OTL logfile created on: 2/26/2011 6:49:24 AM - Run 3 OTL by OldTimer - Version 3.2.21.0 Folder = D:\Documents and Settings\Renee Evans\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free 5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free Paging file location(s): D:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files Drive C: | 132.34 Gb Total Space | 99.95 Gb Free Space | 75.52% Space Free | Partition Type: NTFS Drive D: | 32.00 Gb Total Space | 10.94 Gb Free Space | 34.19% Space Free | Partition Type: NTFS Drive E: | 9.90 Gb Total Space | 5.33 Gb Free Space | 53.82% Space Free | Partition Type: NTFS Drive F: | 6.14 Gb Total Space | 4.88 Gb Free Space | 79.49% Space Free | Partition Type: NTFS Drive G: | 137.99 Gb Total Space | 135.21 Gb Free Space | 97.98% Space Free | Partition Type: NTFS Drive J: | 156.75 Gb Total Space | 51.03 Gb Free Space | 32.55% Space Free | Partition Type: NTFS Drive P: | 138.42 Gb Total Space | 53.56 Gb Free Space | 38.69% Space Free | Partition Type: NTFS Drive V: | 74.46 Gb Total Space | 11.58 Gb Free Space | 15.55% Space Free | Partition Type: NTFS Computer Name: 500G | User Name: Renee Evans | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/02/25 09:32:22 | 000,063,992 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\ORSP Client\fsorsp.exe PRC - [2011/02/25 09:13:11 | 000,372,904 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Anti-Virus\fsav32.exe PRC - [2011/02/25 09:12:06 | 000,918,184 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Anti-Virus\fssm32.exe PRC - [2011/02/25 09:12:06 | 000,508,584 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Anti-Virus\fsgk32.exe PRC - [2011/02/25 09:04:27 | 000,529,064 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\FWES\program\fsdfwd.exe PRC - [2011/02/25 09:04:23 | 000,221,864 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe PRC - [2011/02/25 09:04:21 | 000,201,384 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Common\FSM32.EXE PRC - [2011/02/25 09:04:21 | 000,189,096 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Common\FSMA32.EXE PRC - [2011/02/25 09:04:21 | 000,090,792 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Common\FSHDLL32.EXE PRC - [2011/02/22 10:25:06 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Renee Evans\Desktop\OTL.scr PRC - [2010/12/30 15:26:39 | 000,910,808 | ---- | M] (Mozilla Corporation) -- G:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/05/25 08:28:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- G:\Program Files\Internet Download Manager\IEMonitor.exe PRC - [2010/01/12 18:59:58 | 002,892,288 | ---- | M] (SoftPerfect Research) -- D:\Program Files\NetWorx\networx.exe PRC - [2008/12/09 14:01:22 | 000,024,576 | ---- | M] (Intuit) -- D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe PRC - [2008/07/09 22:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) -- G:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011/02/25 09:04:37 | 000,332,456 | ---- | M] (F-Secure Corporation) -- d:\Program Files\F-Secure\HIPS\fshook32.dll MOD - [2011/02/25 09:04:33 | 000,258,728 | ---- | M] (F-Secure Corporation) -- D:\Program Files\F-Secure\Spam Control\fsscoepl.dll MOD - [2011/02/22 10:25:06 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Renee Evans\Desktop\OTL.scr MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Auto | Stopped] -- -- (VideoAcceleratorService) SRV - File not found [Auto | Stopped] -- -- (LMIRescue_b9595b08-002a-4985-a11a-56836c85b324) LogMeIn Rescue (b9595b08-002a-4985-a11a-56836c85b324) SRV - File not found [Auto | Stopped] -- -- (LMIRescue_7127b22c-6975-4f47-acfc-689b89ff9f3d) LogMeIn Rescue (7127b22c-6975-4f47-acfc-689b89ff9f3d) SRV - [2011/02/25 09:32:22 | 000,063,992 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- D:\Program Files\F-Secure\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2011/02/25 09:04:27 | 000,529,064 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe -- (FSDFWD) SRV - [2011/02/25 09:04:23 | 000,221,864 | ---- | M] (F-Secure Corporation) [Auto | Running] -- D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2011/02/25 09:04:21 | 000,189,096 | ---- | M] (F-Secure Corporation) [Auto | Running] -- D:\Program Files\F-Secure\Common\FSMA32.EXE -- (FSMA) SRV - [2010/09/13 09:24:00 | 003,511,496 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- D:\WINDOWS\System32\GameMon.des -- (npggsvc) SRV - [2008/12/09 14:01:22 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- D:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService) SRV - [2008/11/18 14:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- D:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService) SRV - [2008/07/09 22:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) [On_Demand | Running] -- G:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB19) SRV - [2008/07/09 22:46:28 | 000,131,072 | ---- | M] (Intuit, Inc.) [Auto | Stopped] -- G:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe -- (QuickBooksDB17) SRV - [2008/04/13 17:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv) SRV - [2006/06/26 10:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- D:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2006/06/26 10:33:42 | 000,099,888 | ---- | M] () [Auto | Stopped] -- d:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011/02/25 09:15:29 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts) DRV - [2011/02/25 09:13:00 | 000,130,728 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2011/02/25 09:04:37 | 000,072,520 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- D:\Program Files\F-Secure\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2011/02/25 09:04:27 | 000,082,824 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW) DRV - [2011/02/25 09:04:23 | 000,041,896 | ---- | M] () [Kernel | Disabled | Stopped] -- D:\Program Files\F-Secure\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter) DRV - [2011/02/25 09:04:23 | 000,027,304 | ---- | M] () [Kernel | Disabled | Stopped] -- D:\Program Files\F-Secure\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer) DRV - [2011/02/19 11:11:31 | 000,016,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hitmanpro35.sys -- (hitmanpro35) DRV - [2010/12/25 08:31:41 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\PS2.sys -- (Ps2) DRV - [2010/12/25 08:31:04 | 000,009,096 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide) DRV - [2010/12/23 12:09:44 | 000,096,600 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI) DRV - [2010/11/09 13:56:12 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE) DRV - [2010/08/10 10:58:01 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010/07/25 18:45:57 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42) DRV - [2009/04/30 21:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009/02/25 19:22:12 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv) DRV - [2009/02/25 19:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2007/08/22 02:16:40 | 000,096,384 | R--- | M] (Dynex ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2006/07/01 21:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006/06/26 10:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2006/06/26 10:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2006/06/26 10:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap) DRV - [2006/06/22 15:29:47 | 000,961,072 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 5000(UVC) DRV - [2006/06/22 15:29:47 | 000,020,272 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2006/06/22 15:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2006/06/22 15:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus) DRV - [2006/06/22 15:29:40 | 001,413,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2006/05/05 19:21:00 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\nvport.sys -- (nvport) DRV - [2006/03/29 08:49:26 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2005/10/20 07:30:00 | 000,011,264 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\EIO.sys -- (EIO) DRV - [2005/09/12 20:15:36 | 003,856,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/03/10 06:42:00 | 000,227,584 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\m4cxw2k3.sys -- (m4cxw2k3) DRV - [2004/12/01 18:33:00 | 000,043,008 | R--- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB) DRV - [2004/08/19 07:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2001/08/17 06:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\irsir.sys -- (irsir) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1078081533-861567501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1078081533-861567501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.15 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.com" FF - prefs.js..extensions.enabledItems: litmus-ff@f-secure.com:1.10 FF - prefs.js..extensions.enabledItems: cache@status.org:0.7.9 FF - prefs.js..extensions.enabledItems: {daf44bf7-a45e-4450-979c-91cf07434c3d}:1.5.7 FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2 FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.2.9.8 FF - prefs.js..extensions.enabledItems: jyboy.yy@gmail.com:1.0.3 FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:5.0 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.72.0 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Firefox\extensions\\fiddlerhook@fiddler2.com: g:\Program Files\Fiddler2\FiddlerHook [2011/01/11 15:47:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/02/23 17:41:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: D:\Program Files\F-Secure\NRS\litmus-ff@f-secure.com [2011/02/25 09:15:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: J:\Program Files\Mozilla Firefox\components FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: J:\Program Files\Mozilla Firefox\plugins FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: G:\Program Files\Mozilla Firefox\components [2011/02/23 17:41:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: G:\Program Files\Mozilla Firefox\plugins [2011/02/26 03:37:42 | 000,000,000 | ---D | M] [2009/06/13 13:03:12 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Extensions [2011/02/25 09:11:40 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions [2010/09/27 14:46:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/09/27 14:46:49 | 000,000,000 | ---D | M] (FEBE) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2009/06/13 14:26:31 | 000,000,000 | ---D | M] (IE Tab) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010/08/25 11:42:21 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2011/02/25 07:20:39 | 000,000,000 | ---D | M] (Extended Statusbar) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d} [2011/02/25 07:20:08 | 000,000,000 | ---D | M] (DownThemAll!) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/09/27 14:46:45 | 000,000,000 | ---D | M] (Cache Status) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\cache@status.org [2010/12/05 16:56:55 | 000,000,000 | ---D | M] (gTranslator) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\jyboy.yy@gmail.com [2009/06/14 11:40:25 | 000,000,000 | ---D | M] ("Broadband Speed Test and Diagnostics") -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\speedtest@gotomyhelp.com [2011/02/25 07:20:39 | 000,000,000 | ---D | M] (LastPass) -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\extensions\support@lastpass.com [2011/01/25 10:03:46 | 000,001,828 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\venkubou.default\searchplugins\bing.xml [2010/12/23 18:03:11 | 000,000,000 | ---D | M] (IDM CC) -- D:\DOCUMENTS AND SETTINGS\RENEE EVANS\APPLICATION DATA\IDM\IDMMZCC3 [2011/02/25 09:15:24 | 000,000,000 | ---D | M] ("Browsing Protection") -- D:\PROGRAM FILES\F-SECURE\NRS\LITMUS-FF@F-SECURE.COM [2009/06/17 04:23:51 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011/01/11 15:47:39 | 000,000,000 | ---D | M] (FiddlerHook) -- G:\PROGRAM FILES\FIDDLER2\FIDDLERHOOK [2009/06/16 11:21:38 | 000,000,000 | ---D | M] (Java Console) -- G:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/06/17 04:24:02 | 000,000,000 | ---D | M] (Java Console) -- G:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} O1 HOSTS File: ([2011/02/23 16:03:07 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - G:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.) O2 - BHO: (no name) - {0347C33E-8762-4905-BF09-768834316C61} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - D:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - D:\Program Files\F-Secure\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - g:\Program Files\NetWorx\deskband.dll (SoftPerfect Research) O4 - HKLM..\Run: [F-Secure Manager] D:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] D:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [NetWorx] D:\Program Files\NetWorx\networx.exe (SoftPerfect Research) O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1078081533-861567501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1078081533-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1078081533-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1078081533-861567501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1078081533-861567501-725345543-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1078081533-861567501-725345543-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Download all links with IDM - G:\Program Files\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download FLV video content