OTL logfile created on: 2/26/2011 7:10:25 AM - Run 1 OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Renee Evans\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free Paging file location(s): H:\pagefile.sys 0 0O:\pagefile.sys 7678 7678 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 132.34 Gb Total Space | 99.90 Gb Free Space | 75.49% Space Free | Partition Type: NTFS Drive F: | 9.90 Gb Total Space | 5.33 Gb Free Space | 53.82% Space Free | Partition Type: NTFS Drive G: | 6.14 Gb Total Space | 4.88 Gb Free Space | 79.49% Space Free | Partition Type: NTFS Drive H: | 32.00 Gb Total Space | 9.92 Gb Free Space | 31.00% Space Free | Partition Type: NTFS Drive I: | 137.99 Gb Total Space | 135.21 Gb Free Space | 97.98% Space Free | Partition Type: NTFS Drive J: | 156.75 Gb Total Space | 51.03 Gb Free Space | 32.55% Space Free | Partition Type: NTFS Drive K: | 138.42 Gb Total Space | 53.56 Gb Free Space | 38.69% Space Free | Partition Type: NTFS Drive R: | 74.46 Gb Total Space | 11.58 Gb Free Space | 15.55% Space Free | Partition Type: NTFS Computer Name: 160G | User Name: Renee Evans | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011/02/22 10:25:06 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Renee Evans\Desktop\OTL.scr PRC - [2010/08/12 10:06:40 | 000,709,800 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe PRC - [2010/08/12 10:06:40 | 000,496,808 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32.exe PRC - [2010/07/24 10:24:29 | 000,057,008 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe PRC - [2010/07/20 15:36:13 | 000,365,248 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe PRC - [2010/01/12 18:59:58 | 002,892,288 | ---- | M] (SoftPerfect Research) -- C:\Program Files\NetWorx\networx.exe PRC - [2009/12/22 10:41:29 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/10/14 05:05:26 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\FWES\program\fsdfwd.exe PRC - [2009/07/09 02:34:54 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE PRC - [2009/07/09 02:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE PRC - [2009/07/09 02:34:52 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Common\FSHDLL32.EXE PRC - [2009/07/09 02:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (SafeList) ==========[/color] MOD - [2011/02/22 10:25:06 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Renee Evans\Desktop\OTL.scr MOD - [2009/07/09 02:34:16 | 000,330,336 | ---- | M] () -- \\?\c:\program files\f-secure internet security\hips\fshook32.dll MOD - [2009/03/26 06:35:40 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll MOD - [2008/04/13 17:12:06 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\sptip.dll MOD - [2008/04/13 17:12:06 | 000,130,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\softkbd.dll MOD - [2008/04/13 17:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll MOD - [2008/04/13 09:43:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\spgrmr.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (prtgwatchservice) SRV - File not found [Disabled | Stopped] -- -- (PRTGService) SRV - File not found [Auto | Stopped] -- -- (hpqddsvc) SRV - File not found [On_Demand | Stopped] -- -- (hpqcxs08) SRV - [2010/07/30 12:09:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/07/26 15:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010/07/24 10:24:29 | 000,057,008 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe -- (FSORSPClient) SRV - [2009/10/14 05:05:26 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD) SRV - [2009/07/09 02:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA) SRV - [2009/07/09 02:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter) SRV - [2009/05/12 14:12:14 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc) SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2008/04/13 17:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2008/01/11 16:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2010/08/12 10:07:33 | 000,124,072 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper) DRV - [2010/07/20 15:36:48 | 000,041,256 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts) DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- F:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2009/08/03 15:45:11 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42) DRV - [2009/07/09 02:34:18 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS) DRV - [2009/07/09 02:33:14 | 000,080,000 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW) DRV - [2009/07/09 02:31:24 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter) DRV - [2009/07/09 02:31:24 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer) DRV - [2009/02/25 19:22:12 | 000,008,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv) DRV - [2009/02/25 19:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2008/11/25 01:35:54 | 000,211,496 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Si3114r5.sys -- (Si3114r5) DRV - [2008/11/25 01:35:54 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil) DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER) DRV - [2008/09/17 23:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2008/08/20 18:27:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter) DRV - [2008/08/20 18:27:08 | 000,074,280 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112.sys -- (SI3112) DRV - [2008/07/30 20:48:28 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm) DRV - [2008/04/13 11:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM) DRV - [2008/04/13 09:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt) DRV - [2007/08/29 03:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r) DRV - [2007/08/22 02:16:40 | 000,096,384 | R--- | M] (Dynex ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007/05/25 