[bl0ndi3_]

Hi,
for about 6months i have had this tiny white box in the corner of my desktop background. When I righ click on it, a grey toolbox pops down and it has many options, such as save as, etc and i don't click on any of those. Then about 5 seconds later up a pop up in the centre of my screen appears, it says

Run-time error '401':
Can't show non-modal form when modal form is displayed.
OK

And then the box disappears. If I do not right click this box after start up of my computer, then i get other advertising pop-ups..mostly for porn sites. Another thing that happened around this time was that i cannot close my internet explorer, and if i do, then the whole computer freezes.

What is it and what should i do?

Help would be greatly appreciated..thank you

[Advertisements]

Can you run MBAM (Step 1) and OTL (Step 5) of the malware removal guide?
http://www.geekstogo...uide-t2852.html
Copy and paste the logs you get. Do not attach.

Ron

[RKinner]

Can you run MBAM (Step 1) and OTL (Step 5) of the malware removal guide?
http://www.geekstogo...uide-t2852.html
Copy and paste the logs you get. Do not attach.

Ron

[bl0ndi3_]

Malwarebytes' Anti-Malware 1.42
Database version: 3383
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18904

16/05/2010 2:18:25 PM
mbam-log-2010-05-16 (14-18-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 210651
Time elapsed: 1 hour(s), 31 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




OTL logfile created on: 16/05/2010 2:56:48 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 95.52 Gb Free Space | 64.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/16 13:02:37 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
PRC - [2010/04/21 20:21:42 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 20:21:40 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/16 23:53:37 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/04/02 09:35:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/17 19:41:59 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 19:41:55 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 19:41:50 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/17 19:41:49 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/08/21 18:38:29 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/02/06 18:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2008/08/14 10:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/05/22 09:50:02 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe


========== Modules (SafeList) ==========

MOD - [2010/05/16 13:02:37 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
MOD - [2010/03/17 19:41:59 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/19 17:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/19 17:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/17 19:41:55 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/17 19:41:50 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 20:21:40 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/17 19:41:59 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 19:41:50 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/17 10:16:04 | 000,021,560 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\Drivers\tsk_atapi.sys -- (atapi)
DRV - [2009/11/18 09:16:18 | 000,223,432 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2008/09/04 06:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 06:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/09/04 06:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/04/16 10:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2006/11/02 19:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 19:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 19:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 19:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 19:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 19:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 19:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 19:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 19:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 19:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 19:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 19:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 19:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 19:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 19:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 19:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 17:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uws.edu.au/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sounds.lnk = C:\Windows\System32\sounds.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: edu.au ([vuws.uws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: edu.au ([wlan-cmb.uws] https in Trusted sites)
O16 - DPF: {08496B45-6BB1-4F92-A8E6-B9E7978634CB} https://wlan-cmb.uws...e/TrustSite.cab (Trustsite Control)
O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} https://wlan-cmb.uws...e/NetDirect.cab (NetDirect)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{baaec5e8-d4ad-11de-85fb-00a0d191e4b8}\Shell - "" = AutoRun
O33 - MountPoints2\{baaec5e8-d4ad-11de-85fb-00a0d191e4b8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c5ca9c58-559d-11df-bea8-00a0d191e4b8}\Shell - "" = AutoRun
O33 - MountPoints2\{c5ca9c58-559d-11df-bea8-00a0d191e4b8}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{e3dbb460-974c-11de-ad5a-00a0d191e4b8}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/10/17 11:25:02 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/16 13:02:32 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010/05/14 20:35:15 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Documents
[2010/05/14 03:01:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/06 10:59:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Favorites\Documents\DVDVideoSoft
[2010/05/06 10:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/05/06 10:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/05/02 13:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/30 21:33:18 | 000,000,000 | ---D | C] -- C:\Sounds
[2010/04/30 21:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2010/04/30 21:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/30 21:25:09 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll
[2010/04/30 21:25:09 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8u.ocx
[2010/04/30 21:25:09 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx
[2010/04/30 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\LG Electronics
[2010/04/30 21:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\LG PC Suite II
[2010/04/24 23:36:15 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Imagic505N
[2010/04/24 23:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ST System Shared
[2010/04/24 23:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\STOIK Imaging
[2010/04/16 17:05:38 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Favorites\Documents\New Folder
[2010/04/16 14:20:48 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Favorites\Documents\Unzipped
[2010/04/16 14:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/04/16 14:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/03/17 19:41:59 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[1 C:\Users\Sarah\Favorites\Documents\*.tmp files -> C:\Users\Sarah\Favorites\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/16 14:56:53 | 005,242,880 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat
[2010/05/16 14:54:36 | 000,096,768 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\UWS_OHS_Risk_Assessment_and_Control_Form_2008.doc
[2010/05/16 14:54:35 | 003,194,448 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Scholarships.pdf
[2010/05/16 14:54:35 | 002,984,484 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\affinity chromatography.pdf
[2010/05/16 14:54:35 | 002,947,584 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\NIEMANN-PICK DISEASE powerpoint3.ppt
[2010/05/16 14:54:35 | 002,937,856 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\NIEMANN-PICK DISEASE POWERPOINT by Sarah Penrose 16495702 (2).ppt
[2010/05/16 14:54:35 | 001,061,654 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\NPD SPEECH.docx
[2010/05/16 14:54:35 | 000,645,995 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\APS PRAC EXAM INFORMATION FOR MY BABY BOY I LOVE YOU.docx
[2010/05/16 14:54:35 | 000,441,217 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\DIGITAL PIANO AD.docx
[2010/05/16 14:54:35 | 000,129,194 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\pi bonds conjugation.pdf
[2010/05/16 14:54:35 | 000,124,280 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Unfiled Notes.one
[2010/05/16 14:54:35 | 000,087,348 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\APS stuff.zip
[2010/05/16 14:54:35 | 000,039,424 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Assignment_Cover_Sheet.doc
[2010/05/16 14:54:35 | 000,039,265 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Medical MicrobiologyUWS Unit Code.docx
[2010/05/16 14:54:35 | 000,031,697 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\TIMETABLE AUTUMN.docx
[2010/05/16 14:54:35 | 000,030,160 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Importantdates.pdf
[2010/05/16 14:54:35 | 000,026,481 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Booking Request Confirmation TONI AND GUY.docx
[2010/05/16 14:53:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/16 14:21:12 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/16 14:21:12 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/16 14:21:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/16 14:19:23 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TMContainer00000000000000000001.regtrans-ms
[2010/05/16 14:19:23 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TM.blf
[2010/05/16 14:19:04 | 002,186,353 | -H-- | M] () -- C:\Users\Sarah\AppData\Local\IconCache.db
[2010/05/16 13:02:37 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010/05/16 12:00:58 | 060,032,049 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/15 22:48:34 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/15 22:48:34 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/15 22:48:34 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/15 09:49:54 | 000,017,408 | ---- | M] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 20:37:15 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/14 10:42:29 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Favorites\Documents\~$ALYTICAL PROTEIN SCIENCE.docx
[2010/05/06 10:59:38 | 000,001,032 | ---- | M] () -- C:\Users\Sarah\Desktop\DVDVideoSoft Free Studio.lnk
[2010/05/02 15:43:19 | 000,270,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/30 21:25:25 | 000,001,541 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite II.lnk
[2010/04/25 14:28:54 | 025,488,630 | ---- | M] () -- C:\ProgramData\Imagic50.bmp
[2010/04/24 23:35:50 | 000,000,012 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\9481
[2010/04/24 23:35:50 | 000,000,012 | ---- | M] () -- C:\Users\Public\Documents\8156
[2010/04/24 23:35:50 | 000,000,012 | ---- | M] () -- C:\Users\Sarah\AppData\Local\2631
[2010/04/24 23:35:50 | 000,000,012 | ---- | M] () -- C:\ProgramData\1548
[2010/04/24 23:35:50 | 000,000,012 | ---- | M] () -- C:\ProgramData\1477
[2010/04/24 23:35:50 | 000,000,012 | ---- | M] () -- C:\ProgramData\0359
[2010/04/24 23:33:12 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\Imagic 5.0.lnk
[2010/04/24 21:45:36 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Favorites\Documents\~$cture 7 - affinity chromatography.docx
[2010/04/21 20:21:40 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/16 17:33:27 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TMContainer00000000000000000002.regtrans-ms
[2010/04/16 17:28:09 | 000,060,544 | ---- | M] () -- C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/16 17:20:04 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/16 17:20:04 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/16 17:06:37 | 000,010,878 | -HS- | M] () -- C:\ProgramData\405KS4TEhJ
[2010/04/16 17:06:36 | 000,010,878 | -HS- | M] () -- C:\Users\Sarah\AppData\Local\405KS4TEhJ
[2010/04/16 14:29:35 | 000,058,728 | ---- | M] () -- C:\Scriptina.zip
[2010/04/14 14:57:01 | 000,000,087 | ---- | M] () -- C:\Users\Sarah\webct_upload_applet.properties
[2010/04/11 16:02:09 | 000,000,736 | ---- | M] () -- C:\Windows\SamsungMaster.INI
[2010/04/01 09:54:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/03/30 15:42:26 | 000,222,568 | ---- | M] (STOIK Software) -- C:\Windows\System32\skjpeg40.dll
[2010/03/30 15:42:24 | 000,089,448 | ---- | M] (STOIK Software Ltd.) -- C:\Windows\System32\Skbase40.dll
[2010/03/17 19:41:59 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/17 19:41:59 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/17 19:41:50 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/13 11:00:32 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Favorites\Documents\~$D ESSAY.docx
[2010/03/11 15:54:50 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Favorites\Documents\~$EMANN-PICK DISEASE.docx
[2010/03/11 15:47:19 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010/03/11 15:47:19 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010/03/11 15:47:19 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010/03/11 15:47:19 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010/03/07 15:08:18 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010/02/17 10:05:44 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Favorites\Documents\~$METABLE AUTUMN.docx
[1 C:\Users\Sarah\Favorites\Documents\*.tmp files -> C:\Users\Sarah\Favorites\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/14 20:56:01 | 000,645,995 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\APS PRAC EXAM INFORMATION FOR MY BABY BOY I LOVE YOU.docx
[2010/05/14 20:36:02 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/14 10:42:29 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Favorites\Documents\~$ALYTICAL PROTEIN SCIENCE.docx
[2010/05/13 18:56:47 | 002,984,484 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\affinity chromatography.pdf
[2010/05/12 11:22:15 | 000,087,348 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\APS stuff.zip
[2010/05/08 16:24:28 | 000,129,194 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\pi bonds conjugation.pdf
[2010/05/08 14:51:00 | 000,441,217 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\DIGITAL PIANO AD.docx
[2010/05/06 10:59:38 | 000,001,032 | ---- | C] () -- C:\Users\Sarah\Desktop\DVDVideoSoft Free Studio.lnk
[2010/05/01 16:50:19 | 001,061,654 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\NPD SPEECH.docx
[2010/04/30 21:25:25 | 000,001,541 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite II.lnk
[2010/04/25 14:28:53 | 025,488,630 | ---- | C] () -- C:\ProgramData\Imagic50.bmp
[2010/04/24 23:35:50 | 000,000,012 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\9481
[2010/04/24 23:35:50 | 000,000,012 | ---- | C] () -- C:\Users\Public\Documents\8156
[2010/04/24 23:35:50 | 000,000,012 | ---- | C] () -- C:\Users\Sarah\AppData\Local\2631
[2010/04/24 23:35:50 | 000,000,012 | ---- | C] () -- C:\ProgramData\1548
[2010/04/24 23:35:50 | 000,000,012 | ---- | C] () -- C:\ProgramData\1477
[2010/04/24 23:35:50 | 000,000,012 | ---- | C] () -- C:\ProgramData\0359
[2010/04/24 23:33:12 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\Imagic 5.0.lnk
[2010/04/24 21:45:36 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Favorites\Documents\~$cture 7 - affinity chromatography.docx
[2010/04/16 17:26:46 | 000,524,288 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TMContainer00000000000000000002.regtrans-ms
[2010/04/16 17:26:45 | 000,524,288 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TMContainer00000000000000000001.regtrans-ms
[2010/04/16 17:26:45 | 000,065,536 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TM.blf
[2010/04/16 14:55:31 | 000,010,878 | -HS- | C] () -- C:\Users\Sarah\AppData\Local\405KS4TEhJ
[2010/04/16 14:55:31 | 000,010,878 | -HS- | C] () -- C:\ProgramData\405KS4TEhJ
[2010/04/16 14:29:35 | 000,058,728 | ---- | C] () -- C:\Scriptina.zip
[2010/04/14 14:05:12 | 002,937,856 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\NIEMANN-PICK DISEASE POWERPOINT by Sarah Penrose 16495702 (2).ppt
[2010/04/12 09:37:49 | 000,039,424 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\Assignment_Cover_Sheet.doc
[2010/04/01 09:54:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/03/13 11:00:32 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Favorites\Documents\~$D ESSAY.docx
[2010/03/11 15:54:50 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Favorites\Documents\~$EMANN-PICK DISEASE.docx
[2010/03/11 15:47:19 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010/03/11 15:47:19 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010/03/11 15:47:19 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010/03/11 15:47:19 | 000,065,536 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010/03/10 20:50:35 | 002,947,584 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\NIEMANN-PICK DISEASE powerpoint3.ppt
[2010/02/27 13:21:41 | 000,096,768 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\UWS_OHS_Risk_Assessment_and_Control_Form_2008.doc
[2010/02/17 10:05:44 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Favorites\Documents\~$METABLE AUTUMN.docx
[2010/02/03 18:14:02 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2010/01/16 20:50:48 | 000,000,238 | ---- | C] () -- C:\Windows\mafosav.INI
[2009/12/23 17:48:09 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/23 17:48:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/17 10:16:04 | 000,021,560 | ---- | C] () -- C:\Windows\System32\drivers\tsk_atapi.sys
[2009/10/26 21:19:13 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2009/08/24 20:41:53 | 000,021,560 | ---- | C] () -- C:\Windows\System32\drivers\atapi.sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/12/19 20:03:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Auslogics
[2009/08/19 20:08:22 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Blitware
[2009/08/19 19:55:27 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\GetRightToGo
[2010/04/24 23:36:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Imagic505N
[2009/08/22 22:42:18 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech
[2010/04/30 21:45:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\LG Electronics
[2009/08/31 09:48:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Nortel
[2009/11/18 09:18:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TrueCrypt
[2009/08/19 20:31:12 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Uniblue
[2010/05/16 14:53:48 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\uTorrent
[2009/09/16 22:23:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WinBatch
[2009/08/19 20:40:37 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2010/05/16 14:19:47 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/08/21 18:39:44 | 000,021,560 | ---- | M] (Microsoft Corporation) -- C:\atapi.sys
[2008/01/19 17:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2009/08/20 06:15:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/19 07:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/12/14 21:37:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/14 21:37:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/16 14:20:42 | 2451,247,104 | -HS- | M] () -- C:\pagefile.sys
[2010/04/16 14:29:35 | 000,058,728 | ---- | M] () -- C:\Scriptina.zip
[2009/12/17 10:16:05 | 000,015,515 | ---- | M] () -- C:\TDSSKiller.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 21:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 21:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/19 17:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/19 17:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 20:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 20:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 20:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 20:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/17 19:41:50 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/17 19:41:59 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/21 20:21:40 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/21 07:18:40 | 000,411,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/02/23 21:32:31 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/23 21:32:36 | 000,212,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/23 21:32:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
[2010/02/19 00:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2010/02/18 21:52:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\tunnel.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >










OTL Extras logfile created on: 16/05/2010 2:56:48 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 44.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 95.52 Gb Free Space | 64.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{161BF274-AED9-493A-94D9-5D5052E79774}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A682B666-BD63-45C3-911A-DF22AE7143AE}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1347A433-417C-4241-8932-105255E81AE2}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{20BD2BB5-9E9B-4A43-BDFA-9A3E5E4F4FDD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{27DB4849-A12E-460D-B5E4-300CF1939F08}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4059}" = protocol=6 | dir=in | app=c:\windows\system32\svchost.exe |
"{28ADEDE1-A4D5-42D8-9B05-BF7C283C4060}" = protocol=6 | dir=out | app=c:\windows\system32\svchost.exe |
"{4DFEFE93-F21D-48B5-B0E4-1B0D5E53A617}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5EB963F6-FD01-463C-91E8-D161F20805D0}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
"{8639247B-0339-4104-9F4D-9C28998FE05E}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{8AD6F9A5-CC95-43EF-A8A9-CC75BA1ADE0C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A69C3E4B-4B30-45EE-938A-A5C251D1B2B2}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F9CEBD21-F5CF-4D0E-B895-F2E8FDF78742}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"TCP Query User{2690A5ED-0072-4325-A78C-2428F9C58399}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{53758099-F728-49A3-8E01-C600E2EEAAD5}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B3FACAD7-865C-4C69-9B7F-BCE3976C758B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{60215247-EE48-439A-9FE1-63C43CC60B43}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{694E0F6F-64B2-4BD1-9A7A-F3BB0AD7ED9D}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{7820E66F-E557-44AD-A202-A1297E48FD54}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{136BF5F3-F4A1-49C6-A72A-1009AEC7361E}" = LG PC Suite II
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E93747-AB1C-4809-9DFE-FE7518908A75}" = Imagic 5.0
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98E684F4-5F3B-4BDE-BE96-D831D4368743}" = Neuromuscular Junction Simulation V2.1.8
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0A7C169-E6DD-48E8-AD64-9422165EF189}" = Imagic 5
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG9Uninstall" = AVG Free 9.0
"Browser Defender_is1" = Browser Defender 2.0.6.11
"Free Studio_is1" = Free Studio version 4.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"PokerStars" = PokerStars
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Companion" = Yahoo!7 Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/04/2010 7:27:01 AM | Computer Name = Sarah-PC | Source = VSS | ID = 8194
Description =

Error - 1/05/2010 6:03:27 AM | Computer Name = Sarah-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module ntdll.dll, version 6.0.6001.18000, time stamp 0x4791a7a6,
exception code 0xc0000005, fault offset 0x0003d13a, process id 0x1ff8, application
start time 0x01cae91582b9a530.

Error - 6/05/2010 6:47:52 AM | Computer Name = Sarah-PC | Source = VSS | ID = 8194
Description =

Error - 6/05/2010 8:30:24 PM | Computer Name = Sarah-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 8/05/2010 2:29:16 AM | Computer Name = Sarah-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: a80 Start Time: 01caee49f8b643d5 Termination Time: 140

Error - 10/05/2010 9:04:17 AM | Computer Name = Sarah-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x8b077401, process id 0xfb4, application start time
0x01caf026f5ea8012.

Error - 11/05/2010 7:43:37 AM | Computer Name = Sarah-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18904 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 6c4 Start Time: 01caf09906630f5d Termination Time: 56

Error - 11/05/2010 8:01:50 AM | Computer Name = Sarah-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/05/2010 8:01:50 AM | Computer Name = Sarah-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14/05/2010 4:42:13 AM | Computer Name = Sarah-PC | Source = Application Error | ID = 1000
Description = Faulting application WINWORD.EXE, version 12.0.6514.5000, time stamp
0x4a89d533, faulting module MSVCR80.dll, version 8.0.50727.4053, time stamp 0x4a594c79,
exception code 0xc0000005, fault offset 0x00015108, process id 0xc28, application
start time 0x01caf303de554f78.

[ OSession Events ]
Error - 14/05/2010 4:42:12 AM | Computer Name = Sarah-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 26404
seconds with 4080 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 25/09/2009 4:40:47 AM | Computer Name = Sarah-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 172.24.3.183 for the Network Card with network
address 001B9E85BD31 has been denied by the DHCP server 10.1.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 25/09/2009 5:35:14 AM | Computer Name = Sarah-PC | Source = BROWSER | ID = 8032
Description =

Error - 25/09/2009 9:08:42 AM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 25/09/2009 6:06:10 PM | Computer Name = Sarah-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 10.1.1.2 for the Network Card with network address
001B9E85BD31 has been denied by the DHCP server 10.1.1.1 (The DHCP Server sent
a DHCPNACK message).

Error - 25/09/2009 6:07:28 PM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/09/2009 1:22:43 AM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/09/2009 10:43:40 PM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 26/09/2009 10:58:38 PM | Computer Name = Sarah-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:46:03 PM on 27/09/2009 was unexpected.

Error - 27/09/2009 4:02:38 AM | Computer Name = Sarah-PC | Source = DCOM | ID = 10010
Description =

Error - 27/09/2009 4:05:39 AM | Computer Name = Sarah-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

[RKinner]

Can you submit
C:\Windows\System32\sounds.exe
to http://virustotal.com

I'm pretty sure it's dirty based on where it is located but I'd like to be sure.

If the result comes back clean then remove this line:
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sounds.lnk = C:\Windows\System32\sounds.exe (Microsoft Corporation)

from the following before you continue:

Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************
:OTL
IE - HKCU\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sounds.lnk = C:\Windows\System32\sounds.exe (Microsoft Corporation)
[2010/04/16 14:55:31 | 000,010,878 | -HS- | C] () -- C:\Users\Sarah\AppData\Local\405KS4TEhJ
[2010/04/16 14:55:31 | 000,010,878 | -HS- | C] () -- C:\ProgramData\405KS4TEhJ

:Files
C:\Users\Sarah\AppData\Local\405KS4TEhJ
C:\ProgramData\405KS4TEhJ

:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron

Edited by RKinner, 15 May 2010 - 11:56 PM.

[bl0ndi3_]

okay sorry for the late reply..
i using the uni computers right now.
I have another problem that is even bigger..i cannot access anything properly on my laptop, esp internet explorer. I know this is a different thing, but would you be able to help me possibly. I researched things, but cudn't find a way to remove it.
All i know is that this virus pops up asking me to buy "Antispyware soft" and it won't allow me to access normal computer functions. My current virus software cannot pick it up and neither will malware bytes..
ekk please help...

[bl0ndi3_]

i researched a lil more about the new virus and tried ending the process in tskmgr that ended wit tssd.exe..and the virus pop ups have stopped and i can access the internet but i hav a feeling that "antispyware soft" hasnt gona away..
it has allowed me to do the first scan of sounds.exe that u requested before..
these are the results

File sounds.exe received on 2010.05.22 04:40:19 (UTC)


Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.05.10 Trojan.Adclicker!IK
AhnLab-V3 2010.05.22.00 2010.05.21 Malware/Win32.Trojan Horse
AntiVir 8.2.1.242 2010.05.21 TR/AdClicker.HH.1
Antiy-AVL 2.0.3.7 2010.05.21 -
Authentium 5.2.0.5 2010.05.22 -
Avast 4.8.1351.0 2010.05.22 Win32:Malware-gen
Avast5 5.0.332.0 2010.05.22 Win32:Malware-gen
AVG 9.0.0.787 2010.05.22 -
BitDefender 7.2 2010.05.22 Trojan.Adclicker.HH
CAT-QuickHeal 10.00 2010.05.21 -
ClamAV 0.96.0.3-git 2010.05.22 -
Comodo 4905 2010.05.22 UnclassifiedMalware
DrWeb 5.0.2.03300 2010.05.21 -
eSafe 7.0.17.0 2010.05.20 Win32.TRAdClicker.Hh
eTrust-Vet 35.2.7503 2010.05.21 -
F-Prot 4.6.0.103 2010.05.22 -
F-Secure 9.0.15370.0 2010.05.22 Trojan.Adclicker.HH
Fortinet 4.1.133.0 2010.05.21 -
GData 21 2010.05.22 Trojan.Adclicker.HH
Ikarus T3.1.1.84.0 2010.05.21 Trojan.Adclicker
Jiangmin 13.0.900 2010.05.21 -
Kaspersky 7.0.0.125 2010.05.22 -
McAfee 5.400.0.1158 2010.05.22 -
McAfee-GW-Edition 2010.1 2010.05.21 Artemis!AC2F74A9AEEB
Microsoft 1.5802 2010.05.21 -
NOD32 5136 2010.05.21 probably a variant of Win32/Agent
Norman 6.04.12 2010.05.21 W32/Suspicious_Gen2.AJTHC
nProtect 2010-05-21.01 2010.05.21 Trojan.Adclicker.HH
Panda 10.0.2.7 2010.05.21 Trj/CI.A
PCTools 7.0.3.5 2010.05.22 Trojan.Generic
Prevx 3.0 2010.05.22 -
Rising 22.48.05.01 2010.05.22 Trojan.Win32.Generic.51FFF6DD
Sophos 4.53.0 2010.05.22 -
Sunbelt 6337 2010.05.22 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.05.22 Trojan Horse
TheHacker 6.5.2.0.284 2010.05.20 -
TrendMicro 9.120.0.1004 2010.05.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.05.22 -
VBA32 3.12.12.5 2010.05.21 -
ViRobot 2010.5.20.2326 2010.05.22 -
VirusBuster 5.0.27.0 2010.05.21 -
Additional information
File size: 57344 bytes
MD5...: ac2f74a9aeebd3d715b46564327cc5ff
SHA1..: cc42ebfa192f1a02383a445484e592aabbb10efc
SHA256: 14b3a7953f770feda771b0eaeb0259f3e2e0b493e6ac038b72c9879ea3ed2a66
ssdeep: 384:xC0Eq1+Bxaj7WgPDjdK3LVHe3NBwJYgE2SP8SPDryfWc6WIbj7WgPDjiBx:x
29CF3dKQBwWz8SbWqDF3i

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x17b0
timedatestamp.....: 0x4ae46fac (Sun Oct 25 15:33:00 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9b10 0xa000 5.51 8afabf82ee919b2ac7334833bcb12c32
.data 0xb000 0x1198 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0xd000 0x1d8c 0x2000 4.70 84fdb3df1549d6118a1284d35b7999fd

( 1 imports )
> MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaFreeVar, __vbaLateIdCall, _adj_fdiv_m64, _adj_fprem1, __vbaSetSystemError, __vbaHresultCheckObj, _adj_fdiv_m32, __vbaObjSet, __vbaOnError, _adj_fdiv_m16i, __vbaObjSetAddref, _adj_fdivr_m16i, -, _CIsin, __vbaChkstk, EVENT_SINK_AddRef, __vbaVarTstEq, DllFunctionCall, _adj_fpatan, EVENT_SINK_Release, _CIsqrt, -, EVENT_SINK_QueryInterface, __vbaExceptHandler, -, _adj_fprem, _adj_fdivr_m64, __vbaFPException, __vbaStrVarVal, _CIlog, __vbaR8Str, __vbaNew2, _adj_fdiv_m32i, _adj_fdivr_m32i, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaVarAdd, __vbaStrToAnsi, _CIatan, _allmul, _CItan, _CIexp, __vbaFreeStr, __vbaFreeObj

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Dynamic Link Library (generic) (65.4%)
Generic Win/DOS Executable (17.2%)
DOS Executable Generic (17.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: Copyright © Microsoft Corp
product......: Microsoft_ Windows_ Operating System
description..: Microsoft
original name: sounds.exe
internal name: sounds
file version.: 1.00
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Edited by bl0ndi3_, 21 May 2010 - 10:47 PM.

[RKinner]

OK, wondered what had happened to you. Go ahead and do the last instructions. That will give me a new OTL and a Combofix log so we should be able to see what else needs to be removed. Before tho you may want to Start, Run, msconfig, OK and try to find the line under Startup or Services tabs that starts your ...tssd.exe file then uncheck it. Apply. You don't have to reboot right away. Run OTL with the custom script I gave you last time (make sure you click on Run Fix).

When you reboot you will get msconfig again. Just cancel it for now.

Post your OTL logs then run Combofix and post its log.

I think MalwareBytes Anti-Malware (Step 1 in the malware removal guide at the top of the forum.) is aware of your bug so it should be run too.



Ron

Edited by RKinner, 22 May 2010 - 12:59 PM.

[bl0ndi3_]

well first of all, i couldn't find the tssd.exe under those two headings..so i jst left it
and then i ran otl and this is the quick scan log:
OTL logfile created on: 23/05/2010 11:15:01 AM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 95.32 Gb Free Space | 64.59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/16 13:02:37 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
PRC - [2010/04/21 20:21:42 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 20:21:40 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/16 23:53:37 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/04/02 09:35:25 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/17 19:41:59 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 19:41:55 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 19:41:50 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/17 19:41:49 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/03/09 08:40:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 16:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/08/14 10:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/05/22 09:50:02 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe


========== Modules (SafeList) ==========

MOD - [2010/05/16 13:02:37 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
MOD - [2010/02/26 07:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/10/30 10:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/04/11 16:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 17:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/17 19:41:55 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/17 19:41:50 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 20:21:40 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/17 19:41:59 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 19:41:50 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/09/04 06:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 06:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/09/04 06:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/04/16 10:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2006/11/02 19:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 19:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 19:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 19:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 19:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 19:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 19:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 19:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 19:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 19:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 19:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 19:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 19:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 19:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 19:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 19:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 17:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uws.edu.au/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [asam] C:\Users\Sarah\AppData\Local\asam.exe File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [asam] C:\Users\Sarah\AppData\Local\asam.exe File not found
O4 - HKCU..\Run: [jsgcymdi] C:\Users\Sarah\AppData\Local\vjpueqxdd\npyrouxtssd.exe File not found
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: edu.au ([vuws.uws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: edu.au ([wlan-cmb.uws] https in Trusted sites)
O16 - DPF: {08496B45-6BB1-4F92-A8E6-B9E7978634CB} https://wlan-cmb.uws...e/TrustSite.cab (Trustsite Control)
O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} https://wlan-cmb.uws...e/NetDirect.cab (NetDirect)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{baaec5e8-d4ad-11de-85fb-00a0d191e4b8}\Shell - "" = AutoRun
O33 - MountPoints2\{baaec5e8-d4ad-11de-85fb-00a0d191e4b8}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c5ca9c58-559d-11df-bea8-00a0d191e4b8}\Shell - "" = AutoRun
O33 - MountPoints2\{c5ca9c58-559d-11df-bea8-00a0d191e4b8}\Shell\AutoRun\command - "" = E:\USBAutoRun.exe -- File not found
O33 - MountPoints2\{e3dbb460-974c-11de-ad5a-00a0d191e4b8}\Shell\AutoRun\command - "" = E:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/23 11:03:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/22 20:17:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/05/22 20:17:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/05/22 20:17:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/22 13:57:16 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/05/22 13:57:15 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/05/22 13:57:15 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/05/22 13:57:01 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/05/22 13:57:01 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/05/22 13:56:58 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/05/22 13:56:58 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/05/22 13:56:55 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/05/22 13:56:49 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\PC Tools
[2010/05/22 13:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/05/18 23:15:28 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\vjpueqxdd
[2010/05/16 13:02:32 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010/05/14 20:35:15 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Documents
[2010/05/14 03:01:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/06 10:59:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Favorites\Documents\DVDVideoSoft
[2010/05/06 10:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/05/06 10:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/05/02 13:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/30 21:33:18 | 000,000,000 | ---D | C] -- C:\Sounds
[2010/04/30 21:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2010/04/30 21:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/30 21:25:09 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll
[2010/04/30 21:25:09 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8u.ocx
[2010/04/30 21:25:09 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx
[2010/04/30 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\LG Electronics
[2010/04/30 21:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\LG PC Suite II
[2010/04/24 23:36:15 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Imagic505N
[2010/04/24 23:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ST System Shared
[2010/04/24 23:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\STOIK Imaging
[2010/04/16 17:05:38 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Favorites\Documents\New Folder
[2010/04/16 14:20:48 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Favorites\Documents\Unzipped
[2010/04/16 14:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/04/16 14:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/03/17 19:41:59 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[1 C:\Users\Sarah\Favorites\Documents\*.tmp files -> C:\Users\Sarah\Favorites\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/23 11:16:54 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/23 11:16:54 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/23 11:16:54 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/23 11:15:02 | 005,242,880 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat
[2010/05/23 11:10:17 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/23 11:10:16 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/23 11:10:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/23 11:09:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/23 11:08:14 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TM.blf
[2010/05/23 11:08:13 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TMContainer00000000000000000001.regtrans-ms
[2010/05/23 10:59:58 | 060,290,511 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/22 23:05:23 | 000,360,054 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\us baby.bmp
[2010/05/22 22:28:44 | 000,083,521 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\30806_422048165861_580760861_5865931_880685_n.jpg
[2010/05/22 20:23:24 | 000,270,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/22 20:02:43 | 001,494,624 | -H-- | M] () -- C:\Users\Sarah\AppData\Local\IconCache.db
[2010/05/22 15:20:33 | 000,018,944 | ---- | M] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/22 14:23:19 | 003,194,448 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Scholarships.pdf
[2010/05/22 14:23:19 | 000,124,280 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Unfiled Notes.one
[2010/05/22 14:23:19 | 000,096,768 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\UWS_OHS_Risk_Assessment_and_Control_Form_2008.doc
[2010/05/22 14:23:19 | 000,031,697 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\TIMETABLE AUTUMN.docx
[2010/05/22 14:23:18 | 002,342,394 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\APS stuff.zip
[2010/05/22 14:23:18 | 000,646,139 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\APS PRAC EXAM INFORMATION.docx
[2010/05/22 14:23:18 | 000,441,217 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\DIGITAL PIANO AD.docx
[2010/05/22 14:23:18 | 000,129,194 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\pi bonds conjugation.pdf
[2010/05/22 14:23:18 | 000,039,424 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Assignment_Cover_Sheet.doc
[2010/05/22 14:23:18 | 000,039,265 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Medical MicrobiologyUWS Unit Code.docx
[2010/05/22 14:23:18 | 000,030,160 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Importantdates.pdf
[2010/05/22 14:23:18 | 000,026,481 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Booking Request Confirmation TONI AND GUY.docx
[2010/05/22 14:23:17 | 002,984,484 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\affinity chromatography.pdf
[2010/05/22 13:56:57 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/05/19 22:40:42 | 000,001,356 | ---- | M] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2010/05/16 13:02:37 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010/05/14 20:37:15 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/14 10:42:29 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Favorites\Documents\~$ALYTICAL PROTEIN SCIENCE.docx
[2010/04/30 21:25:25 | 000,001,541 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite II.lnk
[2010/04/25 14:28:54 | 025,488,630 | ---- | M] () -- C:\ProgramData\Imagic50.bmp
[2010/04/24 23:35:50 | 000,000,012 | ---- | M] () -- C:\Users\Sarah\AppData\Roaming\9481
[2010/04/24 23:35:50 | 000,000,012 | ---- | M] () -- C:\Users\Public\Documents\8156
[2010/04/24 23:35:50 | 000,000,012 | ---- | M] () -- C:\Users\Sarah\AppData\Local\2631
[2010/04/24 23:35:50 | 000,000,012 | ---- | M] () -- C:\ProgramData\1548
[2010/04/24 23:35:50 | 000,000,012 | ---- | M] () -- C:\ProgramData\1477
[2010/04/24 23:35:50 | 000,000,012 | ---- | M] () -- C:\ProgramData\0359
[2010/04/24 23:33:12 | 000,000,753 | ---- | M] () -- C:\Users\Public\Desktop\Imagic 5.0.lnk
[2010/04/24 21:45:36 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Favorites\Documents\~$cture 7 - affinity chromatography.docx
[2010/04/21 20:21:40 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/16 17:33:27 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TMContainer00000000000000000002.regtrans-ms
[2010/04/16 17:28:09 | 000,060,544 | ---- | M] () -- C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/16 17:20:04 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/16 17:20:04 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/16 14:29:35 | 000,058,728 | ---- | M] () -- C:\Scriptina.zip
[2010/04/14 14:57:01 | 000,000,087 | ---- | M] () -- C:\Users\Sarah\webct_upload_applet.properties
[2010/04/11 16:02:09 | 000,000,736 | ---- | M] () -- C:\Windows\SamsungMaster.INI
[2010/04/08 14:29:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/04/01 09:54:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/03/30 15:42:26 | 000,222,568 | ---- | M] (STOIK Software) -- C:\Windows\System32\skjpeg40.dll
[2010/03/30 15:42:24 | 000,089,448 | ---- | M] (STOIK Software Ltd.) -- C:\Windows\System32\Skbase40.dll
[2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/03/17 19:41:59 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/17 19:41:59 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/17 19:41:50 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/13 11:00:32 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Favorites\Documents\~$D ESSAY.docx
[2010/03/11 15:54:50 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Favorites\Documents\~$EMANN-PICK DISEASE.docx
[2010/03/11 15:47:19 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010/03/11 15:47:19 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010/03/11 15:47:19 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010/03/11 15:47:19 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010/03/07 15:08:18 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[1 C:\Users\Sarah\Favorites\Documents\*.tmp files -> C:\Users\Sarah\Favorites\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/22 23:05:19 | 000,360,054 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\us baby.bmp
[2010/05/22 22:29:00 | 000,083,521 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\30806_422048165861_580760861_5865931_880685_n.jpg
[2010/05/22 13:57:16 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/05/22 13:57:16 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/05/22 13:57:16 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/05/22 13:57:16 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/05/22 13:57:15 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/05/22 13:57:01 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/05/22 13:56:58 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/05/22 13:56:58 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/05/22 13:56:57 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/05/22 13:56:55 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/05/18 23:17:57 | 000,059,648 | ---- | C] () -- C:\Users\Sarah\AppData\Local\syssvc.exe
[2010/05/14 20:56:01 | 000,646,139 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\APS PRAC EXAM INFORMATION.docx
[2010/05/14 20:36:02 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/14 10:42:29 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Favorites\Documents\~$ALYTICAL PROTEIN SCIENCE.docx
[2010/05/13 18:56:47 | 002,984,484 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\affinity chromatography.pdf
[2010/05/12 11:22:15 | 002,342,394 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\APS stuff.zip
[2010/05/08 16:24:28 | 000,129,194 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\pi bonds conjugation.pdf
[2010/05/08 14:51:00 | 000,441,217 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\DIGITAL PIANO AD.docx
[2010/04/30 21:25:25 | 000,001,541 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite II.lnk
[2010/04/25 14:28:53 | 025,488,630 | ---- | C] () -- C:\ProgramData\Imagic50.bmp
[2010/04/24 23:35:50 | 000,000,012 | ---- | C] () -- C:\Users\Sarah\AppData\Roaming\9481
[2010/04/24 23:35:50 | 000,000,012 | ---- | C] () -- C:\Users\Public\Documents\8156
[2010/04/24 23:35:50 | 000,000,012 | ---- | C] () -- C:\Users\Sarah\AppData\Local\2631
[2010/04/24 23:35:50 | 000,000,012 | ---- | C] () -- C:\ProgramData\1548
[2010/04/24 23:35:50 | 000,000,012 | ---- | C] () -- C:\ProgramData\1477
[2010/04/24 23:35:50 | 000,000,012 | ---- | C] () -- C:\ProgramData\0359
[2010/04/24 23:33:12 | 000,000,753 | ---- | C] () -- C:\Users\Public\Desktop\Imagic 5.0.lnk
[2010/04/24 21:45:36 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Favorites\Documents\~$cture 7 - affinity chromatography.docx
[2010/04/16 17:26:46 | 000,524,288 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TMContainer00000000000000000002.regtrans-ms
[2010/04/16 17:26:45 | 000,524,288 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TMContainer00000000000000000001.regtrans-ms
[2010/04/16 17:26:45 | 000,065,536 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TM.blf
[2010/04/16 14:29:35 | 000,058,728 | ---- | C] () -- C:\Scriptina.zip
[2010/04/12 09:37:49 | 000,039,424 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\Assignment_Cover_Sheet.doc
[2010/04/01 09:54:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/03/13 11:00:32 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Favorites\Documents\~$D ESSAY.docx
[2010/03/11 15:54:50 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Favorites\Documents\~$EMANN-PICK DISEASE.docx
[2010/03/11 15:47:19 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010/03/11 15:47:19 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010/03/11 15:47:19 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010/03/11 15:47:19 | 000,065,536 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010/02/27 13:21:41 | 000,096,768 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\UWS_OHS_Risk_Assessment_and_Control_Form_2008.doc
[2010/02/03 18:14:02 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2010/01/16 20:50:48 | 000,000,238 | ---- | C] () -- C:\Windows\mafosav.INI
[2009/12/23 17:48:09 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/23 17:48:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/17 10:16:04 | 000,021,560 | ---- | C] () -- C:\Windows\System32\drivers\tsk_atapi.sys
[2009/10/26 21:19:13 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2009/10/21 21:00:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/12/19 20:03:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Auslogics
[2009/08/19 20:08:22 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Blitware
[2009/08/19 19:55:27 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\GetRightToGo
[2010/04/24 23:36:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Imagic505N
[2009/08/22 22:42:18 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech
[2010/04/30 21:45:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\LG Electronics
[2009/08/31 09:48:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Nortel
[2009/11/18 09:18:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TrueCrypt
[2009/08/19 20:31:12 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Uniblue
[2010/05/23 11:22:07 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\uTorrent
[2009/09/16 22:23:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WinBatch
[2009/08/19 20:40:37 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2010/05/23 11:08:30 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >



then i tried to perform combofix...it ran for about 2hrs and got up to about stage 47, before the desktop background went black and the mouse icon turned into a loading type (as if it were not responding) and the blue combofix box was minimised. I tried going onto live chat on my other computer, but no one could help me so in the end i just turned off the computer after 3hrs...probably a very bad idea. anyway my computer seems okay, but there is no log and since u said not to run combo fix more than once, i havnt.
also im in the process of running malware bytes right now..

[bl0ndi3_]

this is the malware bytes log
Malwarebytes' Anti-Malware 1.42
Database version: 3383
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

23/05/2010 9:04:51 PM
mbam-log-2010-05-23 (21-04-51).txt

Scan type: Full Scan (C:\|)
Objects scanned: 204921
Time elapsed: 2 hour(s), 22 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[RKinner]

Copy the text between the lines of stars by highlighting and Ctrl + c
********************************************************************************
*******************
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [asam] C:\Users\Sarah\AppData\Local\asam.exe File not found
O4 - HKCU..\Run: [asam] C:\Users\Sarah\AppData\Local\asam.exe File not found
O4 - HKCU..\Run: [jsgcymdi] C:\Users\Sarah\AppData\Local\vjpueqxdd\npyrouxtssd.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; File not found

:Files
C:\Users\Sarah\AppData\Roaming\9481
C:\Users\Public\Documents\8156
C:\Users\Sarah\AppData\Local\2631
C:\ProgramData\1548
C:\ProgramData\1477
C:\ProgramData\0359
C:\Users\Sarah\AppData\Local\syssvc.exe
C:\Users\Sarah\AppData\Local\vjpueqxdd
C:\Users\Public\Desktop\Imagic 5.0.lnk

:Commands
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Combofix usually takes about 10 minutes. Did you turn off AVG before you downloaded and ran it?

Try downloading it again with AVG off and rename it george2.exe this time. Then try to run it.

Ron

[bl0ndi3_]

OTL logfile created on: 24/05/2010 8:33:38 PM - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Sarah\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 94.48 Gb Free Space | 64.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-PC
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/23 16:32:26 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/23 16:31:58 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/05/23 16:11:27 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/05/23 16:11:23 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/05/23 16:11:16 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/05/23 16:11:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/05/16 13:02:37 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
PRC - [2010/04/16 23:53:37 | 000,319,792 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/08/14 10:14:20 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/05/22 09:50:02 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe


========== Modules (SafeList) ==========

MOD - [2010/05/23 16:34:30 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2010/05/16 13:02:37 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
MOD - [2009/04/11 16:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 17:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/23 16:11:02 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/25 11:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2008/01/19 17:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/05/23 16:34:26 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/05/23 16:34:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/05/23 16:34:05 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/09/04 06:28:22 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/09/04 06:27:54 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/09/04 06:27:28 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/08/14 10:40:40 | 000,203,312 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/04/16 10:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2006/11/02 19:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 19:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 19:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 19:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 19:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 19:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 19:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 19:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 19:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 19:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 19:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 19:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 19:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 19:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 19:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 19:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 19:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 19:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 19:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 17:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uws.edu.au/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>



