- | C] () -- C:\Users\Cara\Documents\Medium Cover Letter.docx
    [2010/07/06 18:57:17 | 000,011,863 | ---- | C] () -- C:\Users\Cara\Documents\Cover Letter.docx
    [2010/07/06 18:10:28 | 000,044,032 | ---- | C] () -- C:\Users\Cara\Desktop\BanhagelResumeQ.doc
    [2010/07/06 15:35:49 | 000,001,701 | ---- | C] () -- C:\Users\Cara\Desktop\NASAContactImport.csv
    [2010/07/06 15:27:25 | 000,064,000 | ---- | C] () -- C:\Users\Cara\Desktop\Networking List 2010-06-25.xls
    [2010/06/29 12:58:37 | 000,043,520 | ---- | C] () -- C:\Users\Cara\Desktop\BanhagelResume.doc
    [2010/06/23 22:13:06 | 048,070,656 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
    [2010/06/23 22:13:06 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
    [2010/06/23 22:13:06 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
    [2010/06/23 21:43:00 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2010/06/23 21:22:26 | 001,654,487 | ---- | C] () -- C:\Windows\System32\wlan.tmf
    [2010/06/19 23:39:46 | 126,409,011 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/06/19 21:53:58 | 000,000,945 | ---- | C] () -- C:\Users\Cara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/06/19 21:37:58 | 000,000,680 | ---- | C] () -- C:\Users\Cara\AppData\Local\d3d9caps.dat
    [2010/06/19 21:06:14 | 000,000,036 | ---- | C] () -- C:\Users\Cara\AppData\Local\housecall.guid.cache
    [2008/09/20 16:12:19 | 000,004,096 | -H-- | C] () -- C:\Users\Cara\AppData\Local\keyfile3.drm
    [2008/05/29 19:16:20 | 000,003,253 | ---- | C] () -- C:\Users\Cara\AppData\Roaming\com.kennettnet.MusicRescue.plist
    [2008/05/29 19:16:20 | 000,000,235 | ---- | C] () -- C:\Users\Cara\AppData\Roaming\com.kennettnet.MusicRescueProfiles.plist
    [2008/04/25 18:20:40 | 000,024,206 | ---- | C] () -- C:\Users\Cara\AppData\Roaming\UserTile.png
    [2008/04/14 11:38:57 | 000,019,456 | ---- | C] () -- C:\Users\Cara\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/04/10 11:36:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2008/04/10 11:36:02 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
    [2008/04/10 11:35:51 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2008/04/10 04:05:00 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
    [2008/04/10 03:55:57 | 000,006,656 | ---- | C] () -- C:\Windows\System32\stacutil.dll
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/01/12 18:09:14 | 000,090,112 | ---- | C] () -- C:\Windows\System32\DXFLib.dll
    [2006/01/12 18:08:06 | 000,143,360 | ---- | C] () -- C:\Windows\System32\opcode.dll

    ========== LOP Check ==========

    [2008/07/28 21:28:49 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\acccore
    [2008/07/28 22:39:30 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\Aim
    [2008/04/25 18:20:39 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\PeerNetworking
    [2008/09/20 18:05:56 | 000,000,000 | ---D | M] -- C:\Users\Cara\AppData\Roaming\SecondLife
    [2010/07/16 15:56:56 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========


    < End of report >
     
    carab,
    #90
  12. 2010/07/16
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    Does that program normally cause the windows clock to change? Right now, in reality, it is 2:40 but the clock is saying 5:40.... and it says it is still set to central time??
     
    carab,
    #91
  13. 2010/07/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Again, listed below is my canned speech for not bootable computers, so adjust you actions accordingly...

    Do this on the computer you are posting from:
    Copy the text in the codebox below:


    Code:
    :OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab  (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O33 - MountPoints2\{1caf2ae1-06d1-11dd-a641-806e6f6e6963}\Shell - " " = AutoRun
O33 - MountPoints2\{1caf2ae1-06d1-11dd-a641-806e6f6e6963}\Shell\AutoRun\command - " " = E:\setup.exe -- File not found


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
    Open Notepad and paste it.
    Save the document as Fix.txt on to a USB flash drive


    On the infected computer the following...

    Run OTLPE

    • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
      • (The content of Fix.txt should appear in the box)
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post the log produced (you'll need to transfer it with USB stick)
    • Attempt to reboot normally into windows.
     
    broni,
    #92
  14. 2010/07/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Not that I'm aware of, unless you're looking at OTLPE desktop. If so, don't worry about it.
     
    broni,
    #93
  15. 2010/07/16
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    No, i'm looking at my own desktop
     
    carab,
    #94
  16. 2010/07/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You can adjust time at any time.
     
    broni,
    #95
  17. 2010/07/16
    carab

    carab Inactive Thread Starter

    Joined:
    2010/06/19
    Messages:
    55
    Likes Received:
    0
    i ran the fix but it never gave me a log
     
    carab,
    #96
  18. 2010/07/16
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Run OTLPE Quick Scan without any script and post its log.
    We'll see, if the script worked.

    I'm also curious about one more thing.
    When booted from OTLPE CD you should be able to access internet. You have IE and Firefox portable there. See, if they redirect.
     
    broni,
    #97
Page 5 of 5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...