OTL logfile created on: 2/23/2011 3:29:54 PM - Run 2
OTL by OldTimer - Version 3.2.21.0     Folder = D:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 132.34 Gb Total Space | 100.15 Gb Free Space | 75.68% Space Free | Partition Type: NTFS
Drive D: | 32.00 Gb Total Space | 9.36 Gb Free Space | 29.26% Space Free | Partition Type: NTFS
Drive E: | 9.90 Gb Total Space | 5.31 Gb Free Space | 53.57% Space Free | Partition Type: NTFS
Drive F: | 6.14 Gb Total Space | 4.88 Gb Free Space | 79.48% Space Free | Partition Type: NTFS
Drive G: | 137.99 Gb Total Space | 135.08 Gb Free Space | 97.89% Space Free | Partition Type: NTFS
Drive J: | 156.75 Gb Total Space | 49.67 Gb Free Space | 31.68% Space Free | Partition Type: NTFS
Drive P: | 138.42 Gb Total Space | 53.54 Gb Free Space | 38.68% Space Free | Partition Type: NTFS
 
Computer Name: 500G | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/02/23 15:23:42 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(7).exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/02/23 15:23:42 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(7).exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] --  -- (VideoAcceleratorService)
SRV - File not found [Auto | Stopped] --  -- (LMIRescue_b9595b08-002a-4985-a11a-56836c85b324) LogMeIn Rescue (b9595b08-002a-4985-a11a-56836c85b324)
SRV - File not found [Auto | Stopped] --  -- (LMIRescue_7127b22c-6975-4f47-acfc-689b89ff9f3d) LogMeIn Rescue (7127b22c-6975-4f47-acfc-689b89ff9f3d)
SRV - [2010/09/13 09:24:00 | 003,511,496 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- D:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/07/09 02:35:40 | 000,055,904 | ---- | M] (F-Secure Corporation) [On_Demand | Stopped] -- J:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/07/09 02:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- J:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/07/09 02:33:14 | 000,522,848 | ---- | M] () [On_Demand | Stopped] -- J:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/07/09 02:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Stopped] -- J:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008/12/09 14:01:22 | 000,024,576 | ---- | M] (Intuit) [Auto | Stopped] -- D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/11/18 14:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/07/09 22:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Stopped] -- G:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB19)
SRV - [2008/07/09 22:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) [Auto | Stopped] -- G:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17)
SRV - [2006/06/26 10:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- D:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] () [Auto | Stopped] -- d:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- F:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/02/19 11:11:31 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/12/25 08:31:41 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2010/12/25 08:31:04 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide)
DRV - [2010/12/23 12:09:44 | 000,096,600 | ---- | M] (Tonec Inc.) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/08/15 01:52:20 | 000,041,256 | ---- | M] () [Kernel | Boot | Stopped] -- D:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010/08/15 01:51:49 | 000,124,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- J:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010/08/10 10:58:01 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/25 18:45:57 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/07/09 02:34:18 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Stopped] -- J:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/07/09 02:33:14 | 000,080,000 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/07/09 02:31:24 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- J:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/07/09 02:31:24 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- J:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/04/30 21:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/02/25 19:22:12 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 19:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/08/22 02:16:40 | 000,096,384 | R--- | M] (Dynex                                                       ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/26 10:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 10:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 10:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/22 15:29:47 | 000,961,072 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC)
DRV - [2006/06/22 15:29:47 | 000,020,272 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2006/06/22 15:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/22 15:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2006/06/22 15:29:40 | 001,413,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2006/05/05 19:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/10/20 07:30:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2005/09/12 20:15:36 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/03/10 06:42:00 | 000,227,584 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\m4cxw2k3.sys -- (m4cxw2k3)
DRV - [2004/12/01 18:33:00 | 000,043,008 | R--- | M] (D-Link                              ) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2004/08/19 07:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 06:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1078081533-861567501-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.9.8
 
FF - HKLM\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: J:\Program Files\F-Secure Internet Security\NRS\litmus-ff@f-secure.com [2010/08/15 01:46:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/08/25 11:57:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\fiddlerhook@fiddler2.com: g:\Program Files\Fiddler2\FiddlerHook [2011/01/11 15:47:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: J:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: J:\Program Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2011/02/17 08:42:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2011/01/17 13:00:58 | 000,000,000 | ---D | M]
 