with IDM - G:\Program Files\Internet Download Manager\IEGetVL.htm () O8 - Extra context menu item: Download with IDM - G:\Program Files\Internet Download Manager\IEExt.htm () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - g:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - g:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - D:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - G:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/11/29 17:47:16 | 000,000,030 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17465059307421696) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/02/26 06:44:17 | 000,577,024 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Renee Evans\Desktop\OTL.scr [2011/02/26 06:15:56 | 000,548,352 | ---- | C] (AVAST Software) -- D:\Documents and Settings\Renee Evans\Desktop\aswMBR.exe [2011/02/26 03:38:18 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft CAPICOM 2.1.0.2 [2011/02/25 21:19:51 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Renee Evans\Recent [2011/02/25 21:15:08 | 000,000,000 | ---D | C] -- D:\Inetpub [2011/02/25 20:24:54 | 000,000,000 | ---D | C] -- D:\WINDOWS\LMI2B7.tmp [2011/02/25 20:17:02 | 000,000,000 | ---D | C] -- D:\WINDOWS\LMI2B6.tmp [2011/02/25 09:09:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\F-Secure Internet Security 2011 [2011/02/25 09:04:56 | 000,082,824 | ---- | C] (F-Secure Corporation) -- D:\WINDOWS\System32\drivers\fsdfw.sys [2011/02/25 09:04:20 | 000,000,000 | ---D | C] -- D:\Program Files\F-Secure [2011/02/25 08:40:18 | 056,474,104 | ---- | C] (F-Secure Corporation) -- D:\Documents and Settings\Renee Evans\Desktop\fs2011.exe [2011/02/25 08:18:17 | 000,751,056 | ---- | C] (F-Secure® Corporation ) -- D:\Documents and Settings\Renee Evans\Desktop\UninstallationTool.exe [2011/02/25 07:54:16 | 000,917,680 | ---- | C] (LogMeIn, Inc.) -- D:\Documents and Settings\Renee Evans\Desktop\Support-LogMeInRescue.exe [2011/02/25 07:02:16 | 000,000,000 | ---D | C] -- D:\Program Files\Windows Media Connect 2 [2011/02/23 17:41:06 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\xing shared [2011/02/23 17:40:54 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Real [2011/02/23 17:40:50 | 000,000,000 | ---D | C] -- D:\Program Files\real [2011/02/23 17:29:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\QuickTime [2011/02/23 16:25:12 | 000,000,000 | -HSD | C] -- D:\RECYCLER [2011/02/23 15:53:57 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe [2011/02/23 15:53:57 | 000,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe [2011/02/23 15:53:57 | 000,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe [2011/02/23 15:53:57 | 000,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe [2011/02/23 15:45:44 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT [2011/02/23 15:35:59 | 000,000,000 | ---D | C] -- D:\Qoobox [2011/02/23 15:25:20 | 000,000,000 | ---D | C] -- D:\_OTL [2011/02/23 13:04:33 | 000,000,000 | ---D | C] -- D:\RK_Quarantine [2011/02/23 10:48:04 | 000,199,280 | ---- | C] (F-Secure Corporation) -- D:\Documents and Settings\Renee Evans\Desktop\fsaua-reset.exe [2011/02/22 16:20:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee Evans\Application Data\Malwarebytes [2011/02/22 16:19:36 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\Renee Evans\Desktop\mbam-setup-1.50.1.1100.exe [2011/02/21 15:04:14 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2011/02/21 14:30:08 | 000,098,392 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\drivers\SBREDrv.sys [2011/02/21 14:30:08 | 000,027,984 | ---- | C] (Sunbelt Software) -- D:\WINDOWS\System32\sbbd.exe [2011/02/17 11:50:29 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Malwarebytes [2011/02/17 11:35:21 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro [2011/02/16 18:13:58 | 116,540,384 | ---- | C] (F-Secure Corporation) -- D:\Documents and Settings\Renee Evans\Desktop\fseasyclean.exe [2011/02/16 08:47:57 | 000,000,000 | -HSD | C] -- D:\WINDOWS\CSC [2011/02/12 16:01:22 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee Evans\My Documents\My Downloads [2011/02/12 06:15:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\NVIDIA Corporation [2011/02/12 06:15:17 | 000,671,744 | ---- | C] (Lake Technology Limited, http://www.lake.com.au) -- D:\WINDOWS\System32\DolbyHph.dll [2011/02/10 11:04:46 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Renee Evans\Start Menu\Programs\AGES Software [2011/02/10 11:03:35 | 000,000,000 | ---D | C] -- D:\WINDOWS\Profiles [2011/02/02 10:07:02 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Logitech [2011/02/02 10:06:58 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Logitech [2011/02/02 10:06:47 | 000,000,000 | ---D | C] -- D:\Program Files\Logitech [2011/02/02 10:06:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Logitech [5 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] [2 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/02/26 06:42:00 | 000,001,002 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-725345543-1003UA.job [2011/02/26 06:18:34 | 000,000,512 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\MBR.dat [2011/02/26 06:16:14 | 000,548,352 | ---- | M] (AVAST Software) -- D:\Documents and Settings\Renee Evans\Desktop\aswMBR.exe [2011/02/26 05:55:17 | 000,001,374 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2011/02/26 05:53:50 | 000,000,290 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-1003.job [2011/02/26 05:53:48 | 000,000,294 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-500.job [2011/02/26 05:53:35 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2011/02/26 05:53:33 | 000,212,880 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2011/02/26 05:53:32 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\lvuvc.hs [2011/02/26 03:39:05 | 000,001,374 | ---- | M] () -- D:\WINDOWS\imsins.BAK [2011/02/26 00:47:04 | 000,000,950 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-725345543-1003Core.job [2011/02/25 21:22:31 | 000,000,784 | ---- | M] () -- D:\Documents and Settings\Renee Evans\My Documents\cc_20110225_212228.reg [2011/02/25 21:19:03 | 000,031,334 | ---- | M] () -- D:\Documents and Settings\Renee Evans\My Documents\cc_20110225_211859.reg [2011/02/25 20:25:43 | 000,917,680 | ---- | M] (LogMeIn, Inc.) -- D:\Documents and Settings\Renee Evans\Desktop\Support-LogMeInRescue.exe [2011/02/25 09:15:29 | 000,042,664 | ---- | M] () -- D:\WINDOWS\System32\drivers\fsbts.sys [2011/02/25 09:09:22 | 000,000,880 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\F-Secure Internet Security 2011.lnk [2011/02/25 09:04:57 | 000,465,412 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat [2011/02/25 09:04:57 | 000,081,636 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat [2011/02/25 09:04:27 | 000,082,824 | ---- | M] (F-Secure Corporation) -- D:\WINDOWS\System32\drivers\fsdfw.sys [2011/02/25 08:48:17 | 056,474,104 | ---- | M] (F-Secure Corporation) -- D:\Documents and Settings\Renee Evans\Desktop\fs2011.exe [2011/02/25 08:18:25 | 000,751,056 | ---- | M] (F-Secure® Corporation ) -- D:\Documents and Settings\Renee Evans\Desktop\UninstallationTool.exe [2011/02/25 07:56:54 | 000,000,104 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk [2011/02/25 07:02:27 | 000,000,804 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk [2011/02/25 07:02:25 | 000,023,392 | ---- | M] () -- D:\WINDOWS\System32\nscompat.tlb [2011/02/25 07:02:25 | 000,016,832 | ---- | M] () -- D:\WINDOWS\System32\amcompat.tlb [2011/02/25 07:01:16 | 000,000,000 | -H-- | M] () -- D:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf [2011/02/25 06:46:42 | 000,000,298 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-1003.job [2011/02/23 17:41:09 | 000,000,747 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/02/23 17:40:54 | 000,272,896 | ---- | M] (Progressive Networks) -- D:\WINDOWS\System32\pncrt.dll [2011/02/23 17:06:37 | 000,088,535 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\FSecure-1.jpg [2011/02/23 16:03:07 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts [2011/02/23 15:48:19 | 000,000,302 | ---- | M] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-500.job [2011/02/23 15:46:30 | 004,273,912 | R--- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\ComboFix.exe [2011/02/23 11:29:01 | 000,830,464 | ---- | M] () -- D:\RogueKiller.exe [2011/02/23 10:23:22 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\AVSMediaPlayer.m3u [2011/02/23 10:23:05 | 000,000,777 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to revouninstaller.lnk [2011/02/22 10:25:06 | 000,577,024 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Renee Evans\Desktop\OTL.scr [2011/02/21 14:30:27 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\SBRC.dat [2011/02/19 12:05:05 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\Renee Evans\Desktop\mbam-setup-1.50.1.1100.exe [2011/02/19 11:11:31 | 000,016,968 | ---- | M] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys [2011/02/19 11:11:16 | 006,347,584 