14:22:30 | 000,083,552 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2007/04/05 10:55:16 | 000,046,112 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2006/12/17 16:23:04 | 000,005,248 | --S- | M] (ACE CAD Enterprise Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DigimHID.SYS -- (DigimHID) DRV - [2006/09/14 05:25:38 | 000,059,184 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ShdUsbWdm.sys -- (ShUsbDrv) DRV - [2006/02/28 05:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde) DRV - [2005/12/09 01:48:40 | 004,123,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005/11/21 18:28:30 | 000,209,536 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\m5288.sys -- (m5288) DRV - [2005/07/01 15:48:42 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB) DRV - [2005/06/19 23:47:58 | 000,006,016 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\ALLOW-IO.sys -- (ALLOW-IO) DRV - [2005/06/02 18:59:12 | 000,084,159 | ---- | M] (ULi Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AliEhci.sys -- (ALIEHCD) DRV - [2005/06/02 17:53:06 | 000,009,673 | ---- | M] (ULi Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AliGP.sys -- (aligp) DRV - [2005/06/02 17:27:58 | 000,005,318 | ---- | M] (ULi Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AliRtHub.sys -- (aliroothub) DRV - [2005/03/10 07:42:00 | 000,227,584 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\m4cxw2k3.sys -- (m4cxw2k3) DRV - [2005/03/09 14:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005/01/19 00:30:52 | 000,067,200 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SI3132.sys -- (SI3132) DRV - [2004/11/17 19:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004/08/19 07:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2004/08/03 21:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C) DRV - [2003/12/31 11:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023) DRV - [2003/10/01 16:44:00 | 000,031,744 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdSX.sys -- (ICDSX) Sony IC Recorder (SX) DRV - [2001/08/17 13:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1644491937-73586283-839522115-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKU\S-1-5-21-1644491937-73586283-839522115-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKU\S-1-5-21-1644491937-73586283-839522115-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.facebook.com" FF - prefs.js..extensions.enabledItems: support@lastpass.com:1.64.4 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.35 FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.6 FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.8 FF - prefs.js..network.proxy.type: 4 FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\F-Secure Internet Security\NRS\litmus-ff@f-secure.com [2010/07/24 10:27:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2011/02/23 17:41:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2011/02/26 03:37:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/08 12:10:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/09 04:26:00 | 000,000,000 | ---D | M] [2008/09/23 13:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Extensions [2008/09/23 13:01:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241} [2011/02/26 07:08:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions [2009/06/28 22:46:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/11/30 04:45:14 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2009/12/12 12:26:03 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5} [2010/01/15 19:26:21 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009/07/05 07:04:11 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010/01/13 03:59:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/07/22 14:25:11 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d} [2010/01/13 03:59:38 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2009/05/15 11:27:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}-trash [2009/04/29 06:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\chenyanxu8821@163.com [2010/01/13 04:00:19 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\mintrayr@tn123.ath.cx [2010/01/13 04:00:19 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\extensions\support@lastpass.com [2010/06/14 14:47:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions [2009/12/29 18:51:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/01/14 10:56:54 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2010/05/02 15:18:55 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} [2010/01/13 16:13:48 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca} [2010/01/19 04:09:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/01/13 16:48:46 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644} [2010/01/08 04:01:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/01/14 10:56:54 | 000,000,000 | ---D | M] ("BetterCache") -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\{f8454bbe-519f-4004-85c1-12d1b31988fc} [2010/01/08 04:01:44 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\cfulpemj.Facebook\extensions\support@lastpass.com [2010/01/14 08:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions [2010/01/14 08:29:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/01/14 08:29:51 | 000,000,000 | ---D | M] (Boost for Facebook) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{47624dda-b77e-4feb-820a-e4f077d5d4ca} [2010/01/14 08:29:50 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2010/01/14 08:29:50 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5} [2010/01/14 08:29:50 | 000,000,000 | ---D | M] (Gmail Manager) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7} [2010/01/14 08:29:48 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010/01/14 08:29:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/01/14 