[2011/02/17 08:42:29 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/02/23 14:54:44 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0ncc9jh8.default\extensions
[2011/02/17 10:32:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0ncc9jh8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/25 11:57:53 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- D:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2009/06/17 04:23:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/01/11 15:47:39 | 000,000,000 | ---D | M] (FiddlerHook) -- G:\PROGRAM FILES\FIDDLER2\FIDDLERHOOK
[2009/06/16 11:21:38 | 000,000,000 | ---D | M] (Java Console) -- G:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/06/17 04:24:02 | 000,000,000 | ---D | M] (Java Console) -- G:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2010/08/15 01:46:21 | 000,000,000 | ---D | M] ("Browsing Protection") -- J:\PROGRAM FILES\F-SECURE INTERNET SECURITY\NRS\LITMUS-FF@F-SECURE.COM
 
O1 HOSTS File: ([2011/02/23 15:25:22 | 000,000,098 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - J:\Program Files\F-Secure Internet Security\NRS\iescript\BaseLitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - J:\Program Files\F-Secure Internet Security\NRS\iescript\BaseLitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - g:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O4 - HKLM..\Run: [F-Secure Manager] J:\Program Files\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] J:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] D:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] D:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] D:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [NetWorx] D:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk = G:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-861567501-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - g:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - g:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - J:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - G:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/29 17:47:16 | 000,000,030 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/02/23 15:25:20 | 000,000,000 | ---D | C] -- D:\_OTL
[2011/02/23 15:23:42 | 000,577,024 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(7).exe
[2011/02/23 14:56:35 | 000,577,024 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(6).exe
[2011/02/23 13:04:33 | 000,000,000 | ---D | C] -- D:\RK_Quarantine
[2011/02/21 15:04:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/02/21 15:04:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/02/21 14:30:08 | 000,098,392 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/02/21 14:30:08 | 000,027,984 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\sbbd.exe
[2011/02/19 12:14:06 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/17 11:50:38 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/02/17 11:50:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/17 11:35:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/02/17 11:22:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2011/02/17 10:33:16 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents\Downloads
[2011/02/17 10:32:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/02/17 10:32:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Adobe
[2011/02/17 08:43:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Sun
[2011/02/17 08:42:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\f-secure
[2011/02/17 08:42:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/02/17 08:42:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/02/17 08:40:55 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Administrator\IETldCache
[2011/02/17 08:40:39 | 000,000,000 | --SD | C] -- D:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/02/17 08:40:39 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\SendTo
[2011/02/17 08:40:39 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Administrator\Application Data
[2011/02/17 08:40:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/02/17 08:40:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Start Menu
[2011/02/17 08:40:39 | 000,000,000 | R--D | C] -- D:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/02/17 08:40:39 | 000,000,000 | -HSD | C] -- D:\Documents and Settings\Administrator\Cookies
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Templates
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Recent
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\PrintHood
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\NetHood
[2011/02/17 08:40:39 | 000,000,000 | -H-D | C] -- D:\Documents and Settings\Administrator\Local Settings
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\My Documents
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Favorites
[2011/02/17 08:40:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Administrator\Desktop
[2011/02/16 08:47:57 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC
[2011/02/12 06:15:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/02/12 06:15:17 | 000,671,744 | ---- | C] (Lake Technology Limited, http://www.lake.com.au) -- D:\WINDOWS\System32\DolbyHph.dll
[2011/02/10 11:03:35 | 000,000,000 | ---D | C] -- D:\WINDOWS\Profiles
[2011/02/02 10:07:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2011/02/02 10:06:58 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Logitech
[2011/02/02 10:06:47 | 000,000,000 | ---D | C] -- D:\Program Files\Logitech
[2011/02/02 10:06:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Logitech
[2011/01/25 07:47:51 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/01/25 07:47:30 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Silverlight
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/02/23 15:27:24 | 000,001,374 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/02/23 15:27:08 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/02/23 15:25:22 | 000,000,098 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\Hosts
