Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus: Worm.Win32.NetSky 2/2011

Started by Matt633rle , Feb 22 2011 08:38 AM

  • This topic is locked This topic is locked

#1
Matt633rle
Posted 22 February 2011 - 08:38 AM

Matt633rle

    Member

  • Member
  • PipPip
  • 50 posts
As indicated, I have this virus (found by Windows Security) on my XP Pro. "Worm.Win32.NetSky".

I contacted my AnitVirus Software company (FSecure)and we worked 9 hours. They worked on my computer thru the internet (follow me).. and was still unable to open any program.. to remove the software.

I downloaded.. and ran.. "ResuceCD" from FSecure.. (which ran from CD after a power up of my system) and that also, was unable to find, remove or repair.



I have followed " Malware Removal Tools Won't Run Tutorial " instructions completely, and I still cannot run the "MBAM".

I ran "SUPERAntiSpyware Portable Scanner" and it begins to run... but then it stops.
As this software began to run... it indicated "Trojan.Dropper/SVCHost-Fake"... then shortly after this (as it was continuing to scan the register)... it stopped.

So, I am not sure which "virus" I may have... either "Trojan.Dropper/SVCHost-Fake"... or "Worm.Win32.NetSky".

Either way.. I am still... unable to remove or correctly identify what virus I may have. This is the 4th day.

Please help me.. I will stay on this site.. and watch for a response to this request.

Sincerely, Thank you.
  • 0

Advertisements

#2
Essexboy
Posted 22 February 2011 - 11:48 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi do you have the ability to burn a CD ?

Please print these instruction out so that you know what you are doing

The latest version is v3.1.44.2

OTLPENet.exe
MD5=FD767330715266A06F2DA6C9E8BD5471
Size: 127,226,341b / 121.3MB

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Download the attached scan.txt to a USB drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :D

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Double click the Custom scans and fixes box
  • In the dialogue locate the scan.txt you have on the USB
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
Matt633rle
Posted 22 February 2011 - 12:36 PM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Yes.. I can burn CDs.. I am working on another computer beside the one that has the virus...

I have downloaded OTH & OTL.. they won't work. Will follow the above instructions and get back to you.. I will be here consistently today... I am also on CHAT.

Thanks again.
  • 0

#4
Essexboy
Posted 22 February 2011 - 01:59 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I will be around for the next two to three hours
  • 0

#5
Matt633rle
Posted 22 February 2011 - 02:03 PM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I don't have a "USB Jump drive".. I do however have a "USB 80G external HD".. (that I use like a jump drive).. that has the scan file on it.. however, I can not get the 80G to work in the USB ports (do you have them disabled? thru your program?)... can i download the "scan.txt" from the "REATOGO.X.PE" to the sick computer.... or... restart in safemode, transfer the "scan.txt" to the sick computer.. then restart "REATOGO" and select this file?
  • 0

#6
Essexboy
Posted 22 February 2011 - 02:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes download to the sick computer and then use reatogo to run it
  • 0

#7
Matt633rle
Posted 22 February 2011 - 03:12 PM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Ok.. attached scan record...