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\HitmanPro35_2.exe [2011/02/17 08:43:21 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat [2011/02/17 08:04:54 | 000,199,280 | ---- | M] (F-Secure Corporation) -- D:\Documents and Settings\Renee Evans\Desktop\fsaua-reset.exe [2011/02/16 18:30:40 | 116,540,384 | ---- | M] (F-Secure Corporation) -- D:\Documents and Settings\Renee Evans\Desktop\fseasyclean.exe [2011/02/16 08:28:10 | 000,051,324 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_082806.jpg [2011/02/16 08:01:55 | 000,138,152 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_080153.jpg [2011/02/16 08:01:13 | 000,123,300 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_080106.jpg [2011/02/16 08:00:16 | 000,123,251 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_080004.jpg [2011/02/15 14:31:04 | 000,000,473 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Shortcut to Spiritual Teaching.lnk [2011/02/12 16:05:19 | 000,000,688 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\AVS DVD Copy.lnk [2011/02/12 06:12:23 | 021,255,343 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Nvidia_PureVideo_Platinum_v1.02.233_vijax.rar [2011/02/12 06:04:33 | 000,000,744 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\AVS Video Converter.lnk [2011/02/12 06:03:08 | 000,000,841 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\AVS Media Player.lnk [2011/02/11 15:53:36 | 003,253,501 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Title.jpg [2011/02/10 11:05:01 | 000,000,449 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Disk 2 - Master Christian Library 8.0.lnk [2011/02/10 11:04:53 | 000,000,431 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Disk 1 - Master Christian Library 8.0.lnk [2011/02/09 10:19:39 | 682,365,822 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Sov of God Pt 5.avi [2011/02/08 14:04:57 | 1276,876,332 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Sovereignty of God - pt 1.avi [2011/02/07 14:28:02 | 403,460,850 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Truth.avi [2011/02/02 10:07:02 | 000,001,891 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Logitech QuickCam 10.0.lnk [2011/02/01 14:56:51 | 000,002,105 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Safari.lnk [2011/01/31 13:03:23 | 1287,731,342 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\HGCHS 02-Free Will-Election.avi [2011/01/30 05:57:01 | 000,000,725 | ---- | M] () -- D:\Documents and Settings\Renee Evans\Desktop\Shortcut to AVSVideoEditor.lnk [5 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] [2 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/02/26 06:18:34 | 000,000,512 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\MBR.dat [2011/02/26 03:09:12 | 000,001,374 | ---- | C] () -- D:\WINDOWS\imsins.BAK [2011/02/25 21:22:29 | 000,000,784 | ---- | C] () -- D:\Documents and Settings\Renee Evans\My Documents\cc_20110225_212228.reg [2011/02/25 21:19:02 | 000,031,334 | ---- | C] () -- D:\Documents and Settings\Renee Evans\My Documents\cc_20110225_211859.reg [2011/02/25 09:09:22 | 000,000,880 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\F-Secure Internet Security 2011.lnk [2011/02/25 07:56:54 | 000,000,104 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk [2011/02/23 17:41:09 | 000,000,747 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/02/23 17:06:37 | 000,088,535 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\FSecure-1.jpg [2011/02/23 15:53:57 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe [2011/02/23 15:53:57 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe [2011/02/23 15:53:57 | 000,089,088 | ---- | C] () -- D:\WINDOWS\MBR.exe [2011/02/23 15:53:57 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe [2011/02/23 15:53:57 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe [2011/02/23 15:21:56 | 004,273,912 | R--- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\ComboFix.exe [2011/02/23 11:36:52 | 000,830,464 | ---- | C] () -- D:\RogueKiller.exe [2011/02/23 10:23:05 | 000,000,777 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to revouninstaller.lnk [2011/02/21 14:30:27 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\SBRC.dat [2011/02/19 11:09:57 | 006,347,584 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\HitmanPro35_2.exe [2011/02/17 11:35:36 | 000,016,968 | ---- | C] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys [2011/02/17 10:32:18 | 000,000,302 | ---- | C] () -- D:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-500.job [2011/02/17 10:32:18 | 000,000,294 | ---- | C] () -- D:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-500.job [2011/02/16 08:28:10 | 000,051,324 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_082806.jpg [2011/02/16 08:01:55 | 000,138,152 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_080153.jpg [2011/02/16 08:01:13 | 000,123,300 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_080106.jpg [2011/02/16 08:00:16 | 000,123,251 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\2011-02-16_080004.jpg [2011/02/12 16:05:19 | 000,000,688 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\AVS DVD Copy.lnk [2011/02/12 06:09:17 | 021,255,343 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Nvidia_PureVideo_Platinum_v1.02.233_vijax.rar [2011/02/12 06:04:33 | 000,000,744 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\AVS Video Converter.lnk [2011/02/12 06:03:08 | 000,000,841 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\AVS Media Player.lnk [2011/02/11 15:53:40 | 003,253,501 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Title.jpg [2011/02/10 11:05:01 | 000,000,449 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Disk 2 - Master Christian Library 8.0.lnk [2011/02/10 11:04:53 | 000,000,431 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Disk 1 - Master Christian Library 8.0.lnk [2011/02/10 11:04:46 | 000,038,796 | ---- | C] () -- D:\WINDOWS\System\Gidem___.ttf [2011/02/10 11:04:46 | 000,033,140 | ---- | C] () -- D:\WINDOWS\System\Koinm___.ttf [2011/02/10 11:04:46 | 000,001,321 | ---- | C] () -- D:\WINDOWS\System\Gidem___.fot [2011/02/10 11:04:46 | 000,001,319 | ---- | C] () -- D:\WINDOWS\System\Koinm___.fot [2011/02/09 09:08:14 | 682,365,822 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Sov of God Pt 5.avi [2011/02/08 11:56:12 | 1276,876,332 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Sovereignty of God - pt 1.avi [2011/02/07 13:42:13 | 403,460,850 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Truth.avi [2011/02/02 10:13:55 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\drivers\lvuvc.hs [2011/02/02 10:13:48 | 000,022,334 | R--- | C] () -- D:\WINDOWS\System32\lvcoinst.ini [2011/02/02 10:13:48 | 000,004,770 | R--- | C] () -- D:\WINDOWS\System32\Repository.reg [2011/02/02 10:07:02 | 000,001,891 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Application Data\Microsoft\Internet Explorer\Quick Launch\Logitech QuickCam 10.0.lnk [2011/01/31 11:26:43 | 1287,731,342 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\HGCHS 02-Free Will-Election.avi [2011/01/30 05:57:01 | 000,000,725 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Desktop\Shortcut to AVSVideoEditor.lnk [2011/01/06 07:24:05 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI [2010/08/23 11:15:17 | 000,000,095 | ---- | C] () -- D:\WINDOWS\QBChanUtil_Trigger.ini [2010/08/10 10:58:01 | 000,697,328 | ---- | C] () -- D:\WINDOWS\System32\drivers\sptd.sys [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- D:\WINDOWS\System32\OGACheckControl.dll [2009/08/02 16:18:09 | 000,061,440 | R--- | C] () -- D:\WINDOWS\System32\vuins32.dll [2009/06/14 07:56:19 | 000,007,173 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\hpzinstall.log [2009/06/13 21:48:36 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Application Data\AVSMediaPlayer.m3u [2009/06/13 17:32:10 | 000,139,264 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll [2009/06/13 17:32:09 | 000,524,288 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll [2009/06/13 16:03:18 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\rmc_rtspdl.dll [2009/06/13 15:19:31 | 000,257,536 | ---- | C] () -- D:\WINDOWS\System32\hdkernel.dll [2009/06/13 13:48:06 | 000,042,664 | ---- | C] () -- D:\WINDOWS\System32\drivers\fsbts.sys [2009/06/13 13:29:18 | 000,000,050 | ---- | C] () -- D:\WINDOWS\MegaManager.INI [2009/06/13 12:44:05 | 000,014,848 | ---- | C] () -- D:\WINDOWS\System32\EuEpmGdi.dll [2009/06/13 12:44:05 | 000,008,704 | ---- | C] () -- D:\WINDOWS\System32\epmntdrv.sys [2009/06/13 12:44:05 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\EuGdiDrv.sys [2009/06/13 12:37:04 | 000,027,136 | ---- | C] () -- D:\Documents and Settings\Renee Evans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/06/13 05:44:05 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI [2006/07/17 11:11:36 | 000,667,280 | ---- | C] () -- D:\WINDOWS\System32\tx12.dll [2006/06/26 10:33:40 | 000,023,472 | ---- | C] () -- D:\WINDOWS\System32\drivers\LVPr2Mon.sys [2006/04/23 08:36:58 | 000,532,480 | ---- | C] () -- D:\WINDOWS\System32\js32T.dll [2006/02/09 02:20:00 | 000,000,530 | ---- | C] () -- D:\WINDOWS\System32\tx12_ic.ini [color=#E56717]========== LOP Check ==========[/color] [2010/08/23 11:03:37 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\COMMON FILES [2010/10/03 15:07:52 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\DivoGames [2011/02/25 09:04:44 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\f-secure [2011/02/25 09:03:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\fssg [2010/10/03 15:05:53 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\HipSoft [2011/02/17 11:35:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro [2009/06/13 20:44:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Innovative Solutions [2010/07/25 18:45:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SoftPerfect [2009/06/14 11:31:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Speedbit [2010/08/23 11:25:03 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SQL Anywhere 10 [2010/10/03 23:31:13 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TEMP [2010/10/03 16:02:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\DivoGames [2011/02/26 06:17:22 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\DMCache [2010/12/25 08:28:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\doctor [2010/12/20 16:32:48 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Easy Macro Recorder [2010/08/25 19:09:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\ElevatedDiagnostics [2009/06/16 12:06:11 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\FrostWire [2011/02/24 03:02:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\IDM [2010/10/03 15:07:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\JewelMatch2 [2009/06/13 13:13:07 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Megaupload [2010/12/19 07:48:30 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\Orbit [2009/06/14 06:25:15 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Renee Evans\Application Data\SumatraPDF [2011/01/02 09:56:19 | 000,000,000 | -HSD | M] -- D:\Documents and Settings\Renee Evans\Application Data\wyUpdate AU [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2011/02/23 11:29:01 | 000,830,464 | ---- | M] () -- D:\RogueKiller.exe [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\ERDNT\cache\explorer.exe [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\explorer.exe [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- D:\WINDOWS\ServicePackFiles\i386\explorer.exe [2006/02/28 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- D:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2011/02/19 12:00:13 | 000,294,400 | ---- | M] () MD5=BCA8A954D37665FB19391C9A573AB283 -- D:\Documents and Settings\Administrator\Desktop\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- D:\WINDOWS\ERDNT\cache\svchost.exe [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- D:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- D:\WINDOWS\system32\svchost.exe [2006/02/28 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- D:\WINDOWS\$NtServicePackUninstall$\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2006/02/28 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- D:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\ERDNT\cache\userinit.exe [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- D:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2006/02/28 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- D:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\ERDNT\cache\winlogon.exe [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- D:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 94 bytes -> D:\scan.txt:FS_dl_url @Alternate Data Stream - 64 bytes -> D:\Documents and Settings\Renee Evans\Desktop\fsaua-reset.exe:FS_dl_url @Alternate Data Stream - 55 bytes -> D:\RogueKiller.exe:FS_dl_url @Alternate Data Stream - 44 bytes -> D:\Documents and Settings\Administrator\Desktop\explorer.exe:FS_dl_url @Alternate Data Stream - 37 bytes -> D:\Documents and Settings\Renee Evans\Desktop\OTL.scr:FS_dl_url @Alternate Data Stream - 126 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0 @Alternate Data Stream - 125 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00 @Alternate Data Stream - 109 bytes -> D:\Documents and Settings\Renee Evans\Desktop\mbam-setup-1.50.1.1100.exe:FS_dl_url < End of report >