[2011/02/23 15:24:32 | 000,000,302 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/23 15:24:32 | 000,000,294 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/23 15:23:42 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(7).exe
[2011/02/23 15:22:29 | 004,270,215 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/02/23 14:56:35 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Administrator\Desktop\OTL(6).exe
[2011/02/23 14:42:47 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL(5).exe
[2011/02/23 13:36:15 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL(4).exe
[2011/02/23 13:26:17 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL(3).exe
[2011/02/23 13:24:42 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL(2).exe
[2011/02/23 13:17:30 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/23 12:54:18 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\lvuvc.hs
[2011/02/23 11:29:01 | 000,830,464 | ---- | M] () -- D:\RogueKiller.exe
[2011/02/23 10:45:29 | 000,000,290 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-1003.job
[2011/02/23 10:42:00 | 000,001,002 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-725345543-1003UA.job
[2011/02/23 00:42:00 | 000,000,950 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-725345543-1003Core.job
[2011/02/22 16:16:48 | 000,000,730 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\.wtav
[2011/02/22 10:25:06 | 000,577,024 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/02/22 10:24:47 | 000,258,560 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\OTH.scr
[2011/02/22 07:22:56 | 000,007,680 | ---- | M] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 14:59:55 | 013,650,040 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\SAS_528E43B7.COM
[2011/02/21 14:30:27 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\SBRC.dat
[2011/02/19 12:53:57 | 083,873,792 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\VIPRERescue8471.exe
[2011/02/19 12:05:05 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/02/19 12:03:12 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\uSeRiNiT.exe
[2011/02/19 12:02:56 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\WiNlOgOn.exe
[2011/02/19 12:00:53 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.scr
[2011/02/19 12:00:45 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.com
[2011/02/19 12:00:31 | 000,721,253 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/02/19 12:00:13 | 000,294,400 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\explorer.exe
[2011/02/19 12:00:06 | 000,294,400 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\exeHelper.scr
[2011/02/19 11:59:37 | 000,294,400 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\exeHelper.com
[2011/02/19 11:11:31 | 000,016,968 | ---- | M] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/17 12:14:58 | 000,053,888 | ---- | M] () -- D:\WINDOWS\System32\drivers\vbma4e99.sys
[2011/02/17 08:43:21 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2011/02/17 08:43:02 | 000,000,618 | ---- | M] () -- D:\Documents and Settings\Administrator\Desktop\Shortcut to firefox.lnk
[2011/02/13 12:10:06 | 000,212,880 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/12 15:57:45 | 000,000,298 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-1003.job
[2011/02/02 10:07:02 | 000,001,891 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Logitech QuickCam 10.0.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/02/23 15:21:56 | 004,270,215 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/02/23 14:42:46 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL(5).exe
[2011/02/23 13:36:14 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL(4).exe
[2011/02/23 13:26:17 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL(3).exe
[2011/02/23 13:24:42 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL(2).exe
[2011/02/23 13:17:30 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/02/23 11:36:52 | 000,830,464 | ---- | C] () -- D:\RogueKiller.exe
[2011/02/22 10:32:14 | 000,577,024 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTL.scr
[2011/02/22 10:32:10 | 000,258,560 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\OTH.scr
[2011/02/22 07:22:53 | 000,007,680 | ---- | C] () -- D:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/21 15:03:57 | 013,650,040 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\SAS_528E43B7.COM
[2011/02/21 14:30:27 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\SBRC.dat
[2011/02/21 14:27:49 | 083,873,792 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\VIPRERescue8471.exe
[2011/02/19 12:14:07 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\uSeRiNiT.exe
[2011/02/19 12:14:07 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.scr
[2011/02/19 12:14:07 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.exe
[2011/02/19 12:14:07 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\rkill.com
[2011/02/19 12:14:06 | 000,721,253 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\WiNlOgOn.exe
[2011/02/19 12:14:06 | 000,294,400 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\explorer.exe
[2011/02/19 12:14:06 | 000,294,400 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\exeHelper.scr
[2011/02/19 12:14:06 | 000,294,400 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\exeHelper.com
[2011/02/17 11:35:36 | 000,016,968 | ---- | C] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/17 10:32:18 | 000,000,302 | ---- | C] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/17 10:32:18 | 000,000,294 | ---- | C] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-500.job
[2011/02/17 08:43:02 | 000,000,618 | ---- | C] () -- D:\Documents and Settings\Administrator\Desktop\Shortcut to firefox.lnk
[2011/02/17 08:40:39 | 000,001,599 | ---- | C] () -- D:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/02/17 08:40:39 | 000,000,792 | ---- | C] () -- D:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/02/16 07:32:54 | 000,000,730 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\.wtav
[2011/02/10 11:04:46 | 000,038,796 | ---- | C] () -- D:\WINDOWS\System\Gidem___.ttf