OTL logfile created on: 2/22/2011 1:55:01 PM - Run
OTLPE by OldTimer - Version 3.1.44.3 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): H:\pagefile.sys 0 0O:\pagefile.sys 7678 7678 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 132.34 Gb Total Space | 100.26 Gb Free Space | 75.76% Space Free | Partition Type: NTFS
Drive D: | 32.00 Gb Total Space | 5.42 Gb Free Space | 16.95% Space Free | Partition Type: NTFS
Drive E: | 9.90 Gb Total Space | 5.31 Gb Free Space | 53.57% Space Free | Partition Type: NTFS
Drive F: | 6.14 Gb Total Space | 4.88 Gb Free Space | 79.48% Space Free | Partition Type: NTFS
Drive G: | 137.99 Gb Total Space | 135.08 Gb Free Space | 97.89% Space Free | Partition Type: NTFS
Drive H: | 156.75 Gb Total Space | 48.40 Gb Free Space | 30.88% Space Free | Partition Type: NTFS
Drive I: | 138.42 Gb Total Space | 53.54 Gb Free Space | 38.68% Space Free | Partition Type: NTFS
Drive X: | 436.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (prtgwatchservice)
SRV - File not found [Disabled] -- -- (PRTGService)
SRV - File not found [Auto] -- -- (hpqddsvc)
SRV - File not found [On_Demand] -- -- (hpqcxs08)
SRV - [2010/07/30 14:09:01 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/26 17:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/07/24 12:24:29 | 000,057,008 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Program Files\F-Secure Internet Security\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2009/10/14 07:05:26 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand] -- C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/07/09 04:34:54 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/07/09 04:31:20 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/05/12 16:12:14 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006/11/02 21:40:12 | 000,174,656 | ---- | M] () [Disabled] -- C:\Program Files\Common Files\Protexis\License Service\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (winachsf)
DRV - File not found [Kernel | Boot] -- -- (sptd)
DRV - File not found [Kernel | System] -- -- (SASKUTIL)
DRV - File not found [Kernel | System] -- -- (SASDIFSV)
DRV - File not found [Kernel | Auto] -- -- (mdmxsdk)
DRV - File not found [Kernel | On_Demand] -- -- (htsxhci)
DRV - File not found [Kernel | On_Demand] -- -- (HSFHWBS2)
DRV - File not found [Kernel | On_Demand] -- -- (HSF_DPV)
DRV - [2010/08/12 12:07:33 | 000,124,072 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2010/07/20 17:36:48 | 000,041,256 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fsbts.sys -- (fsbts)
DRV - [2009/08/03 17:45:11 | 000,038,976 | ---- | M] (microOLAP Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\drivers\pssdk42.sys -- (PSSDK42)
DRV - [2009/07/09 04:34:18 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System] -- C:\Program Files\F-Secure Internet Security\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/07/09 04:33:14 | 000,080,000 | ---- | M] (F-Secure Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\fsdfw.sys -- (FSFW)
DRV - [2009/07/09 04:31:24 | 000,039,776 | ---- | M] () [Kernel | Disabled] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/07/09 04:31:24 | 000,025,184 | ---- | M] () [Kernel | Disabled] -- C:\Program Files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2009/02/25 21:22:12 | 000,008,704 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2009/02/25 21:22:12 | 000,003,072 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2008/11/25 03:35:54 | 000,211,496 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\Si3114r5.sys -- (Si3114r5)
DRV - [2008/11/25 03:35:54 | 000,012,200 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2008/10/09 17:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/09/18 01:55:00 | 006,132,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/08/20 20:27:36 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2008/08/20 20:27:08 | 000,074,280 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SI3112.sys -- (SI3112)
DRV - [2008/07/30 22:48:28 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 14:49:00 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/08/29 05:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2007/08/22 04:16:40 | 000,096,384 | R--- | M] (Dynex ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/06/29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/05/25 16:22:30 | 000,083,552 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2007/04/05 12:55:16 | 000,046,112 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2006/12/17 18:23:04 | 000,005,248 | --S- | M] (ACE CAD Enterprise Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DigimHID.SYS -- (DigimHID)
DRV - [2006/09/14 07:25:38 | 000,059,184 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ShdUsbWdm.sys -- (ShUsbDrv)
DRV - [2006/02/28 07:00:00 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde)
DRV - [2005/12/09 03:48:40 | 004,123,136 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/21 20:28:30 | 000,209,536 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\m5288.sys -- (m5288)
DRV - [2005/07/01 17:48:42 | 000,043,008 | ---- | M] (D-Link ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dlkfet5b.sys -- (FETNDISB)
DRV - [2005/06/20 01:47:58 | 000,006,016 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ALLOW-IO.SYS -- (ALLOW-IO)
DRV - [2005/06/02 20:59:12 | 000,084,159 | ---- | M] (ULi Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\AliEhci.sys -- (ALIEHCD)
DRV - [2005/06/02 19:53:06 | 000,009,673 | ---- | M] (ULi Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AliGP.sys -- (aligp)
DRV - [2005/06/02 19:27:58 | 000,005,318 | ---- | M] (ULi Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AliRtHub.sys -- (aliroothub)
DRV - [2005/03/10 09:42:00 | 000,227,584 | ---- | M] (D-Link Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\m4cxw2k3.sys -- (m4cxw2k3)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/19 02:30:52 | 000,067,200 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\SI3132.sys -- (SI3132)
DRV - [2004/11/17 21:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/19 09:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/31 13:58:46 | 000,069,504 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/10/01 18:44:00 | 000,031,744 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IcdSX.sys -- (ICDSX) Sony IC Recorder (SX)
DRV - [2001/08/17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Danyell_Scott_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\David_Evans_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Devan_Scott_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Renee_Evans_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Renee_Evans_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Renee_Evans_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:0.7.5.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.0.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.57
FF - prefs.js..extensions.enabledItems: [email protected]:0.3
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.7.7
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..network.proxy.autoconfig_url: "http://wpad.wildblue...e.com/wpad.bat"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\F-Secure Internet Security\NRS\[email protected] [2010/07/24 12:27:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: I:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/08 14:10:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/09 06:26:00 | 000,000,000 | ---D | M]