08:29:46 | 000,000,000 | ---D | M] (Extended Statusbar) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{daf44bf7-a45e-4450-979c-91cf07434c3d} [2010/01/14 08:29:45 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/01/14 08:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}-trash [2010/01/14 08:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\chenyanxu8821@163.com [2010/01/14 08:29:52 | 000,000,000 | ---D | M] (MinimizeToTray revived (MinTrayR)) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\mintrayr@tn123.ath.cx [2010/01/14 08:29:52 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\Copy of 1hyyovsx.default\extensions\support@lastpass.com [2010/08/09 04:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions [2010/01/16 19:16:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/02/06 16:01:20 | 000,000,000 | ---D | M] (EvonyNet Toolbar) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{36a4bdcd-d5b5-4618-b144-e335d0f3d381} [2010/05/02 18:46:07 | 000,000,000 | ---D | M] (ShowIP) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d} [2010/01/16 19:16:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010/06/16 06:34:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{94000a61-af9a-4247-8db6-a949fadb0354}-trash [2010/01/16 19:16:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/06/24 11:16:26 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/08/09 04:25:57 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010/08/09 00:08:55 | 000,000,000 | ---D | M] (IDM CC) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\mozilla_cc@internetdownloadmanager.com [2010/05/02 17:49:13 | 000,000,000 | ---D | M] (MM3-ProxySwitch) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\ProxySwitch@MM3Tools.com [2010/01/20 04:55:22 | 000,000,000 | ---D | M] (LastPass) -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\jyc8hmsd.Farmville #2\extensions\support@lastpass.com [2008/06/24 15:16:26 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\searchplugins\askcom.xml [2008/01/09 08:35:19 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\searchplugins\businesscom.xml [2008/05/27 13:07:57 | 000,001,944 | ---- | M] () -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\searchplugins\live-search.xml [2010/07/30 05:40:58 | 000,002,084 | ---- | M] () -- C:\Documents and Settings\Renee Evans\Application Data\Mozilla\Firefox\Profiles\1hyyovsx.default\searchplugins\serpanalytics-google-search.xml [2010/08/09 04:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/08/09 00:14:53 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\RENEE EVANS\APPLICATION DATA\IDM\IDMMZCC3 [2007/03/05 13:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll [2007/03/09 11:35:00 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll O1 HOSTS File: ([2008/07/31 10:29:00 | 000,257,517 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.1001-search.info O1 - Hosts: 127.0.0.1 1001-search.info O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 8953 more lines... O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research) O3 - HKU\S-1-5-21-1644491937-73586283-839522115-1011\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2009/08/05 14:44:59 | 000,000,000 | -H-D | M] O4 - Startup: C:\Documents and Settings\Renee Evans\Start Menu\Programs\Startup\AutorunsDisabled [2009/08/01 11:18:30 | 000,000,000 | -H-D | M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1644491937-73586283-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1644491937-73586283-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0 O7 - HKU\S-1-5-21-1644491937-73586283-839522115-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm () O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm () O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation) O15 - HKU\S-1-5-21-1644491937-73586283-839522115-1011\..Trusted Domains: serpanalytics.com ([www] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O24 - Desktop Components:0 () - O24 - Desktop WallPaper: C:\Documents and Settings\Renee Evans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Renee Evans\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - F:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/11/29 17:47:16 | 000,000,030 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{0386a384-0772-11dc-ad94-00195b6a3344}\Shell - "" = AutoRun O33 - MountPoints2\{0386a384-0772-11dc-ad94-00195b6a3344}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{496e80d2-ba6d-11da-929c-81559637d98e}\Shell - "" = AutoRun O33 - MountPoints2\{496e80d2-ba6d-11da-929c-81559637d98e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{926d5314-9416-11dd-9cc1-00012e15d9da}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{926d5314-9416-11dd-9cc1-00012e15d9da}\Shell\AutoRun\command - "" = S:\autorun.exe O33 - MountPoints2\{926d5314-9416-11dd-9cc1-00012e15d9da}\Shell\phone\command - "" = S:\autorun.exe O33 - MountPoints2\{926d5317-9416-11dd-9cc1-00012e15d9da}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\start.exe O33 - MountPoints2\S\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\S\Shell\AutoRun\command - "" = S:\autorun.exe O33 - MountPoints2\S\Shell\phone\command - "" = S:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (native.exe) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (17465059307421696) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011/02/26 07:06:59 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Renee Evans\Desktop\OTL.scr [2011/02/23 15:57:03 | 000,000,000 | R--D | C] -- C:\cmdcons [2011/02/23 13:00:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011/02/22 13:55:12 | 000,000,000 | ---D | C] -- C:\_OTL [2011/02/21 14:28:24 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE [2009/06/29 13:47:20 | 001,469,952 