[2011/02/10 11:04:46 | 000,033,140 | ---- | C] () -- D:\WINDOWS\System\Koinm___.ttf
[2011/02/10 11:04:46 | 000,001,321 | ---- | C] () -- D:\WINDOWS\System\Gidem___.fot
[2011/02/10 11:04:46 | 000,001,319 | ---- | C] () -- D:\WINDOWS\System\Koinm___.fot
[2011/02/02 10:13:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\lvuvc.hs
[2011/02/02 10:13:48 | 000,022,334 | R--- | C] () -- D:\WINDOWS\System32\lvcoinst.ini
[2011/02/02 10:13:48 | 000,004,770 | R--- | C] () -- D:\WINDOWS\System32\Repository.reg
[2011/02/02 10:07:02 | 000,001,891 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Logitech QuickCam 10.0.lnk
[2011/01/06 07:24:05 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2010/08/23 11:15:17 | 000,000,095 | ---- | C] () -- D:\WINDOWS\QBChanUtil_Trigger.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.dll
[2009/08/02 16:18:09 | 000,061,440 | R--- | C] () -- D:\WINDOWS\System32\vuins32.dll
[2009/06/14 07:56:19 | 000,007,173 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/06/13 17:32:10 | 000,139,264 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2009/06/13 17:32:09 | 000,524,288 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2009/06/13 16:03:18 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\rmc_rtspdl.dll
[2009/06/13 15:19:31 | 000,257,536 | ---- | C] () -- D:\WINDOWS\System32\hdkernel.dll
[2009/06/13 13:48:06 | 000,041,256 | ---- | C] () -- D:\WINDOWS\System32\drivers\fsbts.sys
[2009/06/13 13:29:18 | 000,000,050 | ---- | C] () -- D:\WINDOWS\MegaManager.INI
[2009/06/13 12:44:05 | 000,014,848 | ---- | C] () -- D:\WINDOWS\System32\EuEpmGdi.dll
[2009/06/13 12:44:05 | 000,008,704 | ---- | C] () -- D:\WINDOWS\System32\epmntdrv.sys
[2009/06/13 12:44:05 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\EuGdiDrv.sys
[2009/06/13 05:44:05 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2006/07/17 11:11:36 | 000,667,280 | ---- | C] () -- D:\WINDOWS\System32\tx12.dll
[2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- D:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006/04/23 08:36:58 | 000,532,480 | ---- | C] () -- D:\WINDOWS\System32\js32T.dll
[2006/02/28 05:00:00 | 000,053,888 | ---- | C] () -- D:\WINDOWS\System32\drivers\vbma4e99.sys
[2006/02/09 02:20:00 | 000,000,530 | ---- | C] () -- D:\WINDOWS\System32\tx12_ic.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/02/17 08:42:33 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Administrator\Application Data\f-secure
[2010/08/23 11:03:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\COMMON FILES
[2010/10/03 15:07:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DivoGames
[2010/08/15 01:46:25 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\f-secure
[2009/06/13 13:05:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\fssg
[2010/10/03 15:05:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\HipSoft
[2011/02/17 11:35:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro
[2009/06/13 20:44:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/07/25 18:45:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SoftPerfect
[2009/06/14 11:31:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Speedbit
[2010/08/23 11:25:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2010/10/03 23:31:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/03 16:02:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\DivoGames
[2011/02/19 12:01:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\DMCache
[2010/12/25 08:28:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\doctor
[2010/12/20 16:32:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Easy Macro Recorder
[2010/08/25 19:09:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\ElevatedDiagnostics
[2010/08/15 02:05:06 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\F-Secure
[2009/06/16 12:06:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\FrostWire
[2011/02/19 11:09:16 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\IDM
[2010/10/03 15:07:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\JewelMatch2
[2009/06/13 13:13:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Megaupload
[2010/12/19 07:48:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Orbit
[2009/06/14 06:25:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\SumatraPDF
[2011/01/02 09:56:19 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\Renee Evans\Application Data\wyUpdate AU
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 94 bytes -> D:\scan.txt:FS_dl_url
@Alternate Data Stream - 71 bytes -> D:\Documents and Settings\Administrator\Desktop\VIPRERescue8471.exe:FS_dl_url
@Alternate Data Stream - 68 bytes -> D:\Documents and Settings\Administrator\Desktop\SAS_528E43B7.COM:FS_dl_url
@Alternate Data Stream - 57 bytes -> D:\Documents and Settings\Administrator\Desktop\WiNlOgOn.exe:FS_dl_url
@Alternate Data Stream - 57 bytes -> D:\Documents and Settings\Administrator\Desktop\uSeRiNiT.exe:FS_dl_url
@Alternate Data Stream - 55 bytes -> D:\RogueKiller.exe:FS_dl_url
@Alternate Data Stream - 54 bytes -> D:\Documents and Settings\Administrator\Desktop\rkill.scr:FS_dl_url
@Alternate Data Stream - 54 bytes -> D:\Documents and Settings\Administrator\Desktop\rkill.exe:FS_dl_url
@Alternate Data Stream - 54 bytes -> D:\Documents and Settings\Administrator\Desktop\rkill.com:FS_dl_url
@Alternate Data Stream - 45 bytes -> D:\Documents and Settings\Administrator\Desktop\exeHelper.scr:FS_dl_url
@Alternate Data Stream - 45 bytes -> D:\Documents and Settings\Administrator\Desktop\exeHelper.com:FS_dl_url
@Alternate Data Stream - 44 bytes -> D:\Documents and Settings\Administrator\Desktop\explorer.exe:FS_dl_url
@Alternate Data Stream - 44 bytes -> D:\Documents and Settings\Administrator\Desktop\ComboFix.exe:FS_dl_url
@Alternate Data Stream - 37 bytes -> D:\Documents and Settings\Administrator\Desktop\OTL(7).exe:FS_dl_url
@Alternate Data Stream - 37 bytes -> D:\Documents and Settings\Administrator\Desktop\OTL(6).exe:FS_dl_url
@Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 125 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00
@Alternate Data Stream - 109 bytes -> D:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe:FS_dl_url

< End of report >