[2008/10/11 16:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2008/10/11 16:57:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2009/03/13 14:54:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9rin6e0g.default\extensions
[2008/08/01 07:16:43 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9rin6e0g.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2008/07/31 12:50:49 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9rin6e0g.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/07/31 12:58:56 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9rin6e0g.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2008/08/01 07:16:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9rin6e0g.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2008/07/31 12:50:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9rin6e0g.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/07/31 12:50:48 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9rin6e0g.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/08/01 07:16:42 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9rin6e0g.default\extensions\[email protected]
[2008/06/28 11:22:43 | 000,001,712 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9rin6e0g.default\searchplugins\askcom.xml
[2007/05/03 05:15:22 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9rin6e0g.default\searchplugins\businesscom.xml
[2008/05/26 19:08:45 | 000,001,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\9rin6e0g.default\searchplugins\live-search.xml
[2010/08/09 06:26:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/01/27 11:44:24 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/06/28 04:00:43 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2007/03/05 15:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2007/03/09 13:35:00 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll

O1 HOSTS File: ([2008/07/31 12:29:00 | 000,257,517 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8953 more lines...
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)
O3 - HKU\Renee_Evans_ON_C\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2009/08/05 16:44:59 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Renee Evans\Start Menu\Programs\Startup\AutorunsDisabled [2009/08/01 13:18:30 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Danyell_Scott_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\Danyell_Scott_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\Danyell_Scott_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\David_Evans_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\David_Evans_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\David_Evans_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Devan_Scott_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\Devan_Scott_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\Devan_Scott_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\QBDataServiceUser19_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\QBDataServiceUser19_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\QBDataServiceUser19_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Renee_Evans_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\Renee_Evans_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\Renee_Evans_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Renee_Evans_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Renee_Evans_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_15.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\F-Secure Internet Security\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - F:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - File not found
O20 - Winlogon\Notify\AutorunsDisabled: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/29 19:47:16 | 000,000,030 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{926d5314-9416-11dd-9cc1-00012e15d9da}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{926d5314-9416-11dd-9cc1-00012e15d9da}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{926d5314-9416-11dd-9cc1-00012e15d9da}\Shell\phone\command - "" = F:\autorun.exe
O33 - MountPoints2\{adc118a6-e04b-11db-acfb-00508d917600}\Shell - "" = AutoRun
O33 - MountPoints2\{adc118a6-e04b-11db-acfb-00508d917600}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adc118a6-e04b-11db-acfb-00508d917600}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{adc118a8-e04b-11db-acfb-00508d917600}\Shell - "" = AutoRun
O33 - MountPoints2\{adc118a8-e04b-11db-acfb-00508d917600}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{adc118a8-e04b-11db-acfb-00508d917600}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{fb7817a6-20d7-11dc-ab7f-00195b6a3344}\Shell\AutoRun\command - "" = H:\JDSecure\Windows\JDSecure31.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (native.exe) - C:\WINDOWS\System32\Native.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