O1 HOSTS File: ([2006/09/19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo!7 Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: edu.au ([vuws.uws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: edu.au ([wlan-cmb.uws] https in Trusted sites)
O16 - DPF: {08496B45-6BB1-4F92-A8E6-B9E7978634CB} https://wlan-cmb.uws...e/TrustSite.cab (Trustsite Control)
O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} https://wlan-cmb.uws...e/NetDirect.cab (NetDirect)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Sarah\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/24 20:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/05/23 16:34:26 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/23 16:34:21 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/23 16:34:07 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/23 16:34:01 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/23 16:34:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/05/23 16:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/05/23 16:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/05/23 15:45:13 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Local\temp
[2010/05/23 12:18:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/05/23 12:18:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/05/23 12:18:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/05/23 12:17:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/05/23 12:17:41 | 000,000,000 | --SD | C] -- C:\george.exe
[2010/05/23 12:16:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/05/23 11:52:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/23 11:03:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/22 20:17:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/05/22 20:17:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/05/22 20:17:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/16 13:02:32 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010/05/14 20:35:15 | 000,000,000 | R--D | C] -- C:\Users\Sarah\Documents
[2010/05/06 10:59:31 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Favorites\Documents\DVDVideoSoft
[2010/05/06 10:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/05/06 10:58:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010/05/02 13:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/30 21:33:18 | 000,000,000 | ---D | C] -- C:\Sounds
[2010/04/30 21:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2010/04/30 21:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/30 21:25:09 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll
[2010/04/30 21:25:09 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8u.ocx
[2010/04/30 21:25:09 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx
[2010/04/30 21:24:52 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\LG Electronics
[2010/04/30 21:24:50 | 000,000,000 | ---D | C] -- C:\Program Files\LG PC Suite II
[2010/04/24 23:36:15 | 000,000,000 | ---D | C] -- C:\Users\Sarah\AppData\Roaming\Imagic505N
[2010/04/24 23:36:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ST System Shared
[2010/04/24 23:33:12 | 000,000,000 | ---D | C] -- C:\Program Files\STOIK Imaging
[2010/04/16 17:05:38 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Favorites\Documents\New Folder
[2010/04/16 14:20:48 | 000,000,000 | ---D | C] -- C:\Users\Sarah\Favorites\Documents\Unzipped
[2010/04/16 14:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010/04/16 14:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[1 C:\Users\Sarah\Favorites\Documents\*.tmp files -> C:\Users\Sarah\Favorites\Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/24 20:38:43 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/24 20:38:43 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/24 20:38:43 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/24 20:33:33 | 005,242,880 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat
[2010/05/24 20:31:23 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/24 20:31:23 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/24 20:31:19 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/24 20:31:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/24 20:28:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/24 20:26:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/24 20:26:39 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TMContainer00000000000000000001.regtrans-ms
[2010/05/24 20:26:39 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TM.blf
[2010/05/24 20:19:46 | 000,017,920 | ---- | M] () -- C:\Users\Sarah\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 20:18:38 | 060,322,973 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/23 22:06:58 | 002,056,487 | -H-- | M] () -- C:\Users\Sarah\AppData\Local\IconCache.db
[2010/05/23 16:59:43 | 003,194,448 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Scholarships.pdf
[2010/05/23 16:59:43 | 000,441,217 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\DIGITAL PIANO AD.docx
[2010/05/23 16:59:43 | 000,360,054 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\us baby.bmp
[2010/05/23 16:59:43 | 000,129,194 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\pi bonds conjugation.pdf
[2010/05/23 16:59:43 | 000,124,280 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Unfiled Notes.one
[2010/05/23 16:59:43 | 000,096,768 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\UWS_OHS_Risk_Assessment_and_Control_Form_2008.doc
[2010/05/23 16:59:43 | 000,039,265 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Medical MicrobiologyUWS Unit Code.docx
[2010/05/23 16:59:43 | 000,031,697 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\TIMETABLE AUTUMN.docx
[2010/05/23 16:59:43 | 000,030,160 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Importantdates.pdf
[2010/05/23 16:59:42 | 002,342,394 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\APS stuff.zip
[2010/05/23 16:59:42 | 000,646,139 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\APS PRAC EXAM INFORMATION.docx
[2010/05/23 16:59:42 | 000,039,424 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Assignment_Cover_Sheet.doc
[2010/05/23 16:59:42 | 000,026,481 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\Booking Request Confirmation TONI AND GUY.docx
[2010/05/23 16:59:41 | 002,984,484 | ---- | M] () -- C:\Users\Sarah\Favorites\Documents\affinity chromatography.pdf
[2010/05/23 16:34:30 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/05/23 16:34:30 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/05/23 16:34:26 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/05/23 16:34:08 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/05/23 16:34:05 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/23 16:34:01 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/23 11:40:53 | 003,693,807 | R--- | M] () -- C:\Users\Sarah\Desktop\george.exe.exe
[2010/05/22 20:23:24 | 000,270,864 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/19 22:40:42 | 000,001,356 | ---- | M] () -- C:\Users\Sarah\AppData\Local\d3d9caps.dat
[2010/05/16 13:02:37 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Sarah\Desktop\OTL.exe
[2010/05/14 20:37:15 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/14 10:42:29 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Favorites\Documents\~$ALYTICAL PROTEIN SCIENCE.docx
[2010/04/30 21:25:25 | 000,001,541 | ---- | M] () -- C:\Users\Public\Desktop\LG PC Suite II.lnk
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010/04/25 14:28:54 | 025,488,630 | ---- | M] () -- C:\ProgramData\Imagic50.bmp
[2010/04/24 21:45:36 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Favorites\Documents\~$cture 7 - affinity chromatography.docx
[2010/04/16 17:33:27 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TMContainer00000000000000000002.regtrans-ms
[2010/04/16 17:28:09 | 000,060,544 | ---- | M] () -- C:\Users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/16 17:20:04 | 000,524,288 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/16 17:20:04 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/16 14:29:35 | 000,058,728 | ---- | M] () -- C:\Scriptina.zip
[2010/04/14 14:57:01 | 000,000,087 | ---- | M] () -- C:\Users\Sarah\webct_upload_applet.properties
[2010/04/11 16:02:09 | 000,000,736 | ---- | M] () -- C:\Windows\SamsungMaster.INI
[2010/04/01 09:54:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/03/30 15:42:26 | 000,222,568 | ---- | M] (STOIK Software) -- C:\Windows\System32\skjpeg40.dll
[2010/03/30 15:42:24 | 000,089,448 | ---- | M] (STOIK Software Ltd.) -- C:\Windows\System32\Skbase40.dll
[2010/03/13 11:00:32 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Favorites\Documents\~$D ESSAY.docx
[2010/03/11 15:54:50 | 000,000,162 | -H-- | M] () -- C:\Users\Sarah\Favorites\Documents\~$EMANN-PICK DISEASE.docx
[2010/03/11 15:47:19 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010/03/11 15:47:19 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010/03/11 15:47:19 | 001,048,576 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010/03/11 15:47:19 | 000,065,536 | -HS- | M] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010/03/07 15:08:18 | 000,000,934 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[1 C:\Users\Sarah\Favorites\Documents\*.tmp files -> C:\Users\Sarah\Favorites\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/24 20:28:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/05/24 20:26:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/23 16:34:30 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/05/23 16:34:01 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/05/23 16:34:00 | 060,322,973 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/23 12:18:34 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/05/23 12:18:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/05/23 12:18:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/05/23 12:18:34 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/05/23 12:18:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/05/23 11:40:43 | 003,693,807 | R--- | C] () -- C:\Users\Sarah\Desktop\george.exe.exe
[2010/05/22 23:05:19 | 000,360,054 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\us baby.bmp
[2010/05/14 20:56:01 | 000,646,139 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\APS PRAC EXAM INFORMATION.docx
[2010/05/14 20:36:02 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/14 10:42:29 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Favorites\Documents\~$ALYTICAL PROTEIN SCIENCE.docx
[2010/05/13 18:56:47 | 002,984,484 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\affinity chromatography.pdf
[2010/05/12 11:22:15 | 002,342,394 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\APS stuff.zip
[2010/05/08 16:24:28 | 000,129,194 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\pi bonds conjugation.pdf
[2010/05/08 14:51:00 | 000,441,217 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\DIGITAL PIANO AD.docx
[2010/04/30 21:25:25 | 000,001,541 | ---- | C] () -- C:\Users\Public\Desktop\LG PC Suite II.lnk
[2010/04/25 14:28:53 | 025,488,630 | ---- | C] () -- C:\ProgramData\Imagic50.bmp
[2010/04/24 21:45:36 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Favorites\Documents\~$cture 7 - affinity chromatography.docx
[2010/04/16 17:26:46 | 000,524,288 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TMContainer00000000000000000002.regtrans-ms
[2010/04/16 17:26:45 | 000,524,288 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TMContainer00000000000000000001.regtrans-ms
[2010/04/16 17:26:45 | 000,065,536 | -HS- | C] () -- C:\Users\Sarah\ntuser.dat{89fadcc5-4920-11df-ad21-00a0d191e4b8}.TM.blf
[2010/04/16 14:29:35 | 000,058,728 | ---- | C] () -- C:\Scriptina.zip
[2010/04/12 09:37:49 | 000,039,424 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\Assignment_Cover_Sheet.doc
[2010/04/01 09:54:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/03/13 11:00:32 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Favorites\Documents\~$D ESSAY.docx
[2010/03/11 15:54:50 | 000,000,162 | -H-- | C] () -- C:\Users\Sarah\Favorites\Documents\~$EMANN-PICK DISEASE.docx
[2010/03/11 15:47:19 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2010/03/11 15:47:19 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2010/03/11 15:47:19 | 001,048,576 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2010/03/11 15:47:19 | 000,065,536 | -HS- | C] () -- C:\Users\Sarah\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2010/02/27 13:21:41 | 000,096,768 | ---- | C] () -- C:\Users\Sarah\Favorites\Documents\UWS_OHS_Risk_Assessment_and_Control_Form_2008.doc
[2010/02/03 18:14:02 | 000,000,736 | ---- | C] () -- C:\Windows\SamsungMaster.INI
[2010/01/16 20:50:48 | 000,000,238 | ---- | C] () -- C:\Windows\mafosav.INI
[2009/12/23 17:48:09 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/12/23 17:48:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/12/17 10:16:04 | 000,021,560 | ---- | C] () -- C:\Windows\System32\drivers\tsk_atapi.sys
[2009/10/26 21:19:13 | 000,000,035 | ---- | C] () -- C:\Windows\A5W.INI
[2009/10/21 21:00:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2009/12/19 20:03:36 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Auslogics
[2009/08/19 20:08:22 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Blitware
[2009/08/19 19:55:27 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\GetRightToGo
[2010/04/24 23:36:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Imagic505N
[2009/08/22 22:42:18 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Leadertech
[2010/04/30 21:45:15 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\LG Electronics
[2009/08/31 09:48:02 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Nortel
[2009/11/18 09:18:31 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\TrueCrypt
[2009/08/19 20:31:12 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\Uniblue
[2010/05/24 20:32:53 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\uTorrent
[2009/09/16 22:23:08 | 000,000,000 | ---D | M] -- C:\Users\Sarah\AppData\Roaming\WinBatch
[2009/08/19 20:40:37 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2010/05/24 20:28:36 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >




i haven't done the combofix again yet, got too much study to do, however i will do it sometime within the next two days. Just letting you know that i did try to disable avg, but cud only disable everything but the antivirus and atnispyware, so i uninstalled it and installed it again after.

by the way the little box is gone now..thank you so much!