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\Renee Evans\Application Data\tsdnwin.dll [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011/02/26 07:06:18 | 000,675,734 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/02/26 07:06:17 | 000,167,000 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/02/26 07:05:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/02/26 07:02:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/02/25 10:46:18 | 000,000,556 | RHS- | M] () -- C:\boot.ini [2011/02/22 13:34:08 | 000,000,616 | ---- | M] () -- C:\WINDOWS\System32\reimage.rep [2011/02/22 10:25:06 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Renee Evans\Desktop\OTL.scr [2011/02/17 12:26:09 | 000,000,439 | ---- | M] () -- C:\Boot.bak [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011/02/23 15:57:14 | 000,000,439 | ---- | C] () -- C:\Boot.bak [2011/02/23 15:57:09 | 000,260,272 | RHS- | C] () -- C:\cmldr [2010/08/08 20:53:20 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys [2010/07/26 14:27:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\eubakup.sys [2010/04/29 07:22:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\idmmbc.dll [2010/01/12 14:43:19 | 000,397,819 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\farm.bmp [2010/01/12 14:26:51 | 000,009,283 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\settings.dat [2009/07/30 16:25:10 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2009/07/30 16:25:07 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2009/07/30 16:23:35 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2009/07/30 16:23:34 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2009/07/30 16:23:27 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2009/07/07 10:53:41 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\burnaware.ini [2009/06/13 05:08:47 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\hdkernel.dll [2009/06/12 19:37:54 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll [2009/06/06 07:39:02 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2009/06/06 07:39:01 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2009/06/06 07:39:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2009/05/19 08:59:52 | 000,041,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2009/05/13 10:36:46 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI [2009/05/11 12:10:39 | 000,000,264 | ---- | C] () -- C:\WINDOWS\reimage.ini [2009/05/02 15:03:48 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll [2009/03/22 07:19:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\AVSMediaPlayer.m3u [2009/03/22 07:16:16 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/03/22 07:16:16 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/03/22 06:43:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\Frameworks [2009/03/07 09:47:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DllInfs.INI [2009/03/07 09:46:57 | 000,291,328 | ---- | C] () -- C:\WINDOWS\System32\o2pse.dll [2009/02/19 15:44:55 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini [2009/02/12 22:19:07 | 000,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys [2009/02/12 22:19:07 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\A4C1564358.sys [2009/01/30 18:14:08 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini [2008/11/29 13:50:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI [2008/11/29 09:42:01 | 000,000,239 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\default.rss [2008/11/28 05:31:36 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2008/11/06 09:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/09/30 07:02:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log [2008/09/30 07:02:19 | 000,000,359 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log [2008/09/30 05:13:07 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\PatchUpdate_InstantShareJPG.log [2008/09/30 05:01:59 | 000,003,721 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\PatchUpdate_IZClosingDiscError.log [2008/07/21 04:51:37 | 000,303,104 | ---- | C] () -- C:\WINDOWS\spy.dll [2008/07/21 04:51:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\vxddll.dll [2008/07/21 04:51:36 | 000,471,040 | ---- | C] () -- C:\WINDOWS\dbengine.dll [2008/07/21 04:51:36 | 000,245,760 | ---- | C] () -- C:\WINDOWS\dialogs.dll [2008/07/21 04:51:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\keyboard.dll [2008/07/21 04:51:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\guidll.dll [2008/07/21 04:51:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\hook.dll [2008/07/21 04:51:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\commhook.dll [2008/07/21 04:51:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\commque.dll [2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2007/12/18 07:49:04 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/10/22 16:36:26 | 000,126,976 | R--- | C] () -- C:\WINDOWS\ShdPci.dll [2007/10/22 16:36:25 | 000,114,688 | R--- | C] () -- C:\WINDOWS\ShdUsb.dll [2007/10/22 16:36:17 | 000,059,184 | R--- | C] () -- C:\WINDOWS\System32\drivers\ShdUsbWdm.sys [2007/10/19 08:23:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Mswrkdmk.dll [2007/10/19 08:21:55 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll [2007/10/19 08:19:51 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ssce.ini [2007/10/19 08:15:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mousehook.dll [2007/10/16 16:09:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2007/09/26 10:42:58 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Local Settings\Application Data\fusioncache.dat [2007/09/09 23:12:37 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT [2007/09/09 23:10:16 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT [2007/08/14 06:09:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll [2007/07/31 01:34:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI [2007/07/30 17:11:06 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2007/07/30 17:02:25 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys [2007/07/30 17:02:25 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys [2007/06/18 11:46:50 | 000,000,313 | ---- | C] () -- C:\WINDOWS\paper2pdf.INI [2007/06/11 22:43:09 | 000,000,152 | ---- | C] () -- C:\WINDOWS\Config.ini [2007/06/07 12:54:19 | 000,393,290 | R--- | C] () -- C:\WINDOWS\bmputil.dll [2007/06/07 12:54:19 | 000,159,744 | R--- | C] () -- C:\WINDOWS\IsdnNet.dll [2007/06/07 12:54:18 | 000,176,128 | R--- | C] () -- C:\WINDOWS\IsdnUser.dll [2007/06/07 12:54:17 | 000,049,152 | R--- | C] () -- C:\WINDOWS\MmfServer.dll [2007/06/07 12:54:17 | 000,045,056 | R--- | C] () -- C:\WINDOWS\mtp3.dll [2007/06/07 12:54:17 | 000,032,768 | R--- | C] () -- C:\WINDOWS\macmcvt.dll [2007/06/07 12:54:16 | 000,077,824 | R--- | C] () -- C:\WINDOWS\SCCP.dll [2007/06/07 12:54:15 | 000,032,768 | R--- | C] () -- C:\WINDOWS\shinitpci.dll [2007/06/07 12:54:14 | 000,954,368 | R--- | C] () -- C:\WINDOWS\SHP_A3.dll [2007/06/07 12:54:13 | 000,094,271 | R--- | C] () -- C:\WINDOWS\ShReco.dll [2007/06/07 12:54:12 | 000,167,936 | R--- | C] () -- C:\WINDOWS\Ss7Server.dll [2007/06/07 12:54:12 | 000,102,400 | R--- | C] () -- C:\WINDOWS\tCAP.dll [2007/06/07 12:54:11 | 000,114,688 | R--- | C] () -- C:\WINDOWS\tcpServer.dll [2007/05/17 16:54:07 | 000,000,220 | -HS- | C] () -- C:\WINDOWS\dwin.sys [2007/05/16 01:04:43 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll [2007/05/13 09:36:04 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\2397274F65.sys [2007/05/13 09:29:10 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007/04/23 10:28:27 | 000,001,391 | ---- | C] () -- C:\WINDOWS\VBOSS.INI [2007/04/23 10:28:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\UnzipCtrl.dll [2007/04/23 10:28:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\ZipCtrl.dll [2007/03/24 03:10:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini [2007/03/23 21:26:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini [2007/03/23 21:24:28 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini [2007/03/23 21:23:57 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini [2007/03/23 21:23:44 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini [2007/03/23 21:22:41 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2007/01/03 11:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007/01/03 11:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007/01/03 11:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2006/09/18 13:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini [2006/09/18 13:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll [2006/04/23 09:36:58 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\js32T.dll [2006/03/23 07:36:59 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006/03/23 06:56:54 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS [2006/03/23 05:41:59 | 000,041,469 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2006/03/22 21:35:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005/05/25 07:02:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2005/05/25 07:02:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2005/05/25 07:02:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2005/05/25 07:02:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005/05/25 07:02:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2005/05/25 07:02:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2003/04/18 08:42:00 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\see32.dll [2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [color=#E56717]========== LOP Check ==========[/color] [2007/03/25 08:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acoustica [2006/03/23 05:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ispnews [2007/06/01 18:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\net.dacons.mail.it [2007/09/22 07:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nikon [2007/06/17 11:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pixmantec [2007/06/19 09:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird [2007/10/16 11:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search [2009/05/20 10:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica [2008/02/04 11:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications [2008/09/27 16:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSVideoBurner [2009/03/08 12:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cadsoft [2009/05/19 09:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2009/11/20 11:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DivoGames [2010/01/10 08:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts [2009/03/18 02:48:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2009/05/19 08:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure [2009/11/12 16:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FarmFrenzy3 [2009/09/24 17:55:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg [2009/11/08 15:02:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft [2009/06/10 05:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions [2009/12/03 09:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kristanix Games [2009/03/14 19:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro [2010/04/01 15:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS [2009/07/06 16:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\page [2009/08/09 05:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2008/01/01 11:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard [2010/01/05 16:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmallFunFarkle [2010/07/25 16:11:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SoftPerfect [2008/11/22 15:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony [2009/07/05 13:30:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Speedbit [2009/05/19 09:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10 [2010/08/08 20:19:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2007/09/09 23:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2009/01/30 09:30:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent [2010/08/08 21:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\X-Setup Pro [2009/07/31 17:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danyell Scott\Application Data\Orbit [2009/07/31 17:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Evans\Application Data\F-Secure [2009/08/01 11:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Evans\Application Data\Orbit [2009/07/31 14:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan Scott\Application Data\Orbit [2009/05/20 10:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Acoustica [2009/05/11 11:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\aignes [2009/07/06 16:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Ashampoo [2008/12/30 16:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\bang [2009/07/30 06:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Clone2Go Video Converter Free Version [2010/08/08 20:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\CloneSpy [2009/04/24 09:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\deskUNPDF [2009/11/16 22:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\DivoGames [2010/08/09 00:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\DMCache [2009/09/25 05:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\F-Secure [2010/01/23 11:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Farming Extreme [2008/09/30 09:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1 [2009/06/26 03:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\FrostWire [2009/02/05 19:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\GarageGames [2009/02/10 17:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\GrabPro [2009/06/17 23:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\gtk-2.0 [2010/08/09 00:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\IDM [2009/07/08 15:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\ImgBurn [2008/12/10 11:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\IrfanView [2009/08/03 16:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\ISP Monitor [2009/12/25 12:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\JewelMatch2 [2009/02/09 16:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\LimeWire [2009/05/13 09:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Megaupload [2009/12/11 15:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\mjusbsp [2010/08/08 19:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Movienizer [2009/06/13 06:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Moyea [2009/02/03 11:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\muvee Technologies [2009/03/22 06:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Nikon [2009/05/18 10:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\OfficeUpdate12 [2009/07/05 08:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Opera [2009/12/06 12:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Orbit [2009/02/11 09:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Participatory Culture Foundation [2009/05/09 15:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\PCF-VLC [2009/02/10 02:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\PPMate [2009/04/28 05:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\SanDisk [2008/11/07 12:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\SmartDraw [2009/03/13 17:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Sony [2009/03/13 16:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Sony Setup [2010/06/15 10:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\SystemRequirementsLab [2010/05/02 18:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\TS3Client [2010/08/08 20:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\UNOUndercover [2009/03/08 13:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Windows Search [2008/08/02 20:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\WinPatrol [2010/08/08 21:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\X-Setup Pro [2009/11/14 10:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\YoudaGames [2010/07/25 01:43:11 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job [2010/07/28 15:04:03 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color] [2002/07/24 05:00:00 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe [2002/07/24 05:00:00 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe [2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [color=#A23BEC]< MD5 for: SVCHOST.EXE >[/color] [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe [2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe [2006/02/28 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2006/02/28 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2006/02/28 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:059167AF @Alternate Data Stream - 37 bytes -> C:\Documents and Settings\Renee Evans\Desktop\OTL.scr:FS_dl_url @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CEB1746D @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A26AFC00 @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F59BA980 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D2892D9 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:43C9D140 @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 < End of report >