MsConfig - Services: "LightScribeService"
MsConfig - Services: "iPod Service"
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: DWQueuedReporting - hkey= - key= - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Renee Evans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AVG Anti-Spyware Driver - Driver
SafeBootMin: AVG Anti-Spyware Guard - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AVG Anti-Spyware Driver - Driver
SafeBootNet: AVG Anti-Spyware Guard - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {355AD171-6294-4265-95EC-741E081E98F3} - Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} -
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Yahoo! Messenger
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

========== Files/Folders - Created Within 30 Days ==========

[2011/02/21 16:28:24 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2011/02/19 09:46:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/06/29 15:47:20 | 001,469,952 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Documents and Settings\Renee Evans\Application Data\tsdnwin.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/22 15:34:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/22 15:34:08 | 000,000,616 | ---- | M] () -- C:\WINDOWS\System32\reimage.rep
[2011/02/22 15:25:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/17 14:26:09 | 000,000,439 | RHS- | M] () -- C:\boot.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/08 22:53:20 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/26 16:27:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\eubakup.sys
[2010/04/29 09:22:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\idmmbc.dll
[2010/01/12 16:43:19 | 000,397,819 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\farm.bmp
[2010/01/12 16:26:51 | 000,009,283 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\settings.dat
[2009/07/31 19:44:29 | 000,000,049 | ---- | C] () -- C:\Documents and Settings\David Evans\Application Data\AVSMediaPlayer.m3u
[2009/07/31 19:32:58 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\David Evans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/31 16:47:58 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Danyell Scott\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/30 18:25:10 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/07/30 18:25:07 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/07/30 18:23:35 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/07/30 18:23:34 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/07/30 18:23:27 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/07/07 12:53:41 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\burnaware.ini
[2009/06/20 08:48:36 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\Renee Evans\.recently-used.xbel
[2009/06/13 07:08:47 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\hdkernel.dll
[2009/06/12 21:37:54 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/06/06 09:39:02 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009/06/06 09:39:01 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009/06/06 09:39:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/05/19 10:59:52 | 000,041,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2009/05/13 12:36:46 | 000,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2009/05/11 14:10:39 | 000,000,264 | ---- | C] () -- C:\WINDOWS\reimage.ini
[2009/05/07 20:34:27 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Renee Evans\a.exe
[2009/05/02 17:03:48 | 001,380,403 | ---- | C] () -- C:\WINDOWS\System32\avgsdk.dll
[2009/03/22 09:19:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\AVSMediaPlayer.m3u
[2009/03/22 09:16:16 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/22 09:16:16 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/22 08:43:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\Frameworks
[2009/03/07 11:47:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DllInfs.INI
[2009/03/07 11:46:57 | 000,291,328 | ---- | C] () -- C:\WINDOWS\System32\o2pse.dll
[2009/02/19 17:44:55 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\RPVersion.ini
[2009/01/30 20:14:08 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2008/12/08 15:39:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Renee Evans\PUTTY.RND
[2008/12/06 20:25:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Renee Evans\debug.txt
[2008/11/29 15:50:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlsz.INI
[2008/11/29 11:42:01 | 000,000,239 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\default.rss
[2008/11/28 07:31:36 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/11/06 11:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/10/12 15:37:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Ÿ9Ÿ9