[bl0ndi3_]

this is the combofix txt
ComboFix 10-05-28.02 - Sarah 29/05/2010 12:02:05.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.2038.1093 [GMT 10:00]
Running from: c:\users\Sarah\Desktop\george2.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Sarah\AppData\Roaming\blank.exe
c:\windows\system32\system

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.

2010-05-29 02:10 . 2010-05-29 02:11 -------- d-----w- c:\users\Sarah\AppData\Local\temp
2010-05-29 02:10 . 2010-05-29 02:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-26 23:33 . 2010-05-26 23:33 -------- d-----w- c:\windows\LastGood.Tmp
2010-05-26 12:50 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-25 17:01 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-05-25 17:01 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-05-25 17:01 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-05-24 10:28 . 2010-05-24 10:28 -------- d-----w- c:\program files\Windows Portable Devices
2010-05-24 10:23 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-05-24 10:21 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-24 10:21 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-24 10:21 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-23 01:19 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-23 01:19 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-23 01:19 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-23 01:03 . 2010-05-23 01:03 -------- d-----w- C:\_OTL
2010-05-22 10:17 . 2010-05-22 10:18 -------- d-----w- c:\windows\system32\ca-ES
2010-05-22 10:17 . 2010-05-22 10:18 -------- d-----w- c:\windows\system32\eu-ES
2010-05-22 10:17 . 2010-05-22 10:18 -------- d-----w- c:\windows\system32\vi-VN
2010-05-13 12:42 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-06 00:58 . 2010-05-21 05:30 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-05-06 00:58 . 2010-05-06 00:58 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-02 03:56 . 2010-05-02 03:56 -------- d-----w- c:\program files\MSXML 4.0
2010-04-30 11:33 . 2010-04-30 11:33 -------- d-----w- C:\Sounds
2010-04-30 11:27 . 2008-09-03 20:28 19968 ----a-w- c:\windows\system32\drivers\lgusbdiag.sys
2010-04-30 11:27 . 2008-09-03 20:27 24832 ----a-w- c:\windows\system32\drivers\lgusbmodem.sys
2010-04-30 11:27 . 2008-09-03 20:27 13056 ----a-w- c:\windows\system32\drivers\lgusbbus.sys
2010-04-30 11:27 . 2010-04-30 11:27 -------- d-----w- c:\program files\LG Electronics
2010-04-30 11:26 . 2010-04-30 11:26 -------- d-----w- c:\program files\Common Files\InstallShield
2010-04-30 11:25 . 2007-11-08 06:26 1164728 ----a-w- c:\windows\system32\NMSDVDXU.dll
2010-04-30 11:24 . 2010-04-30 11:45 -------- d-----w- c:\users\Sarah\AppData\Roaming\LG Electronics
2010-04-30 11:24 . 2010-05-02 04:18 -------- d-----w- c:\program files\LG PC Suite II

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 02:08 . 2009-08-22 03:11 -------- d-----w- c:\users\Sarah\AppData\Roaming\uTorrent
2010-05-26 03:57 . 2009-08-19 02:25 1356 ----a-w- c:\users\Sarah\AppData\Local\d3d9caps.dat
2010-05-24 10:28 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-24 10:28 . 2010-05-24 10:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-05-24 10:26 . 2010-05-24 10:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-22 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-05-22 10:19 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-22 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-05-22 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-05-22 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-05-22 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-05-22 10:19 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-05-22 09:41 . 2009-11-17 23:16 -------- d-----w- c:\program files\TrueCrypt
2010-05-21 04:14 . 2009-10-03 05:02 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-14 10:36 . 2009-08-20 11:05 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-13 17:01 . 2009-08-20 10:41 -------- d-----w- c:\programdata\Microsoft Help
2010-05-07 02:17 . 2009-09-25 06:11 -------- d-----w- c:\users\Sarah\AppData\Roaming\vlc
2010-04-30 11:27 . 2009-09-16 12:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-24 13:36 . 2010-04-24 13:36 -------- d-----w- c:\users\Sarah\AppData\Roaming\Imagic505N
2010-04-24 13:36 . 2010-04-24 13:36 -------- d-----w- c:\program files\Common Files\ST System Shared
2010-04-24 13:33 . 2010-04-24 13:33 -------- d-----w- c:\program files\STOIK Imaging
2010-04-17 02:37 . 2009-08-22 03:12 -------- d-----w- c:\program files\uTorrent
2010-04-16 07:28 . 2009-08-19 02:26 60544 ----a-w- c:\users\Sarah\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-16 04:29 . 2010-04-16 04:29 58728 ----a-w- C:\Scriptina.zip
2010-04-16 04:13 . 2010-04-16 04:12 -------- d-----w- c:\programdata\WinZip
2010-03-31 23:54 . 2010-03-31 23:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-03-30 05:42 . 2009-12-23 07:47 222568 ----a-w- c:\windows\system32\skjpeg40.dll
2010-03-30 05:42 . 2009-12-23 07:47 89448 ----a-w- c:\windows\system32\Skbase40.dll
2010-03-05 14:01 . 2010-04-13 20:46 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-04-16 319792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-19 149280]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-21 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):8a,0b,67,f7,98,f9,ca,01

R3 NetDirect;TAP-Win32 NetDirect Adapter;c:\windows\system32\DRIVERS\NetDirect.sys [x]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://uws.edu.au/
uInternet Settings,ProxyOverride = <local>
Trusted Zone: edu.au\vuws.uws
Trusted Zone: edu.au\wlan-cmb.uws
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 12:11
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-05-29 12:17:16
ComboFix-quarantined-files.txt 2010-05-29 02:16

Pre-Run: 102,969,073,664 bytes free
Post-Run: 103,893,929,984 bytes free

- - End Of File - - B1FE34281435AE6782B284B64EFEB4E7


thank you for all your help

[RKinner]

Looks clean of malware.


We need to clean up System Restore. First create a Restore Point:
right click on Computer and select Properties and System Protection (Continue) and then Create (at the bottom). OK Give it a name like Clean and then Create. OK. OK.

Once you have created a Restore Point:

Start (Windows Logo Button), Programs, Accessories, Right click on Command Prompt and select Run As Administrator, then type with an Enter after each line:

cleanmgr

Select "Files from All Users."
Continue

Select OS (C:)
OK

It will think for a few minutes.

Then come up with a few suggestions. Ignore those and press More Options. Under System Restore and Shadow Copies, click Clean Up and let it do its thing.

I usually recommend a free BitDefender online scan as a final check to see if we missed anything. http://www.bitdefend...nline/free.html

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george2.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.



You do not have the latest Java. Java™ 6 Update 20 Get the latest at:

http://www.java.com/...nload/index.jsp


Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 17

which is new enough that Java may remove it when it updates so you may not find it.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on.

If your current antivirus is not a paid up subscription you should dump it and install the free Avast
http://www.avast.com...avast-home.html


Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

Ron

[bl0ndi3_]

Thank you so much for your help...it is very much appreciated