[2008/09/30 09:02:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2008/09/30 09:02:19 | 000,000,359 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2008/09/30 07:13:07 | 000,002,917 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\PatchUpdate_InstantShareJPG.log
[2008/09/30 07:01:59 | 000,003,721 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Application Data\PatchUpdate_IZClosingDiscError.log
[2008/08/03 10:53:34 | 000,008,186 | ---- | C] () -- C:\Documents and Settings\Renee Evans\resetlog.ext
[2008/07/21 06:51:37 | 000,303,104 | ---- | C] () -- C:\WINDOWS\spy.dll
[2008/07/21 06:51:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\vxddll.dll
[2008/07/21 06:51:36 | 000,471,040 | ---- | C] () -- C:\WINDOWS\dbengine.dll
[2008/07/21 06:51:36 | 000,245,760 | ---- | C] () -- C:\WINDOWS\dialogs.dll
[2008/07/21 06:51:36 | 000,180,224 | ---- | C] () -- C:\WINDOWS\keyboard.dll
[2008/07/21 06:51:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\guidll.dll
[2008/07/21 06:51:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\hook.dll
[2008/07/21 06:51:36 | 000,032,768 | ---- | C] () -- C:\WINDOWS\commhook.dll
[2008/07/21 06:51:36 | 000,020,480 | ---- | C] () -- C:\WINDOWS\commque.dll
[2008/02/04 20:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/12/18 09:49:04 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/22 18:36:26 | 000,126,976 | R--- | C] () -- C:\WINDOWS\ShdPci.dll
[2007/10/22 18:36:25 | 000,114,688 | R--- | C] () -- C:\WINDOWS\ShdUsb.dll
[2007/10/22 18:36:17 | 000,059,184 | R--- | C] () -- C:\WINDOWS\System32\drivers\ShdUsbWdm.sys
[2007/10/19 10:23:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Mswrkdmk.dll
[2007/10/19 10:21:55 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\Hlinkprx.dll
[2007/10/19 10:19:51 | 000,000,791 | ---- | C] () -- C:\WINDOWS\ssce.ini
[2007/10/19 10:15:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\mousehook.dll
[2007/10/16 18:09:03 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2007/09/26 12:42:58 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Renee Evans\Local Settings\Application Data\fusioncache.dat
[2007/09/10 01:10:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Frameworks
[2007/08/14 08:09:15 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\vusetup.dll
[2007/07/31 03:34:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2007/07/30 19:11:06 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2007/07/30 19:02:25 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2007/07/30 19:02:25 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2007/06/18 13:46:50 | 000,000,313 | ---- | C] () -- C:\WINDOWS\paper2pdf.INI
[2007/06/12 00:43:09 | 000,000,152 | ---- | C] () -- C:\WINDOWS\Config.ini
[2007/06/07 14:54:19 | 000,393,290 | R--- | C] () -- C:\WINDOWS\bmputil.dll
[2007/06/07 14:54:19 | 000,159,744 | R--- | C] () -- C:\WINDOWS\IsdnNet.dll
[2007/06/07 14:54:18 | 000,176,128 | R--- | C] () -- C:\WINDOWS\IsdnUser.dll
[2007/06/07 14:54:17 | 000,049,152 | R--- | C] () -- C:\WINDOWS\MmfServer.dll
[2007/06/07 14:54:17 | 000,045,056 | R--- | C] () -- C:\WINDOWS\mtp3.dll
[2007/06/07 14:54:17 | 000,032,768 | R--- | C] () -- C:\WINDOWS\macmcvt.dll
[2007/06/07 14:54:16 | 000,077,824 | R--- | C] () -- C:\WINDOWS\SCCP.dll
[2007/06/07 14:54:15 | 000,032,768 | R--- | C] () -- C:\WINDOWS\shinitpci.dll
[2007/06/07 14:54:14 | 000,954,368 | R--- | C] () -- C:\WINDOWS\SHP_A3.dll
[2007/06/07 14:54:13 | 000,094,271 | R--- | C] () -- C:\WINDOWS\ShReco.dll
[2007/06/07 14:54:12 | 000,167,936 | R--- | C] () -- C:\WINDOWS\Ss7Server.dll
[2007/06/07 14:54:12 | 000,102,400 | R--- | C] () -- C:\WINDOWS\tCAP.dll
[2007/06/07 14:54:11 | 000,114,688 | R--- | C] () -- C:\WINDOWS\tcpServer.dll
[2007/05/17 18:54:07 | 000,000,220 | -HS- | C] () -- C:\WINDOWS\dwin.sys
[2007/05/16 03:04:43 | 000,020,992 | ---- | C] () -- C:\WINDOWS\jestertb.dll
[2007/05/13 11:36:04 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\2397274F65.sys
[2007/05/13 11:29:10 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/04/24 20:55:23 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\Administrator\default.pls
[2007/04/23 12:28:27 | 000,001,391 | ---- | C] () -- C:\WINDOWS\VBOSS.INI
[2007/04/23 12:28:12 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\UnzipCtrl.dll
[2007/04/23 12:28:12 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\ZipCtrl.dll
[2007/04/16 10:44:53 | 000,038,490 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR
[2007/04/16 10:44:13 | 000,038,486 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (DOS).ADR
[2007/03/24 05:10:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2007/03/23 23:26:25 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\HPSU_48BitScanUpdate.log
[2007/03/23 23:26:25 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2007/03/23 23:24:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\HelpFilesUpdatePatch_HELPFILEREPLACE.log
[2007/03/23 23:24:28 | 000,000,367 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log
[2007/03/23 23:24:28 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2007/03/23 23:23:57 | 000,002,974 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PatchUpdate_InstantShareJPG.log
[2007/03/23 23:23:57 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2007/03/23 23:23:44 | 000,003,805 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PatchUpdate_IZClosingDiscError.log
[2007/03/23 23:23:44 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2007/03/23 23:22:41 | 000,112,894 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2007/03/23 23:22:41 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2007/01/03 13:24:36 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 13:22:46 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 13:22:14 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/09/18 15:37:50 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx12_ic.ini
[2006/09/18 15:37:48 | 000,667,280 | ---- | C] () -- C:\WINDOWS\System32\tx12.dll
[2006/04/23 11:36:58 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\js32T.dll
[2006/03/23 10:28:25 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/23 09:36:59 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/23 08:56:54 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2006/03/23 07:57:30 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/03/22 23:35:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/25 09:02:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/05/25 09:02:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/05/25 09:02:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/05/25 09:02:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/05/25 09:02:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/05/25 09:02:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/04/18 10:42:00 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\see32.dll
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2007/03/25 10:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Acoustica
[2006/03/23 07:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ispnews
[2007/06/01 20:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\net.dacons.mail.it
[2007/09/22 09:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nikon
[2007/06/17 13:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Pixmantec
[2007/06/19 11:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2007/10/16 13:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2009/07/31 19:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Danyell Scott\Application Data\Orbit
[2009/07/31 19:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Evans\Application Data\F-Secure
[2009/08/01 13:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David Evans\Application Data\Orbit
[2009/07/31 16:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Devan Scott\Application Data\Orbit
[2009/05/20 12:34:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Acoustica
[2009/05/11 13:02:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\aignes
[2009/07/06 18:12:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Ashampoo
[2008/12/30 18:38:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\bang
[2009/05/13 16:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\BlinkoTvAir.D8ABBB8B5913CE95C170D57FCA2CA8CDE7219937.1
[2009/07/30 08:23:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Clone2Go Video Converter Free Version
[2010/08/08 22:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\CloneSpy
[2009/04/24 11:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\deskUNPDF
[2009/11/17 00:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\DivoGames
[2010/08/09 02:20:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\DMCache
[2009/09/25 07:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\F-Secure
[2010/01/23 13:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Farming Extreme
[2008/09/30 11:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2009/06/26 05:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\FrostWire
[2009/02/05 21:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\GarageGames
[2009/02/10 19:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\GrabPro
[2009/06/18 01:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\gtk-2.0
[2010/08/09 02:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\IDM
[2009/07/08 17:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\ImgBurn
[2008/12/10 13:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\IrfanView
[2009/08/03 18:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\ISP Monitor
[2009/12/25 14:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\JewelMatch2
[2009/02/09 18:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\LimeWire
[2009/05/13 11:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Megaupload
[2009/12/11 17:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\mjusbsp
[2010/08/08 21:23:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Movienizer
[2009/06/13 08:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Moyea
[2009/02/03 13:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\muvee Technologies
[2009/03/22 08:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Nikon
[2009/05/18 12:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\OfficeUpdate12
[2009/07/05 10:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Opera
[2009/12/06 14:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Orbit
[2009/02/11 11:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Participatory Culture Foundation
[2009/05/09 17:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\PCF-VLC
[2009/02/10 04:32:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\PPMate
[2009/04/28 07:02:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\SanDisk
[2008/11/07 14:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\SmartDraw
[2009/03/13 19:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Sony
[2009/03/13 18:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Sony Setup
[2010/06/15 12:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\SystemRequirementsLab
[2010/05/02 20:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\TS3Client
[2010/08/08 22:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\UNOUndercover
[2009/03/08 15:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\Windows Search
[2008/08/02 22:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\WinPatrol
[2010/08/08 23:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\X-Setup Pro
[2009/11/14 12:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Renee Evans\Application Data\YoudaGames
[2010/07/25 03:43:11 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2010/07/28 17:04:03 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/02/19 09:49:23 | 004,136,925 | ---- | M] () -- C:\action.log
[2010/07/30 08:40:23 | 000,655,360 | ---- | M] () -- C:\alertlog.dat
[2002/07/24 07:00:00 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe
[2002/07/24 07:00:00 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe
[2008/11/29 19:47:16 | 000,000,030 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2011/02/17 14:26:09 | 000,000,439 | RHS- | M] () -- C:\boot.ini
[2010/06/29 05:59:56 | 000,016,257 | ---- | M] () -- C:\Casey.docx
[2010/07/19 11:50:04 | 000,002,034 | ---- | M] () -- C:\cc_20100719_105001.reg
[2010/07/23 21:15:34 | 000,067,078 | ---- | M] () -- C:\cc_20100723_201529.reg
[2010/07/25 15:48:18 | 000,003,910 | ---- | M] () -- C:\cc_20100725_144809.reg
[2010/08/08 09:41:27 | 000,173,008 | ---- | M] () -- C:\cc_20100808_084123.reg
[2010/08/08 09:41:50 | 000,008,134 | ---- | M] () -- C:\cc_20100808_084146.reg
[2010/08/08 09:42:04 | 000,000,816 | ---- | M] () -- C:\cc_20100808_084201.reg
[2010/08/08 18:25:11 | 000,003,290 | ---- | M] () -- C:\cc_20100808_172506.reg
[2010/08/08 18:25:30 | 000,005,202 | ---- | M] () -- C:\cc_20100808_172526.reg
[2008/11/29 19:47:16 | 000,000,046 | -H-- | M] () -- C:\CONFIG.SYS
[2010/08/13 14:43:34 | 000,000,008 | ---- | M] () -- C:\DFIMB.DAT
[2010/07/26 16:17:03 | 000,000,943 | ---- | M] () -- C:\EASEUS Todo Backup 1.1.lnk
[2010/01/05 12:18:29 | 000,000,844 | ---- | M] () -- C:\Eusing Regcleaner.lnk
[2010/01/05 13:24:08 | 000,000,742 | ---- | M] () -- C:\Eusing Registry Defrag.lnk
[2010/07/24 12:27:20 | 000,001,014 | ---- | M] () -- C:\F-Secure Internet Security 2010.lnk
[2008/11/29 16:45:20 | 000,000,164 | ---- | M] () -- C:\Fax.lnk
[2010/12/25 11:12:05 | 000,003,244 | ---- | M] () -- C:\HPDIU.log
[2006/03/23 06:48:24 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/13 19:11:46 | 000,018,321 | ---- | M] () -- C:\LU4.log
[2009/10/07 09:17:13 | 000,000,546 | ---- | M] () -- C:\Movienizer.lnk
[2006/03/23 06:48:24 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/06/17 07:09:57 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/12 11:54:36 | 006,733,102 | ---- | M] () -- C:\old action.log
[2010/05/02 10:56:12 | 000,031,429 | ---- | M] () -- C:\packetlog.0
[2010/07/26 17:07:07 | 000,000,024 | ---- | M] () -- C:\packetlog.1
[2009/12/07 12:07:46 | 000,000,000 | ---- | M] () -- C:\rtmp.log
[2009/12/01 03:27:18 | 000,000,556 | ---- | M] () -- C:\Shortcut to BOXEE.exe.lnk
[2009/08/03 17:51:25 | 000,000,678 | ---- | M] () -- C:\Shortcut to networx.exe.lnk
[2007/12/29 17:38:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/12/29 17:38:59 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm


< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SFC.DLL >
[2008/04/13 19:12:05 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=96E1C926F22EE1BFBAE82901A35F6BF3 -- C:\WINDOWS\ServicePackFiles\i386\sfc.dll
[2008/04/13 19:12:05 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=96E1C926F22EE1BFBAE82901A35F6BF3 -- C:\WINDOWS\system32\dllcache\sfc.dll
[2008/04/13 19:12:05 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=96E1C926F22EE1BFBAE82901A35F6BF3 -- C:\WINDOWS\system32\sfc.dll
[2006/02/28 07:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=E8A12A12EA9088B4327D49EDCA3ADD3E -- C:\WINDOWS\$NtServicePackUninstall$\sfc.dll

< MD5 for: USERINIT.EXE >
[2006/02/28 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006/02/28 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< End of report >

Attached Files

  • Attached File  OTL.Txt   128.52KB   547 downloads

  • 0

#8
Essexboy
Posted 22 February 2011 - 04:08 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

THEN from normal mode retry Malwarebytes
  • 0

#9
Matt633rle
Posted 22 February 2011 - 04:10 PM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok... be right back
  • 0

#10
Matt633rle
Posted 22 February 2011 - 05:25 PM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Ok, attached is the xxx.log file. I did restart in "normal mode"... the "virus started".. I shut it down right away... Installed a new copy of "malwarebytes", updated its database, started the "quick scan"... and it shut itself down...

Next? Posted Image

Attached Files


  • 0

Advertisements

#11
Matt633rle
Posted 22 February 2011 - 06:17 PM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I need to call it quits for tonight, hubby is home & wants dinner... see ya tomorrow...

Thank you so much!
  • 0

#12
Matt633rle
Posted 23 February 2011 - 10:16 AM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I am back for the rest of the day, to resume cleaning this virus from my computer...

When your ready... let me know..

Thank you..
  • 0

#13
Essexboy
Posted 23 February 2011 - 11:46 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK this is a weird one as I cannot see now where it can be starting from so lets cast the net a bit wider

Again download this scan.txt and do the same as previous, delete the old scan.txt first so that there is no confusion. This one will look in a few different areas.


  • 0

#14
Essexboy
Posted 23 February 2011 - 11:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK there is another option that is being trialled at the moment

Download rogue killer from here to your desktop

Run the programme in normal mode - you may need to try this several times, any popups from the virus leave open do not close them



Press 1 on this screen and a notepad will open please post that
  • 0

#15
Matt633rle
Posted 23 February 2011 - 12:22 PM

Matt633rle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Ok.. I will follow thru as indicated... My thought....

If I re-start from scratch (and use the new scan file).... then when it gets to the point of "start in normal mode... and run Malwarebytes".... how about if I start in "safemode- w/networking"?....

I am afraid.. because the virus was able to start it self... when I "started in normal mode"... to run malwarebytes... ... it ruined all the previous work we had done...

What are your thoughts?..... Meanwhile.. I will follow thru with your latest instructions....

Thanks
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP